We have 4 computers here in our office, that all run XP. The main system runs our accoutnign software, Peachtree, and has a mapped drive, P, that we all use to acces the data files. Recently, the main system got infected with XP Antivirus 2008, and we lost power to our building over the weekend. coming in, the Pc BSOd with winlogin.exe error. I did a repair installation of XP, then deleted the AV2008 with Malwarebytes program. I then rebooted, and reinstalled SP3. The other 3 computers now, get an access is denied error when trying to connect to the mapped drive on the main computer. I have looked at permissions, and given full access to everyone, and actually removed and reinstalled Peachtee to get this to work. Still not working, and the Dell tech( thats what Pc we have) was stumped and was lookign up stuff while I was on phone with him on the Technect site for MS. Any idead what could fix this, or do I need to do a complete resintall from scratch?
Help with mapped drives and XP AV 2008
- Thread starter dbole007
- Start date
- Status
Hey I was a Dell tech once, but I haven't told many that!
Try this:
Check the Shell value for Winlogon in your registry. Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
should show:
Shell REG_SZ explorer.exe
Or download this tool: http://www.dougknox.com/xp/utils/XP_FixLogon.zip
This utility checks for the correct GINA value in the Registry and will allow you to restore it, if its incorrect.
Try this:
Check the Shell value for Winlogon in your registry. Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
should show:
Shell REG_SZ explorer.exe
Or download this tool: http://www.dougknox.com/xp/utils/XP_FixLogon.zip
This utility checks for the correct GINA value in the Registry and will allow you to restore it, if its incorrect.
If I try to rempa the drive to say T drive, it comes up wiht same error message on the other computer, access is denied. The main computer, with the problem, has 2 other folders that are shared, and we can still see those ones, but they are not mapped to a drive letter, just shared. I did try and map one of those other folders, and was able to see it. That is what led me to remove then reinstall the peachtree application,thinking that maybe by doing that and deleting the shared mapping, would clear up the issue, but didnt help.
I do have an account with admin rights and a password, to login with. But, this does lead me to wonder, if I created a new user, with admin rights, then made that new user map the drive, if it would work then? this mapped drive folder is only one that will not work, so leads me to believe that a file was infected, or was tagged in fected, and was then deleted.
Just by the way, File and Print sharing is setup on both computers (in the network properties aren't they?
Also I once had a strange fault like this, I eventually pasword protected the actual Administrator account (accessed through Safe mode) then try to access the Folder (once the computer was back to normal mode) which then gave me a prompt please type in the username and password (which I used Administrator and password) and ticked to remember, then all was ok forever on
Also I once had a strange fault like this, I eventually pasword protected the actual Administrator account (accessed through Safe mode) then try to access the Folder (once the computer was back to normal mode) which then gave me a prompt please type in the username and password (which I used Administrator and password) and ticked to remember, then all was ok forever on
the admin account does have a password on it, well the account that has administrator rights. Are you saying , put a password on the actual admin account that is the default account on the pc? BTW, I have SP3 installed, and when I did the repair installation of XP , it was SP2. Is there a way I can uninstall the SP3 update, so I can go back to SP2, then reinstall that SP, then redo the SP3 one? I looked for the SP3 uninstall folder in the windows directory, and it wasnt there, which leads me to believe that the SP3 was installed, but not fully, where it owudl leave the uninstall files in the folder under windows.
LookinAround
Posts: 6,429 +186
To be successful, the client end of the mapped drive requires network logon rights for the server, then must complete successful logon and finally its logon account permissions are applied to control its access to the resource it wants.
Why not start by trying to determine the fail point in the authenticaton/authorization steps and then check specific rights and permissions? And what setting or descriptor is causing failure. (Whcih would then guess is reason for access denied)
What type of file sharing is the server using?
Set policy on the server to audit account logons and logon events. Reboot, start things up and look at the Security Event Log. This will start by telling you how the client side is trying to logon and whether the logons are succeeding or failing at that point. (so can determine first if user logon or access pemission problem) Then can try taking it the next step from there
Why not start by trying to determine the fail point in the authenticaton/authorization steps and then check specific rights and permissions? And what setting or descriptor is causing failure. (Whcih would then guess is reason for access denied)
What type of file sharing is the server using?
Set policy on the server to audit account logons and logon events. Reboot, start things up and look at the Security Event Log. This will start by telling you how the client side is trying to logon and whether the logons are succeeding or failing at that point. (so can determine first if user logon or access pemission problem) Then can try taking it the next step from there
D
DelJo63
Just to clarify: Three client systems were unaffected and only the system with the
shared folder (mapped as P:\) was contaminated. ALL your efforts have been on the
Server System and all three clients can browse the workgroup name and see each other.
If not too late, LEAVE NTFS permissions alone -- they're the LAST thing to touch.
