The Services Running On Your Computer

The various applications, and the many system processes that you see (and some that you don't) all depend upon a third group of programs, called services. Services run independently of who is logged in to a computer; most services start when the computer is started, not after login.

Windows Networking depends heavily upon half a dozen key services, and these services depend upon the presence of key networking components. Depending upon the role played by any computer, it may require some, or all, of these components and services, to work properly.

Most computers in a workgroup will be running as both a client and as a server. All computers using Windows Networking, and not using an alternate transport, should have:

Any computer accessing shared data runs as a client. All clients using Windows Networking should have: Any computer providing shared data runs as a server. All servers using Windows Networking should have:

Any computer accessing or providing shared data (and running as a client, or as a server) will require a computer running the "Computer Browser" service somewhere on the network, to browse for other computers and services, and to be visible to other computers browsing for its services. The "Computer Browser" service will only run on a computer that runs both the "Server" and "Workstation" services (and runs both as a client, and as a server).

If your LAN has a DHCP server (NAT router or dedicated server), and you want this computer to have automatic address assignments, make sure that the DHCP Client service is running - Started and Automatic. To provide networked access to the registry on any computer, and to allow browstat to access the registry, the Remote Registry service must be running. That service isn't available on computers running XP Home, making an "Error 53" normal, when running "browstat status".

When you have a problem with Windows Networking, and you've verified that all computers are physically and logically connected, run CPSServ on each computer, and compare the results from each. CPSServ will identify each key service, and tell you which ones aren't running. In some cases, this will provide clues to your problems.

>> Top

File Sharing On A LAN With Two Routers

File sharing on a LAN with a single segment (all computers connected to the same router) is fairly simple. Windows Networking uses Server Message Blocks (SMBs) broadcast between all computers. In most networks, SMBs are transported over IP.

  • Browser broadcasts help to advertise the existence of a computer to the others. This enables each computer to be displayed in My Network Places / Network Neighborhood.
  • Name resolution broadcasts help a computer find out the IP address of another computer. With Windows Networking transporting SMBs over IP, accurate and complete IP information is essential.

If you use Windows Networking in its native form, by opening My Network Places, and clicking on a server name, to see a list of its shares, you're using broadcasts. If you try to access a server by name, you're probably using broadcasts.

Now, you can't have every computer in the world broadcasting to every other computer. So, SMB broadcasts, by design, don't pass thru routers. One router = one subnet = one broadcast domain.

What if you need to have two or more routers on your LAN, but you need to have just one broadcast domain, so you can share files everywhere?

  • The primary router is to be next to the broadband modem, and you have to run a long cable to another room, with a secondary router, to connect wireless computers in there.
  • The primary router ran out of ports, so you used the secondary router to add capacity to your LAN.
  • It's simpler to run 1 cable elsewhere, and share that one cable using a router, than to run 2 (or more) separate cables from the primary router.
  • Your Internet service includes a modem that can only connect to the primary router. The primary router may be a computer running ICS.
  • The primary router is a wired router, and the secondary router is wireless.

In this example, you've got a pair of routers, and 4 computers. Router 1 is connected to your Internet service. Computers A and B, and Router 2, are all connected to Router1. Computers C and D are connected to Router 2. You have Computers A and B on their subnet (LAN 1), in one broadcast domain, and Computers C and D their subnet (LAN 2), in another broadcast domain.

That's a perfectly reasonable setup for Internet service, but it's not-so-great for file sharing. Computers A and B can see, and access each other. Likewise, Computers C and D can see and access each other. But neither Computer A nor B can see nor access C or D, and vice versa. It would be simpler if you would just get rid of Router 2, connect all computers to Router 1, and everything would be fine.

Maybe using 2 routers is something you just can't avoid, but nobody said that they have to both work as routers. What you do is only use Router 2 as a switch (or a WAP, if it's wireless) - you can still connect the computers to it, but Router 1 will be the only functioning router. It's a simple solution.

If you're lucky, and have a high end NAT router, your router may have a switch - maybe physical, maybe set in the router setup - that will put it into "Access Point Mode" or similar. Check your owners manual.

If not, you simply change the way the router is connected, and used.

In this exercise, the Router 1 LAN is, and the Router 2 LAN is

  • Don't connect the WAN on Router 2 to anything. Connect a LAN port on Router 1, and Computers C and D, as peers, to a LAN port on Router 2.
  • Disable the DHCP server on Router 2.
  • Change the LAN on Router 2 from, to (or any other address not in use, and not part of any DHCP scope).
  • Are you using DHCP on your LAN? If so, make sure that the DHCP server, on router 1, has a scope defined large enough to service all of the computers.
  • Restart each computer, so it gets a new IP address. This may always not be necessary with Windows XP / Vista, but be prepared to do this.

