Re: Windows File Sharing: Facing The Mystery

funkym0nk3y join:2002-06-27	reply to bcastner Re: Windows File Sharing: Facing The Mystery that snakefoot site is awesome, bookmarked!
	to forum · permalink · · 2005-04-07 13:52:02 ·
psloss Premium join:2002-02-24 Alpharetta, GA	reply to bcastner said by bcastner : This has nothing to do with whether the "Guest" account is enabled, but Group Guest. Your decision to enable the Guest account is a decision about a local console logon, not remote access. I assume you mean the group "Guests" (plural), right? The distinction being that both are "well known" SIDs, where "Guest" has an RID of 501 and "Guests" has an RID of 514. Also, aren't there two "types" of disabling for the Guest account in XP? One from the "User Accounts" control panel applet and the other being the way that accounts have always been enabled/disabled in NT? (viz: "net user Guest active:no") Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2005-04-07 11:43:27 ·
bcastner Premium,VIP,MVM join:2002-09-25 Chevy Chase, MD clubs: ·Verizon Online DSL	reply to Daniel Dave above makes some great comments, so let me ammend slightly one section above" "There is another wrinkle to user-level authentication, and that is 'guest access'. Windows may choose to allow unknown users to log in as user Guest for network accesses. This is generally a bad thing in my opinion. The Guest account is disabled by default in Win2000 and XP Pro, and you should only enable it if you understand the security ramifications. Rumour says it's on by default in XP Home." It is no rumour, XP Home is enabled only for the "Simple File sharing" model, XP Pro is by default but can be changed in the Folder, View option of the GUI. This has nothing to do with whether the "Guest" account is enabled, but Group Guest. Your decision to enable the Guest account is a decision about a local console logon, not remote access. There was raised by others a concern about how port 139 versus 445 were handled. At the moment essentially the client needing a session makes requests on both, and maintains any session on the first to reply. You can influence this: By standard both port 139 and 445 are open to get the highest degree of compatibility. A client will try to request on both ports and continue the communication on the port which responds first. To disable SMB use of Netbios port 139 (Forces use of port 445): . On the Start menu, point to Settings, and then click Network and Dial-up Connections . Right-click Internet facing connection, and then click Properties. . Select Internet Protocol TCP/IP and select Properties . Click Advanced and select the WINS tab . Tick Disable NetBIOS over TCP/IP and click Ok To disable SMB use of port 445 with this DWORD (Forces use of port 139): [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \NetBT \Parameters] SMBDeviceEnabled = 0 To disable SMB use of port 139 and 445 (Disables nbt.sys driver): Right-click My Computer on the desktop, and then click Manage. Expand System Tools, and then select Device Manager. Right-click Device Manager, point to View, and then click Show hidden devices. Expand Non-Plug and Play Drivers. Right-click NetBios over Tcpip, and then click Disable. To disable SMB completely: On the Start menu, point to Settings, and then click Network and Dial-up Connections Right-click Internet facing connection, and then click Properties. Select Client for Microsoft Networks, and then click Uninstall. Follow the uninstall steps. Select File and Printer Sharing for Microsoft Networks, and then click Uninstall. Follow the uninstall steps. (My thanks to "Snakefoot" and his remarkable site: »snakefoot.fateback.com/tweak/win···_NETBIOS )
	to forum · permalink · · 2005-04-07 11:18:24 ·


Saturday, 28-Nov 02:13:46	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF