wicked1ab Posted April 3, 2011 Posted April 3, 2011 Hello all, I will start off by saying that I am very new to this and I've kind of hit a roadblock early on. I've set up my home server and named it server1. I have 2 usernames so far and that is Administrator and Anthony, there is also the guest account which I currently have turned off. I added some files and set them to be accessible when logged in as anthony and that worked out great but I wanted to make sure they were not accessible from other accounts such as guest. So I temporarily turned on the guest account and signed in as guest and sure enough it wouldn't let me access them, yay. then I turned off the guest account, however, now whenever I go into my computer and type in \\server1 it takes me to the root folder and doesn't ask me to log in at all and do not have access to the files. I've loged into the server via remote desktop as administrator and under sharing and storage managment I viewed sessions and it says I'm still logged on as guest, even though I turned off the guest account. My question is, how do I get windows to prompt me to re log in? 1 Quote
ICTCity Posted April 3, 2011 Posted April 3, 2011 You have to remove cached network credentials: open a command prompt and type: net use This will show you persistent / temporary connection. Now from the same command prompt type: net use /delete This will delete the cached credentials. Let me know. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 3, 2011 Author Posted April 3, 2011 You have to remove cached network credentials: open a command prompt and type: net use This will show you persistent / temporary connection. Now from the same command prompt type: net use /delete This will delete the cached credentials. Let me know. So I ran the command and saw the folders it was remembering, I used: net use /delete \\server1\anthony then ran the command again and it was empty. Opened up my computer and typed in \\server1 to see if it'd prompt me to relog in and it doesn't, it just takes me to the directory and then if I try and open a folder it adds it back to the net use. Quote
ICTCity Posted April 3, 2011 Posted April 3, 2011 So I ran the command and saw the folders it was remembering, I used: net use /delete \\server1\anthony then ran the command again and it was empty. Opened up my computer and typed in \\server1 to see if it'd prompt me to relog in and it doesn't, it just takes me to the directory and then if I try and open a folder it adds it back to the net use. Just to be sure... the "net use /delete" must be executed on the CLIENT not on the server... Anyway, check the permissions on the folder (both sharing and security), if not sure post a screenshot. If you can, try to restart your server (this will flush the cache). Let me know. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 3, 2011 Author Posted April 3, 2011 Just to be sure... the "net use /delete" must be executed on the CLIENT not on the server... Anyway, check the permissions on the folder (both sharing and security), if not sure post a screenshot. If you can, try to restart your server (this will flush the cache). Let me know. I did run the commands via the computer I am trying to access from. I also tried restarting the server, none of it worked. I did take these screenshots though. I took a few more to show however it wouldn't let me upload them so you can find them: http://img830.imageshack.us/img830/511/pic4d.png http://img837.imageshack.us/img837/3879/pic5w.png http://img714.imageshack.us/img714/8946/pic6l.png the last 3 basically just show that when I have my computer browsing the files it shows it as signed in as guest. but my guest account is turned off. and then the last image is just the root folder for \\server1. thats how I access it and the first time I navigated to it, it asked me to log in and I did as Anthony and was able to access all files as normal. Then the next time it asked me to log in I signed in as guest just to check if it would restrict me access and it did, problem is it has never given me the choice to sign back in as anthony. Quote
ICTCity Posted April 4, 2011 Posted April 4, 2011 Ok, maybe I have the solution... http://www.ehow.com/how_6826812_disable-login-network-share-folders.html Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 4, 2011 Author Posted April 4, 2011 Ok, maybe I have the solution... http://www.ehow.com/how_6826812_disable-login-network-share-folders.html Followed the instructions and I already had the password protected sharing on. : / this issue is so puzzling I've been searching online every down chance I get, seems like something that shouldn't be so hard to fix but, arent they always right? anyways thank you for helping me :) I'm sure we'll figure it out Quote
