Cannot Share External Hard Drive Over Network
OkayI have been troubleshooting this issue for hours andI am really at a loss of what to do next.I have connected an external hard drive to one of my computers. Then, I went into the Advanced Sharing options and turned on sharing. I ensured that another computer did not need a username/password to connect to my comptuer, and that Everyone had Full Control over the drive. Additionally, I turned on Network Discovery, File and Printer Sharing, Public Folder Sharing for my current profile (Home or Work). I did this on BOTH computers (the one that had the ext HD connected to it, and the other comptuer on the network that needed to connect to it).I always get some "Windows cannot access \\XXXX-PC\DriveName" When trying to connect, and some message about not having permission to access it, which is untrue, as I've made every possible adjustment to make it work. Hopefully one of you can point out something I am doing wrong. Thanks.
May 25th, 2009 9:29pm

tcheck8:Can you please post the exact phrasing of the message that says you don't have permission to access it? Also include any error codes or other details it may provide.Thank you,Nick
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2009 10:55pm

What kind of hard drive do you have? Is it possible to have a "Lock" option on (like on usb pen drives)?Running Windows 7 RC1 32-bit on AMD Athlon 64 X2 Dual Core 5000+ (2.70 GHz), 4 GB DDRII, onboard GeForce 6150SE nForce 430
May 25th, 2009 11:11pm

@Nick FV: The exact error message reads: Windows cannot access \\DEN-PC\NetworkYou do not have permission to access to \\DEN-PC\Network. Contact your network administrator to request access.For more information about permissions, see Windows Help and Support.@SavySB: It's a Westerdn Digital MyBook External Hard Drive...I don't believe it is possible to have a Lock option on, and I don't see one.
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2009 4:06am

What about connecting using the administrative share name, i.e., \\SERVER\C$ and supplying any needed credentials? Also, with the firewall disabled?
May 26th, 2009 11:18am

Ensure that all of the computers are in the same Workgroup.Start>Right click>Computer>select Properties. You should be in Control Panel>System and Security>System. If the Workgroup name is different than the host computer click on the Change Settings and change the Workgroup name to match. Close out and reboot. You should be able to see the shared drive.
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2009 3:52pm

@Ryan Capp: Do you mean typing the drive's location in Windows Explorer? If that's what you mean, I have tried that, and I am still denied access. And should the firewall really be an issue, as I only use Windows Firewall (and AVG Free's, if it even has one). I'll try disabling it and see if that works, though.@Nano Warp: I have checked, and they are both apart of the workgroup "WORKGROUP" I guess that's not the issue, either.It's so weird. Everything was working one day, but just randomly stopped.
May 26th, 2009 7:49pm

I'm assuming you're not using Windows Explorer then? If so, add the computer (\\DEN-PC) to Internet Explorer's trusted sites list.
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2009 8:38pm

What OS is the host computer (the one with the external hard drive connected) and what OS is the computer that can't access the hard drive over the network? This might help us diagnose your problem.-Nick
May 27th, 2009 1:43am

@Ryan Capp: Yes, the only thing I was using to try and connect to the drive was via Windows Explorer. And I don't think it's an issue on the recipient computer, as it's the host computer that is denying access. I've switched the location of the drive (and put it on the recipient computer) and it still gave me an error. Maybe that detail will help. @Nick FV: Both computers are running the latest versions of Windows 7 RC.
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2009 2:59am

Run this command from an elevated command prompt:wevtutil qe Security "/q:*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (band(Keywords,9007199254740992))]]" /f:text > C:\audit.txtThis will output all security audit failures and save it to C:\audit.txt with the newest events towards the bottom.EDIT: Forgot to mention to do it on the remote computer. You can try it on the sending end too, but I don't think it would throw a security failure audit since it's not the one processing the request.Sample event: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Moon Account Domain: HOME Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: nobelium Source Network Address: 192.168.1.2 Source Port: 58731 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
May 27th, 2009 3:47am

I ran that command and looked at the file. I did a Ctrl + F for "failed" and the search turned up empty.
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2009 5:24am

Well they're all failures if it created the file, otherwise it would be blank. Post the file here when you have a chance.
May 27th, 2009 8:44am

You didn't specify which MyBook product that you have, but I don't think it matters. The drive has factory installed software (utilities). Also you may have software and photos stored on the drive. The new AUTOPLAY security features could be blocking the drive. Does the autoplay dialog appear when you connect it to the host computer?Do you actually need the utilities included with the drive?If you don't use the utilities, cut (ctrl-x) themfrom the drive and store them in a new folder on the main drive for possible future use. (WD also has the software available for download)Virus scan the drive to ensure it is clean. (Kaspersky has a technical preview available for Win 7. Search "Kaspersky-Win 7" to find thefree download)Check the drive in disk management. It is factory formatted in FAT 32. If that is still the case you may want to move your stored data and reformat the drive to NTFS. Go to Western Digital support for the product and search the knowledge base for ID 3322. ( Don't assign a drive letter during the process)I use generic external enclosures (e-Sata or usb) and raw hard drives to avoid these issues. I have connected and network shared all of my external drives without issue.It seems that you are at the try anything stage, so I thought I'd offer this after researching the drive product and Win 7 features. Good Luck!
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2009 3:28pm

@Ryan Capp: The file is pretty huge, so I just copied/pasted the last few events. I tried doing them all, but my browser crashed on me. Event[2659]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T16:46:49.159 Event ID: 4672 Task: Special Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Event[2660]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T17:08:46.150 Event ID: 4648 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Brianna Account Domain: LAPTOP1-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x950 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that accounts credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Event[2661]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T17:08:46.150 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1000 Account Name: Brianna Account Domain: LAPTOP1-PC Logon ID: 0xd152ff Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x950 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2662]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T17:08:46.150 Event ID: 4634 Task: Logoff Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was logged off. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1000 Account Name: Brianna Account Domain: LAPTOP1-PC Logon ID: 0xd152ff Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Event[2663]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:28:38.104 Event ID: 4648 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Brianna Account Domain: LAPTOP1-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x950 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that accounts credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Event[2664]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:28:38.104 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1000 Account Name: Brianna Account Domain: LAPTOP1-PC Logon ID: 0xd822a0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x950 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2665]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:28:38.104 Event ID: 4634 Task: Logoff Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was logged off. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1000 Account Name: Brianna Account Domain: LAPTOP1-PC Logon ID: 0xd822a0 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Event[2666]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:30:08.145 Event ID: 4648 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Thomas Account Domain: LAPTOP1-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x518 Process Name: C:\Windows\System32\consent.exe Network Information: Network Address: ::1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that accounts credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Event[2667]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:30:08.145 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xd9516a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x518 Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2668]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:30:08.145 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xd95182 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x518 Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2669]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:30:08.145 Event ID: 4672 Task: Special Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xd9516a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Event[2670]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:30:08.145 Event ID: 4634 Task: Logoff Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was logged off. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xd95182 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Event[2671]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:31:33.681 Event ID: 4648 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Thomas Account Domain: LAPTOP1-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x348 Process Name: C:\Windows\System32\consent.exe Network Information: Network Address: ::1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that accounts credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Event[2672]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:31:33.681 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xda5601 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x348 Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2673]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:31:33.681 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xda560f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x348 Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2674]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:31:33.681 Event ID: 4672 Task: Special Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xda5601 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Event[2675]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:31:33.681 Event ID: 4634 Task: Logoff Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was logged off. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xda560f Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Event[2676]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:33:42.140 Event ID: 4648 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Thomas Account Domain: LAPTOP1-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x15ac Process Name: C:\Windows\System32\consent.exe Network Information: Network Address: ::1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that accounts credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Event[2677]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:33:42.140 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xdc40ea Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x15ac Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2678]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:33:42.140 Event ID: 4624 Task: Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xdc4102 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x15ac Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[2679]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:33:42.140 Event ID: 4672 Task: Special Logon Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xdc40ea Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Event[2680]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:33:42.140 Event ID: 4634 Task: Logoff Level: Information Opcode: Info Keyword: Audit Success User: N/A User Name: N/A Computer: Laptop1-PC Description: An account was logged off. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0xdc4102 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. @Nano Warp: I think this is a MyBook Essential. I removed all the utilities it came with, and have quick formatted the drive to NTFS several times. The only files I may have on the drive are partial backups that were interrupted (due to this networking problem). As for autoplay, the only thing that pops up when I plug in the drive is a little Windows dialog that asksme what I'd like to do; the only option is to view the files with Windows Explorer. I just ran a Disk Check for file system errors and bad sectors, and everything came up okay. There are no viruses on the drive, I know that. I recently bought a raw HD and enclosure for a friend, but since I have these, I really don't need anything like that at this time. I mean, really, this drive should work as well as any other, and for a time, it did.Oh, and another bit of information: I can access the DEN-PC Shared folder via the network (the one that is automatically setup in Windows), but not the external drive.
May 28th, 2009 5:49am

Whoops, that should be band(Keywords,4503599627370496):wevtutil qe Security "/q:*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (band(Keywords,4503599627370496))]]" /f:text > C:\audit.txtJust to make sure it collects logon information, enable logon auditing:http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2009 6:14am

Okay, I'll do this in a bit and let you know of my result. Thanks for all the help so far.
May 28th, 2009 6:25am

Event[14429]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:06:40.385 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Brianna Account Domain: LAPTOP1-PC Failure Information: Failure Reason: Account logon time restriction violation. Status: 0xc000006e Sub Status: 0xc000006f Process Information: Caller Process ID: 0x14cc Caller Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14430]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:06:46.032 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Brianna Account Domain: LAPTOP1-PC Failure Information: Failure Reason: Account logon time restriction violation. Status: 0xc000006e Sub Status: 0xc000006f Process Information: Caller Process ID: 0x14cc Caller Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14431]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:07:45.484 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Brianna Account Domain: LAPTOP1-PC Failure Information: Failure Reason: Account logon time restriction violation. Status: 0xc000006e Sub Status: 0xc000006f Process Information: Caller Process ID: 0x14cc Caller Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14432]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:11.548 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14433]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:12.036 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14434]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:12.238 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Administrator Account Domain: Failure Information: Failure Reason: Account currently disabled. Status: 0xc000006e Sub Status: 0xc0000072 Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14435]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:12.270 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: ASPNET Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14436]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:12.582 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Brianna Account Domain: Failure Information: Failure Reason: Account logon time restriction violation. Status: 0xc000006e Sub Status: 0xc000006f Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14437]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:12.628 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Guest Account Domain: LAPTOP1-PC Failure Information: Failure Reason: The user has not been granted the requested logon type at this machine. Status: 0xc000015b Sub Status: 0x0 Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14438]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:12.816 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14439]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:16.872 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14440]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:17.028 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Administrator Account Domain: Failure Information: Failure Reason: Account currently disabled. Status: 0xc000006e Sub Status: 0xc0000072 Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14441]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:17.074 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: ASPNET Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14442]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:17.262 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Brianna Account Domain: Failure Information: Failure Reason: Account logon time restriction violation. Status: 0xc000006e Sub Status: 0xc000006f Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14443]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:17.293 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Guest Account Domain: LAPTOP1-PC Failure Information: Failure Reason: The user has not been granted the requested logon type at this machine. Status: 0xc000015b Sub Status: 0x0 Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14444]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:17.449 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14445]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-26T21:08:20.141 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-21-95786322-3910057392-393681453-1001 Account Name: Thomas Account Domain: LAPTOP1-PC Logon ID: 0x3adb8 Logon Type: 4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0xedc Caller Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14446]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:30:08.145 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 11 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: LAPTOP1-PC Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000010b Sub Status: 0x0 Process Information: Caller Process ID: 0x518 Caller Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14447]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:31:33.666 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 11 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: LAPTOP1-PC Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000010b Sub Status: 0x0 Process Information: Caller Process ID: 0x348 Caller Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14448]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T19:33:42.140 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 11 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: LAPTOP1-PC Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000010b Sub Status: 0x0 Process Information: Caller Process ID: 0x15ac Caller Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14449]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T21:11:33.533 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 11 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: LAPTOP1-PC Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000010b Sub Status: 0x0 Process Information: Caller Process ID: 0x1510 Caller Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event[14450]: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2009-05-27T21:15:10.345 Event ID: 4625 Task: Logon Level: Information Opcode: Info Keyword: Audit Failure User: N/A User Name: N/A Computer: Laptop1-PC Description: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: LAPTOP1-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 11 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: Thomas Account Domain: LAPTOP1-PC Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000010b Sub Status: 0x0 Process Information: Caller Process ID: 0xd88 Caller Process Name: C:\Windows\System32\consent.exe Network Information: Workstation Name: LAPTOP1-PC Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: CredPro Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested The image was helpful, thanks.
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2009 7:20am

Quickly scanning through, here arethe errors I see so far:Account logon time restriction violation. (5 events)Unknown user name or bad password. (8 events)Account currently disabled. (2 events)The user has not been granted the requested logon type at this machine. (2 events)An Error occured during Logon. (5 events)
May 28th, 2009 7:56am

Okay, I'm going back over and gathering more info:Administrator - Account currently disabled.ASPNET - Unknown user name or bad password.Brianna - Account logon time restriction violation.Guest - The user has not been granted the requested logon type at this machine.Thomas - Unknown user name or bad password.So whichever account you're using, that account needs to be one of the following: Enabled Added Time unrestricted EDIT: It looks like the account Thomas is first called by Explorer.exe using a Logon Type 4 (Network) and followed by Administrator and ASPNET.
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2009 8:05am

Also, when you said you made it so you don't need a username/password, where exactly did you do so? Because I only recall anonymous network access to public folders, unless youallow everyone's permissions to apply to anonymous users:Network access: Let everyone's permissions apply to anonymous users This policy controls the access that anonymous users have once connected. In previous versions of Windows, anonymous users were provided with the SID for the Everyone group on the authentication token, allowing them to access everything that the Everyone group had access to. In Server 2003, the default configuration is to remove the Everyone group SID from the token generated for an anonymous user. This provides added protection for anonymous users attempting to access resources. Once this policy is set, anonymous users will only be able to access resources for which the anonymous user has been explicitly given permission.http://www.windowsecurity.com/articles/Anonymous-Connections.htmlThese are the only advanced sharing options I see:
May 28th, 2009 8:31am

The Administrator and ASPNET accounts were standard accounts when I installed Windows 7. I've left the Administrator account disabled (and ASPNET in its current state). Additionally, Brianna (Standard Account) used to have time restrictions, but they were removed a few days ago. I've used the account Thomas (Administrator Account) to try and access the drive, and I've still gotten that error message. And as for the Advanced sharing connections, here are my settings: Network discovery: On File and printer sharing: On Public folder sharing: On Media streaming: Off File sharing connections: Use 128-bit encryption Password protected sharing: Off HomeGroup connections: Allow Windows to manage homegroup connections I'll read up on that security article you gave me, too.
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2009 6:04pm

Okay, I read that article, and I'm not really sure how it applies to me...Should I create an "Anonymous" group on the host computer, rather than just the original "Everyone?"
May 28th, 2009 6:21pm

If both computers are running Windows 7, I would just go ahead and use a HomeGroup and add the drive to one (or more) of my libraries. Otherwise, you'd have to set anonymous access to the everyone group using a security policy (or even better, createan accounton the computer which then can be set/scripted to auto-logon to the share).
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2009 9:31pm

God, all this for a networked drive? Isn't Windows 7 supposed to be user friendly? I'm sure what I'm trying to do isn't that out of the ordinary, so it's odd that I'm having so much trouble. I'm trying to use this drive to backup all my computers in my home. I don't think the HomeGrouping thing will work for what I'm trying to do...or will it? And how would I go about setting anonymous access to the everyone group? That sounds like the best option for me.
May 28th, 2009 9:35pm

In the past I've just used one-task accounts for backup, e.g., BackupUser/somepass on the computer hosting the backupsand then just set the program to use the account (with the drive sharedonly for that account). If the program doesn't allow username/passwords you can just make a logon script that sets it:net use Z: \\backup-pc\backup/user:BackupUser "somepass"EDIT: What backup software are you planning to use anyway?EDIT2: Windows Backup allows for a username/password. EDIT3: Just found some documentation stating that the Guest account must be enabled to use "Password protected sharing: off" feature. Although, I'd still just use a username/password on the remote machine and have the program specify credentials as you're not blowing all your security right out the door.
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2009 9:46pm

Well, in order to even use password protected sharing, I would have to be able to first access the drive itself, which isn't even available now. Correct?And I am using Windows Backup, and since I turned off password protected sharing, I just used the logon credentials for the account on the remote computer. That's what Windows Help recommneded if I didn't have anything else to use...
May 29th, 2009 12:14am

It's forcing all connections through the guest account, which is disabled by default. I'd just turn password protected sharing back on and create a new account on the other machine just for backup.
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2009 12:54am

Alright, I'll try this and let you know of my result.
May 29th, 2009 2:04am

It worked! I added a password protected Administrator account to the host computer, logged onto the remote computer (with the same username and password), and it authenticated flawlessly. Thank you so much for your help; it has *really* been appreciated. Now, off to search the forums for another issue I'm having... Thanks again!
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2009 2:15am

It's stunning to read this log in regards to this issue. Windows really dropped the ball in regards to external drive backups. Why didn't they use the easy-to-use feature from the now-dead OneCare?
June 27th, 2010 6:19pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics