1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Help with mapped drives and XP AV 2008

By dbole007 ยท 49 replies
Sep 19, 2008
  1. We have 4 computers here in our office, that all run XP. The main system runs our accoutnign software, Peachtree, and has a mapped drive, P, that we all use to acces the data files. Recently, the main system got infected with XP Antivirus 2008, and we lost power to our building over the weekend. coming in, the Pc BSOd with winlogin.exe error. I did a repair installation of XP, then deleted the AV2008 with Malwarebytes program. I then rebooted, and reinstalled SP3. The other 3 computers now, get an access is denied error when trying to connect to the mapped drive on the main computer. I have looked at permissions, and given full access to everyone, and actually removed and reinstalled Peachtee to get this to work. Still not working, and the Dell tech( thats what Pc we have) was stumped and was lookign up stuff while I was on phone with him on the Technect site for MS. Any idead what could fix this, or do I need to do a complete resintall from scratch?
  2. kimsland

    kimsland Ex-TechSpotter Posts: 13,810

    Hey I was a Dell tech once, but I haven't told many that!

    Try this:

    Check the Shell value for Winlogon in your registry. Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    should show:

    Shell REG_SZ explorer.exe

    Or download this tool: http://www.dougknox.com/xp/utils/XP_FixLogon.zip
    This utility checks for the correct GINA value in the Registry and will allow you to restore it, if its incorrect.
  3. dbole007

    dbole007 TS Rookie Topic Starter Posts: 17

    thnx for this utility,Will this restore any locked or messed up access rights?
  4. kimsland

    kimsland Ex-TechSpotter Posts: 13,810

    Not exactly
    But it can't hurt to run on Xp, and see what happens
    It just puts explorer.exe shortcut in registry back to normal
  5. dbole007

    dbole007 TS Rookie Topic Starter Posts: 17

    ran the utility and it said that the default GINA.exe was in use, so all I coudl do is exti. Is this good thing?
  6. kimsland

    kimsland Ex-TechSpotter Posts: 13,810

    Yes that's good

    So what actually happens when you try to re-map the netwok location?
    For arguments sake, you could temporarily try mapping X drive to the same network location as P
  7. dbole007

    dbole007 TS Rookie Topic Starter Posts: 17

    If I try to rempa the drive to say T drive, it comes up wiht same error message on the other computer, access is denied. The main computer, with the problem, has 2 other folders that are shared, and we can still see those ones, but they are not mapped to a drive letter, just shared. I did try and map one of those other folders, and was able to see it. That is what led me to remove then reinstall the peachtree application,thinking that maybe by doing that and deleting the shared mapping, would clear up the issue, but didnt help.
  8. kimsland

    kimsland Ex-TechSpotter Posts: 13,810

    So if you can view the shared folders across the network, then you should be able to right click on the folder and map it to any drive letter (you may need Administrator rights and logon passwords set up
  9. dbole007

    dbole007 TS Rookie Topic Starter Posts: 17

    I do have an account with admin rights and a password, to login with. But, this does lead me to wonder, if I created a new user, with admin rights, then made that new user map the drive, if it would work then? this mapped drive folder is only one that will not work, so leads me to believe that a file was infected, or was tagged in fected, and was then deleted.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 13,810

    Just by the way, File and Print sharing is setup on both computers (in the network properties aren't they?

    Also I once had a strange fault like this, I eventually pasword protected the actual Administrator account (accessed through Safe mode) then try to access the Folder (once the computer was back to normal mode) which then gave me a prompt please type in the username and password (which I used Administrator and password) and ticked to remember, then all was ok forever on
  11. dbole007

    dbole007 TS Rookie Topic Starter Posts: 17

    the admin account does have a password on it, well the account that has administrator rights. Are you saying , put a password on the actual admin account that is the default account on the pc? BTW, I have SP3 installed, and when I did the repair installation of XP , it was SP2. Is there a way I can uninstall the SP3 update, so I can go back to SP2, then reinstall that SP, then redo the SP3 one? I looked for the SP3 uninstall folder in the windows directory, and it wasnt there, which leads me to believe that the SP3 was installed, but not fully, where it owudl leave the uninstall files in the folder under windows.
  12. kimsland

    kimsland Ex-TechSpotter Posts: 13,810

    SP3 is in Add/Remove Programs (tick the box show updates)
    You can also download it from Here
  13. nickc

    nickc TechSpot Paladin Posts: 921   +11

    also if u are going to do a reformat and install Windows there is no need to uninstall SP3. just put the DVD in the drive and start if u have the DVD set as the 1st boot drive.
  14. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,430   +185

    To be successful, the client end of the mapped drive requires network logon rights for the server, then must complete successful logon and finally its logon account permissions are applied to control its access to the resource it wants.

    Why not start by trying to determine the fail point in the authenticaton/authorization steps and then check specific rights and permissions? And what setting or descriptor is causing failure. (Whcih would then guess is reason for access denied)

    What type of file sharing is the server using?

    Set policy on the server to audit account logons and logon events. Reboot, start things up and look at the Security Event Log. This will start by telling you how the client side is trying to logon and whether the logons are succeeding or failing at that point. (so can determine first if user logon or access pemission problem) Then can try taking it the next step from there
  15. jobeard

    jobeard TS Ambassador Posts: 12,491   +1,430

    Just to clarify: Three client systems were unaffected and only the system with the
    shared folder (mapped as P:\) was contaminated. ALL your efforts have been on the
    Server System and all three clients can browse the workgroup name and see each other.

    If not too late, LEAVE NTFS permissions alone -- they're the LAST thing to touch.

    • Redo the network setup
    • disable filesharing then
    • reenable filesharing

    Start with this Vista step-by-step process (just ignore the Public/Private choice).

    If you have a third party firewall, disable it and reenable the Widows version
    and on the Exceptions tab, enable Print/File Sharing.

    First symptom of correctness is the ability of a client to see All systems when
    View Entire Network -> MS Windows network -> workgroup name (whatever you used).
    Then expanding the [+] on the Server Name, you should see the shares.

    NOW attempt to map the drive.

    If all else fails, I'll point you to my faux pas of fouling up the GPO objects
  16. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,430   +185


    maybe is a matter of one's personal prefrence but....

    - Turning file sharing on/off, resets, etc. - sure, of course

    But i;d next want to know how the client was being authenticated to ultimately know
    • Did they fail because of logon issues ?(and nothing to do with access
      permissions to differentiate what i'm lookin for)
    • And know what server account the client is trying to use (to check specific their specific logon rights)
    • And know if they actually got past logon (to know the logon account used and to know its permissions to know what permission client SHOULD have to compare to the resource permissions to know what's screwing up)

    Always like to first find the cause and know why and see if can't fix it. Once that all fails,then i'll bring out the bulldozers! :)
  17. jobeard

    jobeard TS Ambassador Posts: 12,491   +1,430

    I like your inquisitiveness :) Many would like those answers.

    However, there are multiple levels at which pieces are active with different requirements
    and 'credentials'.

    Stepwise refinement would be used to narrow (or tighten) the access, but the first
    requirement is Make It Work At All :) This is the network layer and simple access.
    For example, the Share is controlled by one login/password. That has little to do
    with rights to be given to Joe vs. Mary.

    For tighter controls, the NFS permissions can be used, to refine actions allowed or
    denied per user, once the network access has been allowed.
  18. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,430   +185

    i'd just like to look at it closer before wiping all evidence of it.

    Actually, server access is controlled by userid.. the share access is controlled by access permissions. (i.e. if Sam has read-only access, Sam first needs logon to server. But that's userid/logon right issue)

    And that logon right for Joe or Mary is VERY significant if their userid is the one being used to authenticate access. That's why you;d want to know what type of sharing the server uses and what userid the client tried for logon and THEN access

    /**** EDIT *****/
    I'll qualify that one statement about server access controlled by userid... that doesn't include server access just for enumeration purposes unless you start playing with the registry values like RestrictAnonymous (as you came across in your other thread i commented on). There's also RestrictNullSessions that can prevent null logons for enumeration

    /**** EDIT2 *****/
    wrt to stating "looking before wiping it out", that, of course, also assumes one has the luxury of time to look at the problem vs. business constraints imposed on time which might mandate "just fixing it anyway that works"

    /*** Gee, and EDIT3 *****/
    wrt "share permissions" meaning "effective share permissions" as unknown just what kind of sharing is being used and if Share and/or NTFS permissioning applies
  19. jobeard

    jobeard TS Ambassador Posts: 12,491   +1,430

    oops; responded to the wrong thread; please excuse me.
  20. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,430   +185

    I'm not looking for any type of match either. Just offering assistance when can and exchange of technical info. there;s no other intent if you;ve read anything into any msg (in either thread)

    Is my understanding of client/server logon and have found that approach helpful (only applied in peer-to-peer testing but i understand the logon/authenticatgion process is still valid for domains.. just that authentication has to be handled by by another system, possibly)

    hope to continue an exchange :)

    and if OP wants can discuss a test

    /****** EDIT ******/
    Though certainly try re-setting file sharing per joebeard's posts first and some more info below

    And to offer my understanding of the data flow for the client/server process:
    - To my knowledge, when an MS client issues a server request, the user credentials from the client side are included in the request
    - The server may authenticate the request as Guest (regardless of userid id)
    - or may apply User Authentication (using the actual id)
    - And if it's Classic File Sharing it may, in fact, attempt both (first User Authentication and if that fails then Guest Authentication).
    - So given all that, i've found it extremely helpful to understand how the client is actually trying to logon the server (i.e. what userid) and how the server is actually authenticating that client userid and the result of that authentication attempt (and to see if the server is re-attempting with Guest) . Once knowing the userid that worked for authentication one also knows permissions. All of which helped me narrow the cause from a very wide set to choose from when getting a "Denied Access" message
  21. dbole007

    dbole007 TS Rookie Topic Starter Posts: 17

    Guess I wasnt clear, there was never a server, but main pc wiht XP pro on it. We wiped the drive, started over this weekend, and now, got clean backup of it.
  22. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,430   +185

    Hey. Congrats. Glad to hear you have it working again! :grinthumb

    and just a clarification:
    - A computer which owns and controls a shared resource (like a mapped drive other machines access) is a server in Windows terminolgoy.
    - All the computers accessing it are the clients
    - A single computer can be both a client and server if it shares its own resources and also requests access from other machines

    In this case, more a transient term for the roles played in client/server data flow.
  23. dbole007

    dbole007 TS Rookie Topic Starter Posts: 17

    I am the old school techs where a server to me is a standalone system that no one uses for anything. I was just clarifying, cause didnt know if I had maybe not explained it clearly, but I guess I did and wasnt really paying attention myself. Hated to redo everything, but was time critical, so now am backing the new system up with ghost. Not sure if anyone else has seen big difference, but , I like the old ghost better than the new ones they been putting out.. Might have to try Acronis for my backup solution.
  24. kimsland

    kimsland Ex-TechSpotter Posts: 13,810

    I like Ghost 2003
    The only reason I don't like Acronis is because some Acronis files are stored in the image, whereas the older Ghost (used in Dos) doesn't (other than marking the disk to be used with Ghost)

    If you are from "old school" you would agree that the external program should not make these intrusive allowances. But no one minds any more.
  25. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,430   +185

    good ya got all working again.

    and, yea, lots of people when hearing the word "server" have an image of some big dedicated hot server running on a network (vs just being a simple term implying just a "role")

    by the way, was curious.. if i recall correctly (didn't look back through) it was the main pc runnning xp pro that "owned" the shared drive? What type of sharing is it configured? Still curious from my first question...

    (and, btw, i am a big Acronis fan. True Image and Disk Director Suite and also worked well for me....)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...