Start with this Vista step-by-step process (just ignore the Public/Private choice).
If you have a third party firewall, disable it and reenable the Widows version
and on the Exceptions tab, enable Print/File Sharing.
First symptom of correctness is the ability of a client to see All systems when
View Entire Network -> MS Windows network -> workgroup name (whatever you used).
Then expanding the [+] on the Server Name, you should see the shares.
NOW attempt to map the drive.
If all else fails, I'll point you to my faux pas of fouling up the GPO objects
https://www.techspot.com/vb/topic111575.html
shared folder (mapped as P:\) was contaminated. ALL your efforts have been on the
Server System and all three clients can browse the workgroup name and see each other.
If not too late, LEAVE NTFS permissions alone -- they're the LAST thing to touch.
- Redo the network setup
- disable filesharing then
- reenable filesharing
Start with this Vista step-by-step process (just ignore the Public/Private choice).
If you have a third party firewall, disable it and reenable the Widows version
and on the Exceptions tab, enable Print/File Sharing.
First symptom of correctness is the ability of a client to see All systems when
View Entire Network -> MS Windows network -> workgroup name (whatever you used).
Then expanding the [+] on the Server Name, you should see the shares.
NOW attempt to map the drive.
If all else fails, I'll point you to my faux pas of fouling up the GPO objects
https://www.techspot.com/vb/topic111575.html
LookinAround
Posts: 6,429 +186
jobeard
maybe is a matter of one's personal prefrence but....
- Turning file sharing on/off, resets, etc. - sure, of course
But i;d next want to know how the client was being authenticated to ultimately know
Always like to first find the cause and know why and see if can't fix it. Once that all fails,then i'll bring out the bulldozers!
maybe is a matter of one's personal prefrence but....
- Turning file sharing on/off, resets, etc. - sure, of course
But i;d next want to know how the client was being authenticated to ultimately know
- Did they fail because of logon issues ?(and nothing to do with access
permissions to differentiate what i'm lookin for) - And know what server account the client is trying to use (to check specific their specific logon rights)
- And know if they actually got past logon (to know the logon account used and to know its permissions to know what permission client SHOULD have to compare to the resource permissions to know what's screwing up)
Always like to first find the cause and know why and see if can't fix it. Once that all fails,then i'll bring out the bulldozers!
D
DelJo63
I like your inquisitiveness Many would like those answers.
However, there are multiple levels at which pieces are active with different requirements
and 'credentials'.
Stepwise refinement would be used to narrow (or tighten) the access, but the first
requirement is Make It Work At All This is the network layer and simple access.
For example, the Share is controlled by one login/password. That has little to do
with rights to be given to Joe vs. Mary.
For tighter controls, the NFS permissions can be used, to refine actions allowed or
denied per user, once the network access has been allowed.
Many would like those answers.However, there are multiple levels at which pieces are active with different requirements
and 'credentials'.
Stepwise refinement would be used to narrow (or tighten) the access, but the first
requirement is Make It Work At All
This is the network layer and simple access. For example, the Share is controlled by one login/password. That has little to do
with rights to be given to Joe vs. Mary.
For tighter controls, the NFS permissions can be used, to refine actions allowed or
denied per user, once the network access has been allowed.
LookinAround
Posts: 6,429 +186
i'd just like to look at it closer before wiping all evidence of it.
Actually, server access is controlled by userid.. the share access is controlled by access permissions. (i.e. if Sam has read-only access, Sam first needs logon to server. But that's userid/logon right issue)
And that logon right for Joe or Mary is VERY significant if their userid is the one being used to authenticate access. That's why you;d want to know what type of sharing the server uses and what userid the client tried for logon and THEN access
/**** EDIT *****/
I'll qualify that one statement about server access controlled by userid... that doesn't include server access just for enumeration purposes unless you start playing with the registry values like RestrictAnonymous (as you came across in your other thread i commented on). There's also RestrictNullSessions that can prevent null logons for enumeration
/**** EDIT2 *****/
wrt to stating "looking before wiping it out", that, of course, also assumes one has the luxury of time to look at the problem vs. business constraints imposed on time which might mandate "just fixing it anyway that works"
/*** Gee, and EDIT3 *****/
wrt "share permissions" meaning "effective share permissions" as unknown just what kind of sharing is being used and if Share and/or NTFS permissioning applies
D
DelJo63
oops; responded to the wrong thread; please excuse me.
LookinAround
Posts: 6,429 +186
I'm not looking for any type of match either. Just offering assistance when can and exchange of technical info. there;s no other intent if you;ve read anything into any msg (in either thread)
Is my understanding of client/server logon and have found that approach helpful (only applied in peer-to-peer testing but i understand the logon/authenticatgion process is still valid for domains.. just that authentication has to be handled by by another system, possibly)
hope to continue an exchange
and if OP wants can discuss a test
/****** EDIT ******/
Though certainly try re-setting file sharing per joebeard's posts first and some more info below
And to offer my understanding of the data flow for the client/server process:
- To my knowledge, when an MS client issues a server request, the user credentials from the client side are included in the request
- The server may authenticate the request as Guest (regardless of userid id)
- or may apply User Authentication (using the actual id)
- And if it's Classic File Sharing it may, in fact, attempt both (first User Authentication and if that fails then Guest Authentication).
- So given all that, i've found it extremely helpful to understand how the client is actually trying to logon the server (i.e. what userid) and how the server is actually authenticating that client userid and the result of that authentication attempt (and to see if the server is re-attempting with Guest) . Once knowing the userid that worked for authentication one also knows permissions. All of which helped me narrow the cause from a very wide set to choose from when getting a "Denied Access" message
Is my understanding of client/server logon and have found that approach helpful (only applied in peer-to-peer testing but i understand the logon/authenticatgion process is still valid for domains.. just that authentication has to be handled by by another system, possibly)
hope to continue an exchange
and if OP wants can discuss a test
/****** EDIT ******/
Though certainly try re-setting file sharing per joebeard's posts first and some more info below
And to offer my understanding of the data flow for the client/server process:
- To my knowledge, when an MS client issues a server request, the user credentials from the client side are included in the request
- The server may authenticate the request as Guest (regardless of userid id)
- or may apply User Authentication (using the actual id)
- And if it's Classic File Sharing it may, in fact, attempt both (first User Authentication and if that fails then Guest Authentication).
- So given all that, i've found it extremely helpful to understand how the client is actually trying to logon the server (i.e. what userid) and how the server is actually authenticating that client userid and the result of that authentication attempt (and to see if the server is re-attempting with Guest) . Once knowing the userid that worked for authentication one also knows permissions. All of which helped me narrow the cause from a very wide set to choose from when getting a "Denied Access" message
LookinAround
Posts: 6,429 +186
Hey. Congrats. Glad to hear you have it working again! :grinthumb
and just a clarification:
- A computer which owns and controls a shared resource (like a mapped drive other machines access) is a server in Windows terminolgoy.
- All the computers accessing it are the clients
- A single computer can be both a client and server if it shares its own resources and also requests access from other machines
In this case, more a transient term for the roles played in client/server data flow.
and just a clarification:
- A computer which owns and controls a shared resource (like a mapped drive other machines access) is a server in Windows terminolgoy.
- All the computers accessing it are the clients
- A single computer can be both a client and server if it shares its own resources and also requests access from other machines
In this case, more a transient term for the roles played in client/server data flow.
I am the old school techs where a server to me is a standalone system that no one uses for anything. I was just clarifying, cause didnt know if I had maybe not explained it clearly, but I guess I did and wasnt really paying attention myself. Hated to redo everything, but was time critical, so now am backing the new system up with ghost. Not sure if anyone else has seen big difference, but , I like the old ghost better than the new ones they been putting out.. Might have to try Acronis for my backup solution.
I like Ghost 2003
The only reason I don't like Acronis is because some Acronis files are stored in the image, whereas the older Ghost (used in Dos) doesn't (other than marking the disk to be used with Ghost)
If you are from "old school" you would agree that the external program should not make these intrusive allowances. But no one minds any more.
The only reason I don't like Acronis is because some Acronis files are stored in the image, whereas the older Ghost (used in Dos) doesn't (other than marking the disk to be used with Ghost)
If you are from "old school" you would agree that the external program should not make these intrusive allowances. But no one minds any more.
LookinAround
Posts: 6,429 +186
good ya got all working again.
and, yea, lots of people when hearing the word "server" have an image of some big dedicated hot server running on a network (vs just being a simple term implying just a "role")
by the way, was curious.. if i recall correctly (didn't look back through) it was the main pc runnning xp pro that "owned" the shared drive? What type of sharing is it configured? Still curious from my first question...
(and, btw, i am a big Acronis fan. True Image and Disk Director Suite and also worked well for me....)
and, yea, lots of people when hearing the word "server" have an image of some big dedicated hot server running on a network (vs just being a simple term implying just a "role")
by the way, was curious.. if i recall correctly (didn't look back through) it was the main pc runnning xp pro that "owned" the shared drive? What type of sharing is it configured? Still curious from my first question...
(and, btw, i am a big Acronis fan. True Image and Disk Director Suite and also worked well for me....)
- Status
Similar threads
Latest posts
-
The Best GPU for Every Price Point- themastergoose replied
-
Biggest gamma-ray burst ever recorded came from a "regular" supernova- hahahanoobs replied
-
New Affordable AMD B650 Motherboard Roundup- Avro Arrow replied
-
10 Things We Hate About Nvidia
- Endymio replied
