RE: WinXP -> W2K3 Share Access

From: jetan@xxxxxxxxxxxxxxxxxxxx ("Jeffrey Tan[MSFT]")
Date: Wed, 23 Aug 2006 09:41:36 GMT

Hi Mike,

Thanks for your feedback!

Oh, yes, you are right. It seems my remote testing machine is still in the
same domain as my accessing machine, so the Local System accessing will be
recognized as my accessing machine's machine account, which is also a valid
domain account. Sorry about this.

I have quited my remote testing machine from the domain, and can reproduce
your problem.

Based on my experience, my accessing to that machine will be identified as
Null Session, which means the access request can not be authenticated.
However, due to security issue, after WinN4.0, Windows will restrict the
Null Session access by default. So we should enable the Null Session access
on remote machine first. This is controlled by RestrictNullSessAccess
registry key under
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters. Please
refer to the the article below for more information(note: the change
requires reboot):
http://technet2.microsoft.com/WindowsServer/en/library/2b8bdf70-becc-41f7-b3
05-88300df0892d1033.mspx?mfr=true

Instead of enabling Null Session on remote machine(since this is considered
as a security hole in Windows Security), another good solution to this
problem is providing the username/password of remote machine to the LAN
manager. The LAN manager integrates the feature of allowing the A machine
to provide B machine's local account and password, the LAN manager will
help you to impersonate this local account on B machine. I think this is an
idea solution to your problem.

There are 2 approaches to setup the LAN session with username/password:
1. Using "net.exe use" command. This tool encapsulates the LAN manager
function internally.
2. Use NetUseAdd to setup the LAN session programmatically, there are 2
parameters of this API for us to input username and password.

Please refer to my previous reply below for more information and sample
code:
http://groups.google.com/group/microsoft.public.platformsdk.security/msg/063
d7b08b29e5642?hl=zh-CN&

The sample code in the link above is written in C# .net, however, the logic
is the same, if you have problem of using it, please feel free to tell me,
thanks.

In your solution, your local machine Windows Service can leverage the code
snippet below to first use NetUseAdd API to setup the LAN session with the
local account on remote machine, then, your Windows Service application can
access the share folder without any problem, since the LAN session is
machine-wide, once it is setup, your following accessing will go through
this established LAN session channel.

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

References:
- RE: WinXP -> W2K3 Share Access
  - From: "Jeffrey Tan[MSFT]"
- RE: WinXP -> W2K3 Share Access
  - From: Michael Slattery

Prev by Date: Re: Is fix for 818173 present in win-xp sp2?
Next by Date: Re: Is fix for 818173 present in win-xp sp2?
Previous by thread: RE: WinXP -> W2K3 Share Access
Next by thread: Using CryptSignMessage to insert timestamp into PDF
Index(es):
- Date
- Thread

Relevant Pages

Re: SBS Turn-Key Operation
... My entire business is primarly mobile, with the chance that an SMB needs ... > then use XP Remote Desktop support a lot easier. ... >> my customers are residental w/ a few SMB accounts. ...
(microsoft.public.windows.server.sbs)
Re: Getting rid of old, obsolete kernels
... > to login via terminal server, enter user/password, hard reset the ... LILO and make the system unrecoverable without a boot disk. ... You need a remote serial concentrator to do this effectively. ... Some of the higher end ones support SSH now, ...
(comp.os.linux.setup)
RE: performancecounter object and remote server
... you're using the .NET performance counter to open ... counters on remote machine, however, you got the following error, correct? ... running under a local account, has same username/password on both machine). ... Microsoft MSDN Online Support Lead ...
(microsoft.public.dotnet.general)
RE: performancecounter object and remote server
... you're using the .NET performance counter to open ... counters on remote machine, however, you got the following error, correct? ... Microsoft MSDN Online Support Lead ... You can send feedback directly to my manager at: ...
(microsoft.public.dotnet.general)
Re: SBS Turn-Key Operation
... remote support, but was planning on setting ... since I found that the SBS product has the remote support, ... > Example I had a customer who kept saying my system keeps shutting off for ...
(microsoft.public.windows.server.sbs)