XP network problem

Here's my problem.
Four PC's, two hard wired, two wireless connected via a Linksys router. All
running XP.
The two woreless connections are fine. One hard wired connection is fine.
The problem is with the second hard wired PC ( call it PC "A" ).

If I attempt to browse PC "A" from any other machine I get "You dont have
necessary permisions etc". But if I go to PC "A" I can browse all the other
PC's on the network and connect to the internet. So its only a problem in
one direction. Also worth noting that the connection worked fine until a
few weeks ago, but I'm not aware of any changes that would have disturbed
the network settings.

I've tried disabling the firewall ( Zomealarm free ), checked all my shared
settings, tried disabling shares and then re-enabling them. I've studied
various docs on MS Support and the popular networking web pages and followed
every instruction I can find but still without success. I can only think
that there are settings in the registry that are incorrect. But can't find
them. Really stumped with this one.

Appreciate any ideas on what to try next.
Thanks.

"AMC" <(E-Mail Removed)> wrote in message
news:ypmff.650$(E-Mail Removed)...
> If I attempt to browse PC "A" from any other machine I get "You dont have
> necessary permisions etc".

What are you trying to access on PC A?
What happens if, from PCB, you click on start, run, type \\PCA and click ok?

Sorry, should have made that clear.
I'm trying to axxess shared folders on PC A from any other on the network.
I tried "//<IP address of PC A >" and got the same message "\\<ip address>
is not accessible. You might not have permission to use this network
resource. Contact the administrator of this server to find out if you have
access permissions"

Andrew


"~Gifted~" <~(E-Mail Removed)~> wrote in messag

e news:(E-Mail Removed). uk...
>
> "AMC" <(E-Mail Removed)> wrote in message
> news:ypmff.650$(E-Mail Removed)...
>> If I attempt to browse PC "A" from any other machine I get "You dont have
>> necessary permisions etc".
>
> What are you trying to access on PC A?
> What happens if, from PCB, you click on start, run, type \\PCA and click
> ok?
>

On Fri, 18 Nov 2005 15:27:26 GMT, "AMC" <(E-Mail Removed)>
wrote:

>I've tried disabling the firewall ( Zomealarm free )

This software is a bugger to disable/uninstall. Check, that when it is
disabled, that none of its services are still running. I have heard of
them still running after an uninstall and causing problems.

--
Cheers,

Guy

** Stress - the condition brought about by having to
** resist the temptation to beat the living daylights
** out of someone who richly deserves it.

In article <ypmff.650$(E-Mail Removed)>,
(E-Mail Removed) says...
> Here's my problem.
> Four PC's, two hard wired, two wireless connected via a Linksys router. All
> running XP.
> The two woreless connections are fine. One hard wired connection is fine.
> The problem is with the second hard wired PC ( call it PC "A" ).
>
> If I attempt to browse PC "A" from any other machine I get "You dont have
> necessary permisions etc". But if I go to PC "A" I can browse all the other
> PC's on the network and connect to the internet. So its only a problem in
> one direction. Also worth noting that the connection worked fine until a
> few weeks ago, but I'm not aware of any changes that would have disturbed
> the network settings.
>
> I've tried disabling the firewall ( Zomealarm free ), checked all my shared
> settings, tried disabling shares and then re-enabling them. I've studied
> various docs on MS Support and the popular networking web pages and followed
> every instruction I can find but still without success. I can only think
> that there are settings in the registry that are incorrect. But can't find
> them. Really stumped with this one.
>
Have you enabled the guest account on PC "A"?

AMC wrote:
> Here's my problem.
> Four PC's, two hard wired, two wireless connected via a Linksys router.
> All
> running XP.
> The two woreless connections are fine. One hard wired connection is fine.
> The problem is with the second hard wired PC ( call it PC "A" ).
>

Copy and pasting this, it has come to the rescue many times..........

This is in some cases caused by a registry setting named RestrictAnonymous.
Go to the computer which you cannot access, start a registry editor and
change the following registry value.

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Control
\Lsa
Value name: RestrictAnonymous
Value type: DWORD

If the value is 1 or even 2, change it to 0, reboot and retest. If the
problem is solved, leave the value at zero. If not, you can change it back
if you like.

Check immediately afterwards and again after a reboot, whether the value
changes back to non-zero on its own. If that happens, then you have to find
the culprit, which can be spyware, a worm, or a badly designed security
program. In this case this procedure most likely solved your problem, but
then the bad software stepped back in and recreated the problem.

In this case you can try to disable running programs and services and retry
until you find out which one is responsible. Or you could try to download
and run RegMon from www.sysinternals.com. In RegMon set a filter for the
registry value in question (or wade through all the registry accesses), set
the problem value to zero, then observe which program accesses it and
changes it back to 1. Locate that program and uninstall it. And please don't
forget to report the bad program here, so we can get a list of offending
programs.

Two known Trojans that change this value (and also some network access
policies) call themselves mcafee32.exe and msconfg.exe, trying to pose as
the antivirus program of that name or as a Microsoft configuration program
module.

2005-05-17 - Peter Kavanagh wrote: Offending malware was either Gaobot.EDJ
variant or Wupd spware in file sdasd.exe, both of which had to be removed.

2005-11-18 - Justin T wrote: I found that System Mechanics Pro 6 changes
these settings to 2 as it thinks it is a security flaw.

Apart from this advice, this web page cannot help you any further, so you
can stop reading at this point. You have to remove the bad software first.

Background: RestrictAnonymous controls whether null sessions, sessions that
work without any authentication and use the permissions of the groups
Everyone and NETWORK, are allowed (value 0) or disallowed (value 1). The
value 2 is obsolete for Windows XP.

Don't mistake this for the value named restrictanonymoussam, which controls
null session SAM account name listings.

For some time I asked for the results of this procedure and recorded an 80%
success rate in 2005.

Thanks. That has cleared the problem. I'll monitor for any change to the
value setting and should that happen I'll follow your advice and track down
the offending program.

Thanks again for your help.

Andrew

"Gaz" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> AMC wrote:
>> Here's my problem.
>> Four PC's, two hard wired, two wireless connected via a Linksys router.
>> All
>> running XP.
>> The two woreless connections are fine. One hard wired connection is
>> fine.
>> The problem is with the second hard wired PC ( call it PC "A" ).
>>
>
> Copy and pasting this, it has come to the rescue many times..........
>
> This is in some cases caused by a registry setting named
> RestrictAnonymous. Go to the computer which you cannot access, start a
> registry editor and change the following registry value.
>
> HKEY_LOCAL_MACHINE
> \SYSTEM
> \CurrentControlSet
> \Control
> \Lsa
> Value name: RestrictAnonymous
> Value type: DWORD
>
> If the value is 1 or even 2, change it to 0, reboot and retest. If the
> problem is solved, leave the value at zero. If not, you can change it back
> if you like.
>
> Check immediately afterwards and again after a reboot, whether the value
> changes back to non-zero on its own. If that happens, then you have to
> find the culprit, which can be spyware, a worm, or a badly designed
> security program. In this case this procedure most likely solved your
> problem, but then the bad software stepped back in and recreated the
> problem.
>
> In this case you can try to disable running programs and services and
> retry until you find out which one is responsible. Or you could try to
> download and run RegMon from www.sysinternals.com. In RegMon set a filter
> for the registry value in question (or wade through all the registry
> accesses), set the problem value to zero, then observe which program
> accesses it and changes it back to 1. Locate that program and uninstall
> it. And please don't forget to report the bad program here, so we can get
> a list of offending programs.
>
> Two known Trojans that change this value (and also some network access
> policies) call themselves mcafee32.exe and msconfg.exe, trying to pose as
> the antivirus program of that name or as a Microsoft configuration program
> module.
>
> 2005-05-17 - Peter Kavanagh wrote: Offending malware was either Gaobot.EDJ
> variant or Wupd spware in file sdasd.exe, both of which had to be removed.
>
> 2005-11-18 - Justin T wrote: I found that System Mechanics Pro 6 changes
> these settings to 2 as it thinks it is a security flaw.
>
> Apart from this advice, this web page cannot help you any further, so you
> can stop reading at this point. You have to remove the bad software first.
>
> Background: RestrictAnonymous controls whether null sessions, sessions
> that work without any authentication and use the permissions of the groups
> Everyone and NETWORK, are allowed (value 0) or disallowed (value 1). The
> value 2 is obsolete for Windows XP.
>
> Don't mistake this for the value named restrictanonymoussam, which
> controls null session SAM account name listings.
>
> For some time I asked for the results of this procedure and recorded an
> 80% success rate in 2005.
>
>

AMC wrote:
> Thanks. That has cleared the problem. I'll monitor for any change to the
> value setting and should that happen I'll follow your advice and track
> down
> the offending program.
>
> Thanks again for your help.
>
> Andrew
>

Apologies for not given the proper credit for this tip:

http://www.michna.com/kb/wxnet.htm

an excellent site, going through many, if not all of the windows network
problems, has gotten me out of one or two scrapes, if you where doing it is
a job and made some money out of it, donate the guy who runs the site, a £5,
he has a paypal link, and deserves it.

Gaz