Access denied when trying to accede to shared resources

  • Thread starter Thread starter Andy
  • Start date Start date
A

Andy

Hi, i have a windows 2000 server, in a workgroup. a
Windows 2000 professional and xp pc access to this server,
but, a PC with Windows NT workstation cannot access to
this server using the same one username and password. The
error is : access denied. this error only happens in a
windows nt workstation

What happens?
cómo lo soluciono?

Thank you
 
Hello Andy,

Take a look at KB article Q826725 - Down level clients can not access W2K machine

Hope this helps

David Hancock [MSFT]
Microsoft Server Setup Team



Search our Knowledge Base at http://support.microsoft.com/directory

Visit the Windows 2000 Homepage at

http://www.microsoft.com/windows2000/default.asp

See the Windows NT Homepage at http://www.microsoft.com/ntserver/



NOTE: Please reply to the newsgroup and not directly to me. This allows

others to add to and benefit from these threads and also helps to ensure a

more timely response. Thank you!



This posting is provided "AS IS" without warranty either expressed or

implied, including, but not limited to, the implied warranties of

merchantability or fitness for a particular purpose.

The views and opinions expressed in this newsgroup posting are mine and do

not necessarily express or reflect the views and / or opinions of Microsoft.

******************************************************************************
 
Sorry, the KB article Q826725 don'nt exists. :'(
can give me the url to this article?
Thank you

David Hancock said:
Hello Andy,

Take a look at KB article Q826725 - Down level clients can not access W2K machine

Hope this helps

David Hancock [MSFT]
Microsoft Server Setup Team



Search our Knowledge Base at http://support.microsoft.com/directory

Visit the Windows 2000 Homepage at

http://www.microsoft.com/windows2000/default.asp

See the Windows NT Homepage at http://www.microsoft.com/ntserver/



NOTE: Please reply to the newsgroup and not directly to me. This allows

others to add to and benefit from these threads and also helps to ensure a

more timely response. Thank you!



This posting is provided "AS IS" without warranty either expressed or

implied, including, but not limited to, the implied warranties of

merchantability or fitness for a particular purpose.

The views and opinions expressed in this newsgroup posting are mine and do

not necessarily express or reflect the views and / or opinions of Microsoft.****************************************************************************
**
Click to expand...
 
Sorry about that Andy,

Here's the bulk of the article for you:

*** Problem Description ***
Customer may have a W2K server that can be accessed by another W2K machine but when
you try to map a drive to it from an NT 4.0 machine you receive access denied or
you can map to the share but when you do a dir you receive access denied.

*** Resolution ***

Customer may of applied an IIS security template that by default turns off LM and
NTLM authentication and sets other security limatations that will not allow down
level clients to access the W2K machine.

These are the settings that may affect access to the W2K machine and if you get the
template from the customer it can be loaded in the Security Configuration and
Analysis snap-in and reviewed.

Under Local Policies - Security Options: Digitally Sign Client Communication
(always) - change to 'Disabled'
LAN Manager Authentication Level - set to "Send LM & NTLM responses"
Secure Channel: Digitally encrypt secure channel data (always) - set to Disabled
Secure Channel: Digitally sign secure channel data (when possible) - set to Disabled
Digitally Sign Client Communication (When possible) - Set to enabled - leave it enabled
Secure Channel: Digitally encrypt secure channel data (When Possible) - leave it enabled
Digitally Sign Client Communication (When Possible] - leave it enabled

These are the entries in the template that show where the registry keys are set:

[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[System Access]
MinimumPasswordAge = 2
MaximumPasswordAge = 42
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 24
LockoutBadCount = 5
ResetLockoutCount = 30
LockoutDuration = -1
RequireLogonToChangePassword = 0
NewAdministratorName = "wellmedadmin"
NewGuestName = "wellguest"
ClearTextPassword = 0
[System Log]
RestrictGuestAccess = 1
[Security Log]
MaximumLogSize = 10240
AuditLogRetentionPeriod = 0
RestrictGuestAccess = 1
[Application Log]
RestrictGuestAccess = 1
[Event Audit]
AuditSystemEvents = 3
AuditLogonEvents = 3
AuditObjectAccess = 3
AuditPrivilegeUse = 3
AuditPolicyChange = 3
AuditAccountManage = 3
AuditProcessTracking = 0
AuditAccountLogon = 3
[Profile Description]
Description=Increases SecureWS Settings. Restricts Power User and Terminal Server ACLs.
[Registry Values]
machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel=4,1
machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel=4,1
machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey=4,1
machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal=4,1
machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange=4,0
machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuri tysignature=4,1
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature=4,1
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword=4,0
machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature=4,1
machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature=4,1
machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff=4,1
machine\system\currentcontrolset\services\lanmanserver\parameters\autoshareserver=4,0
machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect=4,15
machine\system\currentcontrolset\control\session manager\protectionmode=4,1
machine\system\currentcontrolset\control\session manager\memorymanagement\clearpagefileatshutdown=4,1
machine\system\currentcontrolset\control\print\providers\lanman printservices\servers\addprinterdrivers=4,1
machine\system\currentcontrolset\control\lsa\restrictanonymous=4,2
machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel=4,5
machine\system\currentcontrolset\control\lsa\fullprivilegeauditing=3,0
machine\system\currentcontrolset\control\lsa\crashonauditfail=4,0
machine\system\currentcontrolset\control\lsa\auditbaseobjects=4,0
machine\system\currentcontrolset\control\filesystem\ntfsdisable8dot3namecreation=4,1
machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext=1,
machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption=1,
machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername=4,1
machine\software\microsoft\windows\currentversion\policies\system\disablecad=4,0
machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption=1,1
machine\software\microsoft\windowsnt\currentversion\winlogon\passwordexpirywarning=4,14
machine\software\microsoft\windowsnt\currentversion\winlogon\cachedlogonscount=1,10
machine\software\microsoft\windowsnt\currentversion\winlogon\allocatefloppies=1,0
machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd=1,0
machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms=1,0
machine\software\microsoft\windowsnt\currentversion\setup\recoveryconsole\setcommand=4,0
machine\software\microsoft\windowsnt\currentversion\setup\recoveryconsole\securitylevel=4,0
machine\software\microsoft\non-driver signing\policy=3,0
machine\software\microsoft\driver signing\policy=3,2
[Privilege Rights]
sesystemenvironmentprivilege = *S-1-5-32-544,*S-1-5-21-527237240-630328440-1417001333-1007
[Registry Keys]
1="classes_root", 0,

David Hancock [MSFT]
Microsoft Server Setup Team

Search our Knowledge Base at http://support.microsoft.com/directory
Visit the Windows 2000 Homepage at
http://www.microsoft.com/windows2000/default.asp
See the Windows NT Homepage at http://www.microsoft.com/ntserver/

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose.
The views and opinions expressed in this newsgroup posting are mine and do
not necessarily express or reflect the views and / or opinions of Microsoft.
 
Back
Top