Hello,
Before going further, I would like to confirm the following points:
1. Did you boot into Command prompt in recovery console or WinPE to map a network drive on Windows Server 2008?
2. Is the client computer running Windows XP or Windows Vista?
3. Whats the result if inputting the default administrator account and password?
4. Can you map other network drives, from the same Windows Server 2008 computer and other computers?
5. Could you let me know the detailed steps about how you try to map the network drive?
6. Whats the exact wording of the error message?
Now I suggest inputting a different user name and password when you are prompted to enter credentials.
In addition, lets disable Use Sharing Wizard
1. Open Folder Options in Control Panel.
2. On the View tab, uncheck the box before Use Sharing Wizard (Recommanded).
3. Click OK.
In Windows Server 2003, we can configure the following group policies to enable DOS client access. I have not tested if they also work on Windows Server 2008. You can have a try.
[Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Lan Manager Authentication Level] -> LM, NTLM responses
[Windows Settings\Security Settings\Local Policies\Security Options\Microsoft Network Server: Digitally Signed Communications (Always)] Disabled
If this problem continues, please change the following registry keys on the server to test:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - restrictanonymous = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - restrictanonymoussam = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - everyoneincludesanonymous = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - nolmhash = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - lmcompatibilitylevel = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters - requiresecuritysignature =0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters - requiresecuritysignature = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters - restrictnullsessaccess = 0
Hope it helps.
Tim Quan - MSFT
1.
Did you boot into Command prompt in recovery console or WinPE to map a network drive on Windows Server 2008?I tried booting from customized boot disk made from the following:A. Power Quest (Now Symantec)
B. Ultimate Boot CD
2. Is the client computer running Windows XP or Windows Vista? Windows XP
3. Whats the result if inputting the default administrator account and password?
I got the same results.
4. Can you map other network drives, from the same Windows Server 2008 computer and other computers? Cannot map to any shared folders on Windows Server 2008 from DOS but I can map using windows. I can map to Windows Server 2003 from DOS without any problems.
5. Could you let me know the detailed steps about how you try to map the network drive? Example, I created a customized boot disk using the PowerQuest boot disk wizard. All the correct parameters were specified including servername or server IP, net use G: \\servername\images, and username. When I boot from the disk or USB device it prompts for a and password. Once I type in the password and press enter it displays the error.
6. Whats the exact wording of the error message? Error 5: Access has been denied.
7.Disabling the "Use Sharing Wizard" and modifying the registry did not make any difference.
Event log
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 9/24/2008 1:18:03 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Imaging
Description:
An account failed to log on.
Subject:
Security ID:NULL SID
Account Name:-
Account Domain:-
Logon ID:0x0
Logon Type:3
Account For Which Logon Failed:
Security ID:NULL SID
Account Name:testing
Account Domain:
Failure Information:
Failure Reason:Unknown user name or bad password.
Status:0xc000006d
Sub Status:0xc000006a
Process Information:
Caller Process ID:0x0
Caller Process Name:-
Network Information:
Workstation Name:\\DM141E0C0D
Source Network Address:10.132.53.164
Source Port:47196
Detailed Authentication Information:
Logon Process:NtLmSsp
Authentication Package:NTLM
Transited Services:-
Package Name (NTLM only):-
Key Length:0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-09-24T20:18:03.818Z" />
<EventRecordID>599</EventRecordID>
<Correlation />
<Execution ProcessID="600" ThreadID="692" />
<Channel>Security</Channel>
<Computer>imaging</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">testing</Data>
<Data Name="TargetDomainName">
</Data>
<Data Name="Status">0xc000006d</Data>
<Data Name="FailureReason">%%2313</Data>
<Data Name="SubStatus">0xc000006a</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">\\DM141E0C0D</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">10.132.53.164</Data>
<Data Name="IpPort">47196</Data>
</EventData>
</Event>
Hi,
Thank you for the reply.
Did you use the following command to map the Z: drive to the network path //computer/folder?
net use z: \\computer\folder
Can you access the shared folder in DOS?
Can you ping the Windows Server 2008 computer in DOS?
Please grant the shared folder everyone full control.
1. Right-click the shared folder and click Properties.
2. On the Sharing tab, click Advanced Sharing.
3. Click Permissions.
4. Click Everyone and check the Allow box beside Full Control.
5. Click OK twice.
6. On the Security tab, Click Edit.
7. Click Add, type Everyone and click OK.
8. Click Everyone and check the Allow box beside Full Control
9. Click OK.
If the issue persists, I suggest using the following method to create a MS-DOS bootable diskette
1. When formatting a floppy diskette, users have the option of creating a MS-DOS startup disk, follow the below steps to do this.
2. Place diskette in the computer.
3. Open My Computer, right-click the A: drive and click Format.
4. In the Format window, check Create an MS-DOS startup disk.
5. Click Start.
Once the bootable diskette has been successfully created, following the below steps you will be able to boot from the diskette.
1. Place the diskette into write-protect mode (in case a virus is on the computer, this will not allow the virus to transfer itself onto the diskette).
2. Insert the diskette into the computer and reset or turn on the computer to begin the boot process.
3. As the computer is booting, answer the questions prompted (if any).
4. Once at the A:\> take the appropriate actions depending upon the situation of the computer.
5. If you are unfamiliar with MS-DOS we recommend you see our MS-DOS page.
If the issue still occurs, I am afraid that DOS may be incompatible with Windows Server 2008.
Tim Quan - MSFT
Errror5: Access has been denied.
- Marked as answer by Tim QuanModerator Monday, September 29, 2008 2:53 AM
Have you solved it? Did you find a solution?
I've got the same problem.
Thanks
Think I may have solved it. Attempting to reproduce it.
Did you solved this issue? If so, can you please share?
I am having the same issue.
Set the following group policy settings:
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options:
Network Security: Do not store LAN Manager hash value on next password change - SET TO DISABLE
Network Security: LAN Manager authentication level - SET TO SEND LM & NTLM - USE NTLM v2 IF NEGOTIATED
Refresh group policy by restarting the computer or typing gpupdate /force in the run dialog box.
Reset the password on the user account.The password needs to be reset so that it stores the older LAN Manager hash value.
Hope this helps someone.
- Proposed as answer by DiscipleBC Monday, March 23, 2009 5:39 PM
- Marked as answer by Laura ZhangMicrosoft employee, Moderator Friday, August 21, 2009 11:12 AM
Administrative Tools - Local Security Policy - Local Policies - Security Options:
Network Security: Do not store LAN Manager hash value on next password change - SET TO DISABLE
Network Security: LAN Manager authentication level - SET TO SEND LM & NTLM - USE NTLM v2 IF NEGOTIATED
Good point - AND, we must consider the case (such as mine) where a machine is 'outside the domain' in a Workgroup.
I have similar issue.
Machine B is Server 2008 - I have shared the folder, set permissions as needed, but even with mapping explicitly with the "administrator" and password to the 'share' - it gives "access denied" if trying to copy file from XP (Machine A) at the command shell, to the share on the 2008 server (Machine B).
BUT, if I happen to map to the 'drive' - the NTFS permissions work fine - i.e., net use * \\2008server\c$ /user:administrator *
I have yet to try the policies mentioned, but am doing that now - and will report back.
Note: This is a LOT of extra effort just to do things that automatically happened in 2003 server - and I do indeed respect the fact of having more tightened and heightened security, BUT if I say "share this folder as a share, and allow UserX to be able to modify it, from both Share Level and NTFS folder/file level," then I expect the system and/or policies to adjust accordingly - or to provide an intelligible response such as, "Hey Mr. admin-guy - the policies you have set may need to be adjusted in order to allow proper sharing from other systems." But... maybe it's just me. Thanks.
The policy settings did not make a difference for me - actually, my problem was "perceived;" i.e. end-user problem on my part (LOL).
When I mapped properly, WITH "administrator," it worked fine.
In the related problem that was reported to me: When the user mapped to the share via the non-admin user, he was unable to copy files to the share.
I told the user to ensure that the NON-admin account also has "log on as batch" and/or "log on as a service" as needed.
Note: I verified that the non-admin user has modify/write access to both the Share and the NTFS levels.
Trying to setup a Fryer CNC machine with a Analam 3000/3300 control which runs DOS. I installed "MS-DOS Network Client 3.0" and after a ton of hours finally got the NIC drivers to fire up with TCP/IP. I ran into the same problem as the guy above. I spent countless hours trying to make this work on Vista and Windows 7 and got nowhere.
The solution above was the correct fix and resolved my problem. Thank you so much for spending the time to document this. It has made me a hero in my company.
*NOTE* The above really does work, don't forget to reset that password though.
Bingo that did it for me, thanks Justin and all.
Oh and I was using NetBoot 6.5 to install a Ghost Image on Windows 7 computer.
- Edited by Axehole Wednesday, September 21, 2011 10:49 PM
Thanks so much! We've spent three nights trying to solve the same problem, trying to connect shared folder from Windows XP desktop to Schirmer Machinery.
This thing is not translatable: м м! ! м м м мм !
Hi!
Hi!
Hi!
There are 2 other things you should check in the windows registry
1. Open start menu
2. type regedit and press enter
3. in the registry editor navigate to the following place:
HKEY_COCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
4. Check wether the following variables are set to value 0!
requiresecuritysignature -> set it to 0
enableauthenticateusersharing -> set it to 0
These are the final settings that solved my problem, so I can now connect to my windows 2008 R2 server shared folder with MS-DOS network client 3.0
Justin, thanks a lot for the tips!
I had better luck with changing the group policies rather then going thru the local policies.
Changing
Network Security: Do not store LAN Manager hash value on next password change - SET TO DISABLE
Network Security: LAN Manager authentication level - SET TO SEND LM & NTLM - USE NTLM v2 IF NEGOTIATED
alone did not do the trick for me (I still got error 5 message on the client). I had to additionally disable
Microsoft network server: Digitally sign communications (always)to make it work.
Cheers!
PS My problem was accessing a share on Windows Server 2008 from an MS-DOS 6.22 / MS Network Client 3.0 PC
can anyone tell me "where" these changes where applied?
was it on the file server? Was it on the domain controllers? Was it a combination? Domain Policy, Domain controller policy?
Thanks!
- Edited by jamicon Friday, November 22, 2013 6:20 PM