I can map a network drive using appropriate credentials, but access is denied (defaulting to local account for browsing)
I've got a laptop running XP SP3. If I log in locally to the laptop and try to map a network drive from a server on my network, it prompts me for a username and password which I supply and then the drive is mapped. The problem is that when I click on the new drive, I get an access denied message. It is trying to connect to the share with my local account which does not have access privileges. Previously it would prompt me for a username and password, but apparently I changed some security settings and it doesn't do this anymore.The same thing happens if I use the net use command. I can map the drive by supplying an appropriate username and password, but I can't browse it in windows explorer. I would really like to understand the setting that controls whether you get a prompt when accessing a resource over the network. I believe it is related to the security policy setting for Network Access: Sharing and security model for local accounts. I've played with that a bit, but to no avail. I realize that I could probably add an account with the same username / password as my local account to the server and give it access to my shared folder. I do not want to do this. I've got several users that share the laptop and have access to the local account (I realize this is not ideal, but it is unavoidable at the moment). I do not want them to have access to this network share. Can anyone help me get my login prompt back? I've been searching google for the last 2 days trying all kinds of suggested solutions, but I was unable to find one that works. 1 person needs an answerI do too
October 29th, 2010 3:48pm

Hello,Please run through this article and let me know if it is of any use to you regarding the tricky situation you are in.http://support.microsoft.com/kb/301281 . If this article does not serve any purpose to you, please revert back. Thank you.
Free Windows Admin Tool Kit Click here and download it now
October 30th, 2010 4:22am

The missing piece of information needed is whether the Server computer is running XP Pro or XP Home and if it is running XP Pro, whether Simple File Sharing is enabled or disabled. Since you claim it used to work when you authenticated, I must assume that at the time you could authenticate the server is XP Pro with Simple File Sharing disabled (Simple file sharing is always enabled with XP Home). The symptoms you describe are symptomatic of Simple File Sharing being enabled. When Simple File Sharing is Enabled, every network connection authenticates as the "Guest" user no matter what username or password you supply. Your first step is to make sure that Simple File Sharing is disabled:"How to disable simple file sharing and how to set permissions on a shared folder in Windows XP" < http://support.microsoft.com/kb/307874 >Assuming Simple File Sharing is disabled then, IIRC, authentication proceeds like this:If your login username exists on the remote server and passwords match, then access is granted as that user.else if login username exists but passwords don't match, access is denied.else if server Guest account is active, you connect as Guestelse if server Guest account is not active, you are asked to provide username/password authentication.Note the difference between Guest account being "active" vs "enabled". The command "net user Guest" will show active status.The following document may provide some insight (see page 6):" File and Printer Sharing with Microsoft Windows"< http://www.microsoft.com/downloads/en/details.aspx?FamilyID=87C0A6DB-AEF8-4BEF-925E-7AC9BE791028&displaylang=en >HTH, JW
October 31st, 2010 1:37am

The knowledge base articles above do not help me with this problem. The "server" is running Windows 2003 Server OS, but that is irrelevant. The problem is client side. I've got some XP clients that prompt me for a username and password and some that just get an access denied error. I've tried with simple file sharing enabled and disabled and with the guest account active and not active (on the client) and the result is always the same from some clients. There must be some other setting that is preventing me from getting a password prompt. I just can't figure out what it is.
Free Windows Admin Tool Kit Click here and download it now
November 1st, 2010 9:37am

Simple file sharing should only matter on the server side, not the client side, so this is obviously not the problem.The only other explanation that I can come up with is that there was already an existing connection to the server from the client side under different credentials. Microsoft networking has a [big] restriction that one,and only one , set of authentication can be used at any one time between a client to a server. This means that if there is an existing connection to a server as user "Guest", and then you try to connect with any other user/authentication, that new authentication attempt will be ignored/aborted, falling back on the existing Guest authentication with no error message issued.If this is the case, before you try to connect to the server, bring up a command prompt window and issue the command: net useThis will list your current network connections. If you see that the client machine already has a connection to the desired server, then enter the command: net use <server> /delwhere <server> is replaced with the connection info from the first "net use" command to terminate the current connection before you attempt to re-establish a connection with a different set of credentials. The symptoms all seem to fit ... I hope this is your problem. Likewise, you should delete your privileged user connection when you are done in order to prevent the next user from piggy-backing on your authentication.HTH, JW
November 2nd, 2010 2:26am

Wunders, that's a good guess, but unfortunately this is not what is happening. If there is an existing connection already I get a message telling me that there is only one connection allowed per user, not an access denied message. I get denied even when net use shows no existing connections. Howerver, I have a better problem statement now. If I start with a clean boot, net use shows no existing connections on the client and the server. I am logged on locally to the client workstation. I open windows explorer and browse to the share. I get a login prompt. At this point I jump to the server and look at the security log. It shows that I have made several attempts to connect with a local username and these have been denied. I then jump back to the client and type in a username and password with access to the share. I jump back to the server and see a successful login in the security log. I jump back to the client and try to actually browse the share. The client computer gives me an error saying that the share is not accessible. You might now have permission to view this network resource....yada, yada, yada. I try to browse multiple times getting the same message every time. I jump to the server, it shows no attempts to login. Only that last successful login. Net use shows the connection on the client, but whenever I try to browse it, I get the access denied message. For some reason the client side is giving me an access denied error without checking into the server.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 9:04am

Too bad... I was hoping that was the problem. But at least it now asks you for a username/password :-)Apart from that, you might look to be sure that NetBios-over-TCP (NetBT) is enabled on the client. Disabling this forces a direct hosting of SMB which sometimes has problems."Direct hosting of SMB over TCP/IP"< http://support.microsoft.com/kb/204279 >Your latest observations seem to point to an initial connection followed by either difficulty connecting further or perhaps you did not authenticate as you expected. Some quick tests I made showed that if you connect using TCP/IP address instead of computer name and fully specify everything including username scope in a "net use" line, it significantly reduces network traffic needed to establish a connection. As a test on a client, from a command prompt, try a syntax such as: net use * \\192.168.1.10\share /user:192.168.1.10\username passwordWhere "192.168.1.10" is the IP address of the server, "share" is the name of the share you desire to connect to, and "username" is the local user on the server machine to which you are authenticating. If you are using domain credentials, substutite the domain name for "192.168.1.10" in the "/user:" portion. If you are authenticating to a server local account from a graphic username/password prompt, try including the computer name along with the user name in the user name box as in computername\username. If this doesn't work, and unless there is really something wrong with the access permissions, I'm out of ideas.Best of Luck, JW
November 3rd, 2010 2:26am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics