[rmidanm]

Frustrated here, but maybe it's something obvious i'm overlooking.
We have a LAN (Win NT 4.0) that has RAS dial in service on it. Sales personnel use it to dial into to obtain a dialup internet connection when out on the road. They use their network id & password. The problem is they cannot view the shared files/folders on the servers. I know in years past they could do this (prior to my time). I've checked the box on the RAS option 'view all of network' vs 'view only this computer'.
What am I missing??

Most dialin users are using XP machines to dial in.

[rmidanm]

Thanks for the quick reply.
1. Machines on our LAN don't neccesarily have rights--we use static IP #'s. However users do, and have checked and double checked permissions here. Some of those users have full write/delete/edit permissions on those folders.

2. Checked permissions--looks ok.

Still stumped. Obviously, probably something so simple i'll look like an idiot--although who's to say i'm not!!

[rmidanm]

Nope, a 'domain'.

[rmidanm]

Hmmm.
Windows File & Printer Sharing client.

I'm not finding it on our NT4.0 server machine...

[rmidanm]

Hmm.. Cannot even find it as a service to add. ???

PS. I need a new job! One that requires working with chiseling messages in stone, rather than working with computers!

[rmidanm]

Win NT4.0 Network config looks nothing like that list. Still no 'client for microsoft networks' listed.


Here's a snapshot of my Win NT4.0 list

http://www.roofrmi.com/images/view01.bmp

I will try the firewall on the XP machines though.

[rmidanm]

Thanks for your persistance in this! Everyone with dialup is out for most of the rest of the week, so probably wont be able to do much until next week.

Here's a thought: We use several XP workstations on the LAN--no problem with them, but they are connected via ethernet cable. Even the XP machines that do dial up are fine when on site and 'hard wired' via ethernet. The problem comes into play when they are doing dialup. I'm wondering... the XP users can't log onto the 'network' while unplugged, so perhaps they aren't getting 'authorization?' somehow. Then they dial-up and get an internet connection (which i believe is granted even to 'guest' users), some part of NT/Exchange authorizes the dialin, but another part is not authorizing them, because they never 'logged into' the network when they booted up. (maybe this is oversimplification)

[rmidanm]

Quote:

What do you mean by this, 'unplugged'?

when they boot up remotely, the '3rd' line on the log in box shows either 'this computer' or 'network'. obviously, they cannot log onto the network, because they haven't dialed up yet, so they probably choose ' this computer'.

Quote:

Are these dialin RAS users part of valid usergroups on the NT 4.0 domain?

Yes they are, otherwise they couldn't even dial in.

[rmidanm]

Quote:

You have probably set restrictive Local Group Policy, that is causing this, most likely in the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options path.

Where are these settings at? Regedit? have tried wading through those, and not found this string/path.

[rmidanm]

This post is mostly me thinking aloud here, perhaps it will trigger something ??? in my mind or others??

OK, actually sitting down at a pc that has both ethernet card & modem (rather than the other users laptops) and thinking about this, trying a few things, heres my thought.

1): workstation boot up plugged into network via ethernet. works fine--can see entire network, etc. the login at bootup has the 3 lines (username, password, domain).

2): workstation boot up UNplugged ethernet cable (as If i was remotely located and going to dial up), I have the three lines (username, password, domain), BUT obviously when the domain is entered here, the msg pops up 'domain not available' so by default the log on is logged onto 'this computer'. NOT being 'autheniticated' by the network (makes sense, since there's no connection). So, now, once logged onto 'this computer', I do the dialup, and have internet connection, but have never 'logged onto the domain'.

If I remember correctly, this was never a problem UNTIL we got the XP laptops.


OK, back to looking at settings etc. on XP machine.

[rmidanm]

One step closer.

ok, there was a box unchecked in the dialup properties for 'windows logon domain', and after double checking the file & print share client on the XP workstation, I now have this on dialup:

http://www.roofrmi.com/images/xpdialup.bmp

can see the 'network' icon, but cannot expand it, or browse it.

However, staying logged onto 'this computer' (NOT doing a reboot nor 'logging onto domain'), disconnecting modem, and plugging in ethernet, and clicking on rmihq network, i get a popup box with login and password... entering appropriate info, I can browse network

http://www.roofrmi.com/images/xpcable.bmp

So, as a result, i'm thinking, why don't i get the popup logon box when trying to expand the network via dialup?

[Wilhelmus]

Quote:

You have probably set restrictive Local Group Policy, that is causing this, most likely in the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options path.

Where are these settings at? Regedit? have tried wading through those, and not found this string/path.

Start->Run: "gpedit.msc"

<edit>
It starts Local Group Policy Editor.
</edit>

[rmidanm]

"Cannot find 'gpedit.msc'(or one of its components). Make sure the path and file name are correct and that all required libraries are available."

(this is on the Win NT 4.0 server, not the user XP workstation, correct?)

[rmidanm]

Ok, this is on XP machine, not server.

Found one 'digitally signed server' thing that was enabled. Disabled it. reboot. still no change.

Any final thoughts from anyone before I issue this statement to staff?:

"Effective immediately, due to increased threat of security with our current software, shared files and folders will NOT be accessable from outside of the physical facilites. Please make adjustments accordingly."

I think this is probably the best fix for now. Gets the issue off my back and onto others to push for updated server software.

[rmidanm]

Yeah, it has to be something simple. Just don't know what. Could have missed something in the gpedit settings possibly.

[rmidanm]

Haven't had much time to get back to addressing this issue, but perhaps one of you who is much more versed in NT things could look at the gpedit settings for this current workstation that i keep tweaking to see if I can get in.
http://www.roofrmi.com/images/gp1.bmp

http://www.roofrmi.com/images/gp2.bmp

http://www.roofrmi.com/images/gp3.bmp

Thanks for all your help to date.

[rmidanm]

Have been out for a week, so I hadn't had time to get back to this issue, except for getting everyone on board to move to server 2003. It is going to happen in the near short term, so thats a good thing!