ICTCity Posted April 4, 2011 Posted April 4, 2011 So, let's start from the beginning. Remove the share and be sure you can't access to it in any way. Once ok, re-share with a different name. Let me know. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 4, 2011 Author Posted April 4, 2011 So, let's start from the beginning. Remove the share and be sure you can't access to it in any way. Once ok, re-share with a different name. Let me know. ok so I took off all the files and deleted the folders, removed all shares that were removable (i.e. didn't remove ADMIN$, C$, IPC$), then I ended the guest session that had bee created from last time I tried to access the files. I created a new folder, gave it a new name and set its permissions to be accessible from the anthony account and took permissions to do anything at all away for anyone but anthony, tried accessing them from the computer and I'm getting the same results. Quote
ICTCity Posted April 5, 2011 Posted April 5, 2011 Let's try this: Backup your registry. go to: HKLM\System\CurrentControlSet\LSA Add a new REG_WORD value with this name: RestrictAnonymous Edit value to 2. Reboot and retry. Uh, what happens if you run from the client this command: \\server1\c$ Thanks. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 5, 2011 Author Posted April 5, 2011 Let's try this: Backup your registry. go to: HKLM\System\CurrentControlSet\LSA Add a new REG_WORD value with this name: RestrictAnonymous Edit value to 2. Reboot and retry. Uh, what happens if you run from the client this command: \\server1\c$ Thanks. I'm not sure what HKLM\System\CurrentControlSet\LSA is, can you help me with that part? as for what happens when I type \\server1\c$ from client. It prompts me for log in which is wonderful and just what I want. but I enter my log in and then it gives me an error saying that I don't have permissions to access c$. I tried logging on the server as Admin and killing all sessions and then re-visiting \\server1\c$ and re-logging in but get the same result and when I log back on the server my computer is once again logged on as guest. Quote
ICTCity Posted April 5, 2011 Posted April 5, 2011 That's ok. You can't access c share because by default it's not enabled :) it was just to check ) to do what I wrote before, simply type (in run) regedit this shows your registry. Click file and then export the registry Then navigate to the path I told you (hklm stands for key_local_machine) Then once finished open a command prompt and type net user guest /active:no Restart and let me know Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 6, 2011 Author Posted April 6, 2011 That's ok. You can't access c share because by default it's not enabled :) it was just to check ) to do what I wrote before, simply type (in run) regedit this shows your registry. Click file and then export the registry Then navigate to the path I told you (hklm stands for key_local_machine) Then once finished open a command prompt and type net user guest /active:no Restart and let me know Excellent! It let me into the protected folders this time however it did let me in without actually prompting me to sign in. I'm not sure if that could be because I had signed in under the other account several times when trying to access \\server1\c$ or if it has something to do with the registry being exported. I don't dare test my permissions elswhere haha. Is there anything in this registry backup we made that I need to keep? Quote
ICTCity Posted April 6, 2011 Posted April 6, 2011 In some way I think the guest account is still enabled. If you have made the modification to the registry and you don't have problems you can delete the exported registry. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 6, 2011 Author Posted April 6, 2011 In some way I think the guest account is still enabled. If you have made the modification to the registry and you don't have problems you can delete the exported registry. hmmm well I apreciate you going through all this trouble to help me! Quote
ICTCity Posted April 6, 2011 Posted April 6, 2011 If windows allows you to sign-in without credentials, there are only two choices: 1) anonymous enabled 2) stored credentials. What does "net user guest /active:no" return from the server? Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
wicked1ab Posted April 11, 2011 Author Posted April 11, 2011 If windows allows you to sign-in without credentials, there are only two choices: 1) anonymous enabled 2) stored credentials. What does "net user guest /active:no" return from the server? It just said "the command completed successfully" Quote
ICTCity Posted April 11, 2011 Posted April 11, 2011 Just to be sure... run this command and post output: net user guest |find /i "Account active" Then user this tool http://live.sysinternals.com/AccessEnum.exe to verify permissions on shared folder. You can also use this tool to do almost the same thing: http://live.sysinternals.com/ShareEnum.exe Now let's try another thing: On group policy / local policy find "DENY ACCESS TO THIS COMPUTER FROM THE NETWORK" (I can't remember where is it, maybe it's under Computer Configuration, Windows Settings, Security Options) and check who's in that policy. Then in the same path, find this policy: Network access: Shares that can be accessed anonymously be sure you don't have your share here. Last to try: find this policy: Network access: Do not allow anonymous enumeration of SAM accounts and shares and set it to ENABLED. Let me know. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts