TechSpot

Tutorial: File sharing XP to Non-XP systems

By jobeard
Mar 15, 2008
  1. Non-XP systems will be using SAMBA as the connection technique for file/print sharing
    (ie: ports 139,445 and lmhost v1 authentication)

    XP (and Vista) have two authentication techniques
    LMHASH and NTHASH

    SAMBA access will require LMHOST V1 authentication
    (it is possible to use V2 *if* all non-windows systems support V2)

    Windows XP/Pro or Vista/Ultimate users who have set the Global Policy
    Network security: Do not store LAN Manager hash value on next password change​
    located at
    Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options​

    will not be able to use filesharing to non-windows systems.

    The alternative tecnhnique is a regedit

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    click Add Key, type NoLMHash, and then press ENTER.
    The GPO is preferrable, but XP/Home users must use this regedit to inhibit LMHASH

    While it is true that setting this policy enhances the Windows security, it has a negative effect
    on Sharing to non-Windows systems.

    see the Microsoft KB article
    http://support.microsoft.com/kb/299656

    btw: this policy also stops LMHASH password cracking
    so you choose Security and no sharing or Sharing and compromised security
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    On a side note:

    I confirm that LMHASH cracking on this security entry (and also on encrypted drives) can cause more ill effect. And therefore may not be the wisest choice of offered support in this. (sadly :( )
    Mind you, if you had mentioned that earlier, I would have agreed from the start.

    BTW I'm still confused why Vista (sometimes) has issues with shared drives/printers on Xp :confused: But that's not this thread's relevance.
     
  3. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,474   +329

    I'm not 100% sure of the 'combination to this lock' myself -- there are sever new techniques
    and the settings are not readily obvious. Without a copy of Vista, I can't play with the
    network or the GPO/Security options other than to read MS KB articles.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.