Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Software
Register

Reply
 
LinkBack Thread Tools
Old 22.01.2004, 15:06   #1
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Lightbulb Windows XP: User Name field is disabled when connecting to shared resource

If you are trying to connect to shared network resource in Window XP and dialog box with disabled User Name field is appearing and all you can do is type password, you must read microsoft article below.

Managing Network Authentication

An increasing number of Windows XP Professional–based systems are connected directly to the Internet and participate in home or small business networks rather than in domains. In order to simplify the sharing and security model used in these non-domain environments, network logons performed against unjoined Windows XP Professional–based computers are automatically mapped to the Guest account by default. This simplifies the sharing of resources in home or small business networks by eliminating the need to synchronize user names and passwords across all computers in the network. Authenticating users logging on to the network as Guest can provide an additional measure of security for computers connected to the Internet by eliminating the ability to access the computer remotely by using administrative credentials.

Forcing network logons to authenticate as Guest does not affect the following:
  • Interactive logons. In addition to console logons, this also includes remote access sessions using Terminal Services or Telnet, which are essentially "remote" occurrences of interactive logon sessions.
  • Computers that are joined to a domain. This is not the default for Windows XP Professional–based computers that are joined to a domain because the domain provides single sign-on capabilities for all computers that are in the domain.
  • Outbound connections. The authentication and access control settings of the computer that you are attempting to access govern outbound connections.
While forcing network logons to authenticate as Guest can simplify the sharing of resources, it does not expose the detailed access control permissions that Windows XP Professional is capable of and that many advanced users might want. For example, requiring all users to authenticate as Guest means that all users must be granted the same level of permissions to the same resource. You cannot grant Alice Read-only access to one share while granting Bob Modify access to the same share, because both Alice and Bob authenticate as Guest user.

Note
  • When Guest-only network logons are being used, Read-only and Modify are the only permissions that can be granted to shared files.
This also means that the actions performed remotely by Alice and Bob cannot be individually audited.

To ensure that remote administration of domain-based computers running Windows XP Professional is possible, you must include a domain-based account in the local administrators group.

You can use the Group Policy snap-in to select between the Classic and Guest-only security models that regulate the use of the Guest account and sharing behavior for Windows XP Professional in stand-alone and workgroup environments. The Classic model allows you to have explicit control over access to resources. Using the Classic model, you can grant different users different types of access to the same resource.

To select the Classic security model
  1. In Microsoft Management Console, open Group Policy and navigate to the Security Settings container. The file path is Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
  2. Double-click Network access: Sharing and security model for local accounts, and then click Properties.
  3. Select Classic - local users authenticate as themselves, and then click OK.
The alternative policy setting, Guest only – local users authenticate as Guest,requires all users to be treated equally — that is, all users authenticate as Guest and thus receive the same level of access to a given resource. When the computer is not joined to a domain, this setting configures the file sharing and security tabs in Windows Explorer to correspond to the sharing and security model in use.

Caution
  • When using the Guest-only model, any user who can access your computer over the network (including anonymous Internet users) will be able to access your shared resources. Therefore it is important to have a firewall or similar device to protect your computer from unauthorized access. Similarly, when using the Classic model, it is important that local accounts be password protected; otherwise those user accounts can be used by anyone to access shared system resources.
Sharing Files and Folders Under the Guest-Only Option

The Guest-only security model is designed to simplify many details of security management for users, including the procedures used to share files and folders. This is apparent on the Sharing tab of a folder's Properties page. When the Guest-only security model is used, the Sharing tab has only three options:
  • Share this folder on the network. Allows Everyone Read permissions on the folder and its contents.
  • Share name. The name of the share on the network.
  • Allow other users to change my files. Allows Everyone Full Control permissions on folders and Change permissions on files.
You can create a share at the root of the system drive; however, the default sharing model does not change the file permissions on shares created there. The Everyone group only has Read permissions on the root of the system drive, so sharing the root does not provide sufficient permissions for performing the majority of tasks associated with remote administration.

For more information about using the Home Network Wizard to enable the Guest account for sharing files and folders, and ensuring that the personal firewall is properly configured, see Windows XP Professional Help and Support Center and "Connecting Remote Offices" in this book


Source: http://www.microsoft.com/technet/tre...d_sec_givt.asp
Reply With Quote
Reply

Thread Tools


На правах рекламы:
реклама

All times are GMT. The time now is 18:25.


Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.