share access XP

13 Jan
Posted on Author swildow

http://www.michna.com/kb/wxnet.htm

You have both the following symptoms:

* You can ping the computer by IP and by name.
* When you type on another computer, replacing computername with the name of the inaccessible computer:

You have both the following symptoms:

* You can ping the computer by IP and by name.
* When you type on another computer, replacing computername with the name of the inaccessible computer:

net view \\computername

you get one of the various “Error 5” error messages, like “System error 5 has occurred. Access is denied” or “Error 5: You do not currently have access to this file. …” (However, other commands, like

net use Z: \\computername\sharename

or typing the full network path into Windows Explorer may work.)

This can be caused by a registry setting named RestrictAnonymous. Go to the computer which you cannot access, start a registry editor and change the following registry value.

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Control
\Lsa
Value name: RestrictAnonymous
Value type: DWORD

If the value is 1 or even 2, change it to 0, reboot and retest. If the problem is solved, leave the value at zero. If not, you can change it back if you like.

Check immediately afterwards and again after a reboot, whether the value changes back to non-zero on its own. If that happens, then you have to find the culprit, which can be spyware, a worm, or a badly designed security program. In this case this procedure most likely solved your problem, but then the bad software stepped back in and recreated the problem.

In this case you can try to disable running programs and services and retry until you find out which one is responsible. Or you could try to download and run RegMon from www.sysinternals.com. In RegMon set a filter for the registry value in question (or wade through all the registry accesses), set the problem value to zero, then observe which program accesses it and changes it back to 1. Locate that program and uninstall it. And please don’t forget to report the bad program here, so we can get a list of offending programs.

Two known Trojans that change this value (and also some network access policies) call themselves mcafee32.exe and msconfg.exe, trying to pose as the antivirus program of that name or as a Microsoft configuration program module.

2005-05-17