In a variant of this setup, Router 2 is distant from Router 1, and you won't be running Ethernet cables between the two. You'll configure Router 2 the same as in the above scenario, then put it into client mode connected to Router 1 by WiFi. Router 2 then becomes a WiFi bridge client, and provides service to Computers C and D, which connect to it by Ethernet.

And that's all you have to do. Router 1 is the only router (remember, the router has to sit between your LAN and the Internet, so that has to be Router 1). Router 2 still provides connectivity for Computers C and D, but it's working now as a switch (or WiFi AP). And all 4 computers - A, B, C, D - are now on the same broadcast domain, and the same subnet.

For another description of this solution, see DSLR Forums Using a Wireless Router as an Access Point (#11233)

>> Top

The Mysterious "Error = 5" aka "Access Denied"

Next to an "error = 53" ("name not found"), I don't know of too many diagnostic messages that can cause so much confusion or uncertainty in the heart of your desktop / network support tech.

An error = 5 ("0x80070005" in Windows Vista) message comes in a number of circumstances.

Unlike the "error = 53", however, the "error = 5" message can come from predictable situations. If you see "access denied" in these scenarios, your system is working as it's supposed to (or at least, as it's configured).

  • Look at the complete error message. Some well known, yet obscure, problems can be easily diagnosed, and resolved.
  • If your server is using Guest authentication, you'll get "access denied" for any activity that requires administrative access. This might be a registry retrieval in "browstat status", or any attempt to access a protected folder or share, such as (but not limited to) "C$", "C:\", "C:\Program Files", or "C:\Windows".
  • If your firewall is setup to block file sharing, you'll get "access denied".
  • If you just haven't configured file sharing to allow access to the account in question, you'll get "access denied".

The "error = 5" message can, alternatively, come from unpredictable situations.

Looking at the complete and exact text of the message may provide a clue. There are several variations on "...access denied".

  • If the name of a resource can't be translated to an address, for any reason, you'll see " not found...".
  • If the resource in question is setup to block you from accessing it, whether you agree with that or not, you'll see "...insufficient authority..." or the like.

>> Top

The Mysterious "Error = 53" aka "Name Not Found"

Next to an "error = 5" ("access denied"), I don't know of too many diagnostic messages that can cause so much confusion or uncertainty in the heart of your desktop / network support tech.

An error = 53 ("0x80070035" in Windows Vista) message comes in a number of circumstances.

The literal meaning of "name not found" is "I can't resolve the name of this host to an address". There are a number of possible reasons for this.

One of the most obvious is lack of physical connectivity between you (this host), and the target. Maybe that host doesn't even exist. How many times have you mistyped the name of a host that you're pinging? I've done that a few times.

I've been working with Windows Networking, and browser issues, for several years. I've come to associate "error = 53" ("name resolution") problems with several possible causes that don't come from either CKI or hardware faults.

  • Corrupted LSP / Winsock.
  • Firewall problem.
  • Registry settings.
  • Invalid node type.
  • Network components and services not started, or missing.
  • Excessive protocols.

The first three are identified only from experimentation. A corrupted LSP / Winsock is only diagnosed after its been fixed. Many times, you try everything, and I mean everything, to fix a problem. Sometimes you spend days, then somebody says "Try LSP-Fix". You run it, and that's the solution. But there are 5 possible solutions for the corrupted LSP / Winsock - LSP-Fix is just one of the 5, and not all 5 work every time.

A firewall problem you only identify after you disable a personal firewall (assuming it disables successfully, which does happen about 1/2 the time). The other half, you go thru the bit with everything else, and even try LSP-Fix and its siblings, to no avail. Then someone discovers a misconfigured or overlooked firewall, and the light goes on in your head. You un install a personal firewall, and your problems are gone.

Registry settings, which are designed for security, can cause many problems, including interfering with name resolution. Here the oddly ubiquitous restrictanonymous setting has been observed to cause problems.

Run "ipconfig /all". The value of Node Type will tell you if you have a problem. If the Node Type is "Peer-Peer", and you're on a small LAN (ie no DNS or WINS server), Peer-Peer won't work, though any other setting will, though with varying success.

Also in the log from "ipconfig /all", if you saw the line

NetBIOS over Tcpip. . . . . . . . : Disabled

you would hopefully know to correct that. But even if that line does not show, NetBT might not be enabled, and that will cause this symptom, "error = 53". Please, explicitly Enable NetBT, except for specific network conditions.

An "Error = 53", when referring to the master browser in a browstat log, can be caused by the Remote Registry Service not running on the master browser. Running a server with XP Home, as the master browser, is a bad idea - XP Home does not have the Remote Registry Service, as it does not provide for any administrative access thru the network.

Finally, if you spot IPX/SPX or NetBEUI protocols in a "browstat status" log, or IPV6 aka Advanced or Teredo Tunneling in an "ipconfig /all" log, you'll need to un install that - at least to diagnose the problem. Having unnecessary protocols will hamper name resolution. Name resolution is generally by broadcast - the computer sends out a message to all computers, thru all transports bound to that computer, asking what address the target computer is using. The computer has to wait for each transport to timeout, when no response is received, before trying the next transport, on each query.

Microsoft Unable to Reach a Host or NetBIOS Name discusses other possibilities.

>> Top

Problems With A Network Adapter Driver

A corrupt network adapter driver can cause a wide array of problems. Sometimes, it's just simpler to un install and re install the drivers for the network device.

  • Start Device Manager. From System Properties, on the Hardware tab, hit the Device Manager button.
  • Find the driver for the network adapter, right click on it, and choose Uninstall.
  • From the Device Manager menu, choose Action - Scan for hardware changes.
  • Restart system if suggested.

Unfortunately, you may not be able to do this until after you un install all protocols and transports bound to the network adapter.

  • From Local Area Connection (or whatever name you have assigned to the network adapter), right click and select Properties.
  • In the connection items list, select all protocols and transports, and hit Uninstall.
  • Restart the computer, and continue with the process above.

Depending upon the number of protocols and transports, and the network adapter, the un install may take several passes, with repeated re starting the computer. Be patient and persistent. And consider that you may have to deal with LSP / Winsock corruption, if that's not why you're doing this, already.

Server Functionality Affected By IRPStackSize

Occasionally, you may try to connect to a server, and get a mysterious error message

Not enough server storage is available to process this command.

Checking memory utilisation, you find no problem. Likewise, disk storage is no problem. Now what?

What you should be checking is the server; that is, the computer that you are connecting to (not the computer displaying the error). Neither the disk storage, nor memory utilisation, is the limited resource; you need to check the IRPStackSize. You'll be using the Registry Editor, and you'll be changing [HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ LanmanServer\ Parameters\ IRPStackSize].

Other symptoms which may lead you here are an "Error 1130" in a browstat log, and an "Event ID 2021" in the System Event log.

These symptoms are generally caused by Norton AntiVirus, or a similar product, being installed on your server, and using resources. Articles by Microsoft: (KB177078): Antivirus software may cause Event ID 2011, and by Symantec: How to change the IRPStackSize registry value explain the situation best, and outline the resolution process.

(Note 1): As stated in both articles, if the registry value IRPStackSize doesn't exist, please follow instructions and add it, with an initial value of 18. And be persistent in trying new values. Some readers of this website have reported setting the value as high as 48, for success.

(Note 2): Please note the case and spelling of IRPStackSize. And the Value must have data type of REG_DWORD. Both case, spelling, and data type are critical.

(Note 3): The terminology here may take getting used to. The string (with spaces added to enhance readability)
HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ LanmanServer\ Parameters
is called the Registry Key. The string
is called the Value name. And the string
15, 18, or whatever (entered as a DWord)
is called the Value data. My sympathy to you, as you try to absorb this. I don't find it too instinctive either.

(Note 4): You are interested here in
[HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ LanmanServer\ Parameters\ IRPStackSize]

You have no interest in
HKEY_LOCAL_MACHINE\ System\ ControlSet001\ Services\ LanmanServer\ Parameters

or any similar alias. If
[HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ LanmanServer\ Parameters\ IRPStackSize]

doesn't exist, you have to create it.

(Update 2010/11): It appears that this condition continues, under Windows 7, with slightly different wording.

>> Top

Internet Connectivity Problems Caused By The MTU Setting

The messages sent and received between your computer, and the Internet web servers that you're accessing, may go thru dozens of networks. The Internet is, by design, dynamic. The networks that you use, to access any server, may change within seconds.

Any one of those networks might have a restriction on the maximum message (packet) size that it will accept. Each computer has a setting, called the Maximum Transmission Unit (MTU), which controls how large it may make any packet. The larger your packets, the fewer packets required for sending or receiving a web page, but the greater chance any network have a problem with your packet size.

Setting the MTU on your computer can be a double edged sword.

  • If you make the MTU too large, some networks will split (fragment) your packets. Some servers may have a problem with fragmented packets, causing the dreaded "Server not available..." error, or other symptoms.
  • If you make the MTU too small, your computer will send and receive small packets. You'll be able to access any server, thru any network, but a web page will require too many packets. The speed that your web pages download will make you think you're not connected at all.

If you have a problem accessing some websites (or running some programs like email or IM), but not others, or if this problem seems to come and go, you may have an MTU setting problem. The best known examples of this problem are those with dial-up or PPPoE sevice, or those using ICS. An MTU issue can affect anybody, though, and different people (computers) will, almost certainly, be affected differently, with different web sites being unreachable at different times.

Here are several articles, of differing technical detail and level, discussing the issue further, and offering ways to diagnose and correct it. Read through each one, until you find one that explains the issue to your liking. This list, like each of the ones that I create, is alphabetised.

When you get ready to adjust the MTU setting, make it easy on yourself. Download DrTCP, from DSLReports, and use it to make the changes for you. Simply copy the downloaded file into any convenient folder, and run it from there.

You'll be changing the "MaxMTU" or "MTU" value under Adapter Settings. If you have multiple network adapters, be sure to choose the one that provides the Internet service. For instructions about what values to change MTU to, see the articles linked above. Read all 6, and pick the one that you're most comfortable with.

Note: An MTU problem can be confused with, or masked by, a DNS problem, or LSP / Winsock Corruption. If you're here after trying the above procedures, unsuccessfully, consider each of the latter possibilities.

>> Top

Welcome to PChuck's Network

Welcome to PChuck's Network, now addressed as If you're here looking for help on a specific topic, try "SEARCH BLOG" in the Navbar (top of screen on the left), or look at "Topics" in the sidebar. Or check out "Contents" in the sidebar. Or, leave me a comment, but try and find a relevant post. Or try interactive online help, in the right forums. And, sign my guestbook, if you have a moment.

Both the Category and Topic lists, in the sidebar to the right, are hidden - you open either list by clicking on one of the icons. Try it and see.

Please note that PChuck's Network, like most of my blogs, uses hypertext. If you're reading an article, you find that you need more detail about what I'm saying, and there's a link in the text there (possibly placed there for your benefit), click on the link. And see How To Get The Most Out Of PChuck's Network, for more possibilities. Help me to help you.

>> Top

File Sharing Under Windows XP / Vista

Depending upon your specific needs, you can get Windows XP in any one of five editions. Of those five, the choice of the two best known ones - XP Home and XP Pro - will differently affect your ability to share files. Both the Home and Pro editions have their advantages and disadvantages. There are also 5 well known editions of Windows Vista, though the distinctions between the Home and Business (not Professional) edition groups will be less relevant to Windows Networking issues.

This article will focus on how Windows XP and Vista are similar, with specific differences noted. In Windows XP And Vista On The LAN Together, I focus on differences in Windows Vista.

Please spend a few minutes deciding how you wish to use your computer, and whether you wish others to use your computer. If your computer is running Windows XP, make sure that you know which edition of Windows XP it is.

Windows XP Home has few options, and is easier for the typical home user to setup. Windows XP Pro / Vista (in its various editions) is more versatile, and can be used in different ways, depending upon what other computers are on the LAN, and how secure you want your shared data to be.

Simple File Sharing

If your computer runs XP Home, then it has Simple File Sharing already. SFS, which only uses Guest authentication, cannot be disabled under XP Home, without some work.

If your computer runs XP Pro, or XP Media Center Edition, it may have SFS. If you want to enable Simple File Sharing on a computer running XP Pro or MCE, from Windows Explorer:

  • Select Tools - Folder Options.
  • On the Views tab, scroll to the end of the long Advanced settings list.
  • Check "Use simple file sharing".

To use Simple File Sharing on any XP server, Home or Pro, make sure that the Guest account is properly activated, and the password is consistently set (blank or non-blank), on both the client and the server.

On a computer running Windows Vista, you disable Password Protected Sharing, giving the equivalent of Simple File Sharing.

Please note the limitations of Guest authentication, when working with Simple File Sharing / PPS Disabled.

>> Top

Advanced aka Classic File Sharing

Advanced aka Classic File Sharing is available, as an alternative to Simple File Sharing, on XP Pro or MCE. To use AFS to it's full advantage, you need to have formatted the drives, on the server, with NTFS. You then need to disable Simple File Sharing. From Windows Explorer:

  • Select Tools - Folder Options.
  • On the Views tab, scroll to the end of the long Advanced settings list.
  • Uncheck "Use simple file sharing".

On a computer running Windows Vista, you enable Password Protected Sharing, giving the equivalent of Advanced File Sharing. Unlike Windows XP, the option to enable PPS is available in all editions of Windows Vista.

Next, identify a folder that you want to share on the network, but share selectively.

  • Setup and use an account (with matching password) on both the client and the server.
  • Make sure that the account is properly activated on the server.
  • In Windows Explorer, right click on the folder in question, and select Properties.
  • On the Sharing tab, select "Share this folder" and give the share a name.
  • Hit Permissions, and make sure Everyone has full rights.
  • On the Security tab, find and select your account in the "Group or user names" list. If your account isn't in the list, Add it.
  • In the Permissions list, make sure your account has the appropriate permissions. And make sure that no other accounts have inappropriate permissions.

Note that, if you want some openly available shares also, this can be done quite easily.

  • On the Sharing tab, select "Share this folder" and give the public share a name.
  • Hit Permissions, and make sure Everyone has full rights.
  • On the Security tab, find and select the group "All Users", "Everyone", or "Users", in the "Group or user names" list.
  • In the Permissions list, make sure the group selected has the appropriate permissions.
  • Setup Guest, (with matching or no password) on both the client and the server.
  • Make sure that Guest is properly activated on the server.

Please note the limitations of Guest authentication, when setting up any share for non-selective access. And if you have a LAN with both XP Home and XP Pro systems, be careful when enabling Advanced File Sharing on an XP Pro system. Unbalanced authentication can have complex results.

>> Top

Get The Terminology Right Here

When you look at the Welcome screen, and you have multiple users setup on your computer, you'll see a list (or group) of users, identified by User Name. When you change a password, or the picture associated with that user, you'll use the User Accounts wizard in Control Panel. Here too, you'll see a list of users, identified by User Name.

If you rename a user, or if you use any advanced procedures or wizards, there is another very relevant term - account. When you setup a user, using the User Accounts wizard in Control Panel, Account = User Name. For each account / user, a set of subfolders, under "C:\Documents and Settings" is created. This is the user profile.

  • You can change a User Name at any time, but the account, and the user profile, stays the same.
  • You can make much more versatile changes using the Control Panel - Administrative Tools - Computer Management - Local Users and Groups - Users wizard. Here you can change the account name, and profile path.
  • If you disable the Welcome screen, you login using the account name and password.

So, if you ever rename a User, and see elements of the previous name, you now know why.

>> Top

Activate An Account Properly For Network Access

Whether you're depending upon the Guest account, or a non-Guest account, for authentication, the account that you use has to be properly activated. You use the Control Panel - User Accounts applet, to activate (or deactivate) an account for local use.

There are two possible ways to activate (or deactivate) an account for network access:

  • Run the "net user" command. Enter, in a command window (which will be slightly different, for Windows Vista):

    net user AccountName /active:yes

    • (Substitute actual account name for "AccountName").
    • (Substitute "no" to deactivate).

    NOTE:There are 4 "words" (sequences of non-blank characters, separated by spaces) in the command. If you have any doubt about where a space is needed, copy and paste as above (substituting the account name, and "no" or "yes", as appropriate).
  • Alternatively, for Vista Business or Ultimate, or XP Pro, run (Control Panel - Administrative Tools - ) Computer Management. Under System Tools - Local Users and Groups - Users, find the account (Guest or non-Guest) in question. Doubleclick (or rightclick, and select Properties), and clear (or check) "Account is disabled".

Finally, for XP Home, for XP Pro using Simple File Sharing, or for Vista with PPS Disabled, make sure that Guest, in addition to being activated, has the appropriate rights.
>> Top

Synchronise Passwords On Accounts

Always synchronise passwords (for the Guest or non-Guest account) on all computers - make them identical (or blank) on each. For best results, make your password policy consistent throughout your network.

To set the password, you need to run the UserPassword applet.

  • Enter, in a command window, "control userpasswords2" (less the "").
  • Select the account of interest in the User Accounts list.
  • Hit the Reset Password button.
  • Type either a blank, or non blank password, identically, into both "New password" and "Confirm new password" fields.
  • Hit OK twice.

Synchronising passwords can be tricky in a mixed LAN (home and business/pro operating system editions together). With home editions (Vista or XP Home), the default is to have no password on the Guest account (it is, after all, anonymous). With business / professional editions (Vista Business / Enterprise / Ultimate, XP Pro), you have to Disable the Local Security Policy setting, under Security Options, "Accounts: Limit local account use of blank passwords to console logon only", if your server is going to allow network access using accounts with blank passwords.

>> Top

Making File Sharing Work

Once you get past the issues involved in accessing the server, such as browsing and name resolution, there are the issues of accessing the data itself - authentication ("Who are you?"), and authorisation ("Do we want you to have access here?").

What authentication method are you using?

The message

Logon failure: the user has net been granted the requested logon type at this computer.

is easy to resolve under XP / Vista Pro, but may require extra effort under a home edition. Remember, the edition of the operating system on the server is what's relevant here.

With XP / Vista Pro, there are a pair of Local Security Policy lists, under User Rights Assignment.

  1. "Deny access to this computer from the network".

  2. "Access this computer from the network".

Authentication varies depending whether this is a domain or a workgroup.

  • In a domain, you need an activated account on the domain controller.
  • In a workgroup, you need identical, activated accounts, with identical passwords, on both the client and the server.

Authorisation is described in Server Access Authorisation.

If the files and folders in question have been properly setup and shared as above, and you're getting only partial access (maybe Read, although you intend to grant Write access), check both the Share and NTFS Authorisation lists.

Remember that if you grant access, to the share in question, to "Everyone", that refers to Everyone who is properly authenticated. Either a properly setup Guest account (on the server), or non-Guest account (for a workgroup, on both the client and server, with matching passwords), is still required.

Note: Vista uses deny by default, so if you want "Everyone" (Guest) to have access, you have to explicitly add permission - new shares don't give Full permission automatically (though in some cases, "Everyone" may have read access by default). Always check Security and Sharing, when there is a question.

With XP / Vista Home, you don't have the Local Security Policy Editor. And Simple File Sharing doesn't give you the ability to set access rights either. In that case, you'll have to use extra software and procedures.

If you're using Guest authentication, and still getting "access denied" after all of the above steps, check the restrictanonymous setting.

Even with all of the above advice, there are known scenarios, with varying symptoms, with but one common factor - recent (or not) application of certain Windows Updates.

Next, look at the complete and exact text in any observed error messages. Some very obscure errors have very simple resolutions.

And finally, repeat Troubleshooting Network Neighborhood.

>> Top

Windows XP / Vista In A Domain

If you have a network with more than 3 or 4 computers, running Windows XP or Vista, a domain is worth considering. Both Windows XP Home and XP Pro (and their related editions), and the various editions of Vista, can be used in a domain, but in different ways.

A Windows XP / Vista Home edition computer can only join a workgroup, it can not join a domain. Windows XP Media Center has the same internal components as XP Pro; however, XP MCE 2005 (KB887212): will not join a domain either.

If a Home edition client computer is on the same network with a domain, the computers in the domain should be visible, in Network Neighborhood, under Entire Network - Microsoft Windows Network - (name of domain). The Home edition computer(s) will not, however, be visible from other clients, or from the servers, in the domain, unless there is a browser server available for the workgroup of which the computer is a member (or if that computer is running the browser on its own).

If a Home edition client computer is on the network with a domain, the computer can be made a Member of a workgroup, with the workgroup name the same as the domain name. This will allow the servers in the domain to be visible, in Network Neighborhood, and will make the client visible from other clients, or from the servers, in the domain.

Users on a Home edition client will have to authenticate to any domain servers as they would in a workgroup - using accounts defined locally on each client and server.

A Windows XP Professional computer can join a domain, just as any other Windows NT based computer, and can access domain resources in the same way. However, several XP features will be unavailable:

  • Fast User Switching.
  • Simple File Sharing.
  • Logon Welcome Screen.

Depending upon how your domain is setup, an XP / Vista computer may have problems logging in to the domain, and may require changes in the domain itself.

>> Top

Guest Authentication

Guest authentication is an option under Windows XP Pro with Advanced File Sharing, and for Windows Vista with Password Protected Sharing Enabled. For Vista with PPS Disabled, XP Pro with Simple File Sharing, and XP Home, Guest is the only available authentication. Guest authentication is part of the authentication decision process, in general.

With Guest authentication, you have normally two choices for any otherwise shareable folder: whether to allow access to it, and whether to allow read-only or read-write access. All shared folders and files are equally accessible by everybody who has access to the network.

If your server only uses Guest authentication, any shared data is offered, on the network, based upon the status of the Guest account on the server. Other accounts on the server, and on any clients, will not be relevant. Make sure that the Guest account is properly activated for network access.

The Guest account, by definition, is a limited access account, and is similar to anonymous access under Windows. If your server only uses Guest authentication, your computer can't be accessed with administrative authority, thru the network.

Shares which require administrative access, such as C$, "C:\Program Files", and "C:\Windows", can't be accessed thru the network, if shared using Guest authentication. No matter what authority you are logged in with, to a client computer, when you access any server using the Guest account, those shares, and any folders and files within those shares, will be inaccessible. Any files that you want to be accessible thru the network should be kept in the Shared Documents folder, and they will be accessible to everybody.

Remember that the various folders in "C:\Documents and Settings" ("C:\Users" in Windows Vista) contain the personal data for each user of that computer. Those folders, by design, can only be accessed by the owner of the data, or by an adminstrator. Guest is neither of those, and shouldn't be expected to have access. The public portions of "C:\Documents and Settings" ("C:\Users"), if at all accessible to Guest, may be read only.

If a computer using Guest authentication is providing browser services for other computers, those other computers, when running browstat, and having no other errors, will show an "error = 5" (access denied) when trying to access the registry on the browser.

Master browser name is: PChuck1
could not open key in registry, error=5 unable to determine build of browser master:5

Other network related tasks, like remote registry access, and remote shutdown, won't work either. Those tasks require administrative access. Utilities like CPSServ won't be able to diagnose problems on a computer using Guest-only access, through the network.

The Guest account may not provide network access if the restrictanonymous setting has the wrong value. The Guest account may not provide network access to specific shares, if the RestrictNullSessAccess setting has the wrong value.

For more information about the Guest account, see Microsoft: Description of the Guest account in Windows XP.

If you need to do so, you can give additional authority to Guest. How to add authority will depend upon your edition and file sharing.

>> Top

Non-Guest Authentication

Non-Guest authentication is much more granular than Guest authentication, on a server using NTFS. It is possible on a server running Windows 2000, Windows XP Pro, with Advanced File Sharing, or Windows Vista with Password Protected Sharing (PPS) enabled. If your server has XP Home, XP Pro with Simple File Sharing, or Vista with PPS disabled, you'll be using Guest authentication. Like Guest authentication, it's part of the same decision process.

Once you're authenticated, whether with a Guest or a non-Guest account, you need to be authorised. Authorisation, under AFS / PPS, is much more granular than Guest authorisation under SFS.

>> Top

The Authentication Process - Step By Step

You authenticate in 4 possible scenarios, based upon the status of both the client and the server

  1. If
    • The client is running Windows Vista Pro (Business, Enterprise, or Ultimate), XP Pro, or Windows 2000.
    • You previously logged in to this server from this client, and selected "Reconnect at login".
    your computer will have cached a token for server access. Your computer will supply the token, and you will be given server access transparently ("transparent token caching").
  2. IfYour computer will supply the token, and you will be given server access transparently ("transparent first time login").
  3. If automatic non-Guest authentication is not possible, the server is checked for the Guest account having been activated for network access. If Guest is activated, and has no password, you will be given automatic Guest access.
  4. If neither automatic non-Guest, nor Guest, access is possible, you will have to supply the token manually. You will have to login to the server, interactively, using an account that is activated for network access on the server, with correct password. You may have the opportunity, here, to select "Reconnect at login" (based on Rule 1).
  5. If there is no account activated for network access, you will see the old
    ... access denied.
    or similar well-known error.

>> Top

Windows XP And Other Operating Systems

Windows XP was designed to allow the merger of the two older operating system families - Windows 9x (Windows 95 / 98 / ME - predominantly home systems), and Windows NT (NT / 2000 / 2003 - predominantly business systems). By carefully choosing Advanced vs Simple File Sharing on your computer, it can better operate on the LAN with your computers running older systems. And, looking forward, it can operate fine on the LAN with your computers running Vista.

Simple File Sharing, which is selectable under XP Pro but not under XP Home, uses Guest authentication only. It makes it easier to setup sharing with Windows 9x systems, by simply creating openly available shares.

Advanced aka Classic File Sharing is directly compatible to file sharing under Windows NT / 2000 / Server 2003. It can use Guest, or it can use non-Guest, authentication.

Windows XP will share files with an XBox 360, given a small amount of work.

For additional details describing file sharing issues relevant to Windows XP and to other operating systems, see:

>> Top

Authentication Protocols

As described above, any connection created between a client and a server involves some form of authentication. The person using a client computer must prove who he / she is, so the server can decide whether to allow access. The simplest form of authentication is a simple account / password exchange. The user inputs the account (public secret) and password (private secret), these are passed to the server, which matches the two against its database.

Original versions of Windows, before NT V4.0, used LAN Manager Authentication, which used this strategy. Starting with Windows NT V4.0, authentication protocols of increasing complexity have been used.

>> Top

Local Access Issues

If you follow recommended procedures, and setup your accounts to allow file sharing, you will have identical, non-blank passwords on the accounts. As I said above, by default, Windows XP Pro requires non-blank passwords for accounts used for network access.

Maybe you're accustomed to not logging in at all when you turn your computer on - just start it, it comes up with the desktop, and you get to work. Or maybe you'd like to do this, but don't know how. Well, Ramesh, another MVP, has written up the procedure for making your computer login automatically, in his article Configure Windows XP to Automatically Login.

>> Top

Leave Comments Here

Like any blogger, I appreciate polite comments, when they are relevant to the blog, and posted to the relevant article in the right blog. If you want to ask me a question thats relevant to Windows Networking, but you can't find the right post to start with (I haven't written about everything Windows Networking related, yet, nor the way things are going I don't expect to either), ask your questions here, or leave an entry in my guestbook.

No spam, please. All comments are moderated.

If your question is related to life in general, feel free to leave me a comment on my Musings blog.

Help me to help you.

>> Top

How To Get The Most Out Of PChuck's Network

Welcome to PChuck's Network! Pchuck's Network is a Blog, and it's written in Hypertext. Note my general principles, that I state repeatedly in my various articles.

Please observe Legal Discretion when referencing articles posted here.

Please note my Privacy Statement, when you ask for advice in an open forum. There are several ways to contact me - in an online forum, by email, or thru my Guestbook. Most urgent help can be gotten by the first of the three.

Contacting Me
If your message contains a question about a network issue, I strongly suggest that you post a problem report in an open forum, where helpers like me can be found. There are two forums where I normally spend my time ("too much time", some would say):

Using online forums for help requests is a good idea, for several reasons.
  • You'll get better help with all the helpers able to see, together, the status of your problem, as it's resolved.
  • Many helpers keep their email addresses secret, and won't be interested in sharing them with strangers.
  • You encourage a spirit of community, which is what drives these forums in the first place.
  • You help provide an online record of problems and solutions, again strengthening the idea of using online forums for problem resolution.

If you're uncomfortable asking for help in an open forum, I'll ask that you read a some of my articles, to start:

If you feel the need to message me, whether to tell me how great PChuck's Network is (or to tell me what needs improvement, I can take it), or to ask for assistance (my resources and time permitting), Please Sign My Guestbook. If you provide an email address, only I will see it, and I will be able to write to you. And if you wish to leave additional, confidential details, you can make your entire message Private.

Until I start getting a lot more hits in my GuestBook, though, I'll probably not check it as often as the open forums. Also, my GuestBook doesn't integrate well with email, so I can't guarantee a quick (or immediately helpful) reply. So start with one of the above forums, if you require immediate assistance. Send me a private message, in my GuestBook, if you need special help, and are prepared to wait a while.

A Blog
A Blog is a work in progress. What you see here today may be rewritten, with more detail, tomorrow.

That being the case, you should not plan to get all the information in one visit. Read, what you have time to today, and plan to return here soon, and regularly. But when you return, how will you know what articles have been rewritten? I spend a lot of time rewriting existing articles, as well as writing new ones. Like this article.

As I write, and rewrite articles, I link the various articles to each other, and to other websites. I don't spend any time identifying each new article, or each updated article, in a list that you can examine. Any list would be only as useful as it is customised to fit the needs of each reader, and since each person is unique, this would be an impossible task.

If you would like to create and maintain a list of your own, so you can keep up with changes here, you can get a Newsfeed Reader. This will let you keep up with this website, and any others that interest you, without you having to tediously surf to each website, to look for changes.

The Newsfeed Reader, in combination with the newsfeed attached to the website, will tell you, at your convenience, when an article on PChuck is changed, and let you view the article. There are two conventions for newsfeeds - Atom, and RSS.

Right now, PChuck has an Atom feed, so you will need a Newsfeed Reader that is Atom compatible. If you have Firefox (and I hope that you do), you may get Sage, a free lightweight RSS and ATOM feed aggregator, as a Firefox extension. You could also get a standalone Newsfeed Reader. There are a dozen or so listed at AtomEnabled.

A Hypertext document is a document with many pages, and the various pages linked to each other. It uses the same structure as the web, except that all of the pages are part of the same website, and have the same style.

When you read a book, and you see a reference to another page in the book, you have to interrupt what you're reading, find the other page, read there, then find your way back. When you read Hypertext, you simply read what's there, and hit the Back button in your browser. You have to be able to recognise the links.

The links are there to simplify the reading process. If you're just looking for an overview, you can simply read each page.

Have I lost you? Click on one, and see what you get. Please. You'll be helping both of us.

Legal Permissions
PChuck's Network is subject to change at any moment. You, and your friends, will benefit the most by directly linking to the articles here. Permission is expressly granted for you to extract relevant contents of any article in PChuck's Network, and post the extracted material elsewhere on the web, or include it in email, if, and ONLY if, you include a working link, to the article from which you are extracting, in your extract. This is for your own good. The web, and this web site, is dynamic, so please use it that way.

You may, if you wish, extract relevant portions of articles, for inclusion in any paper documents. I strongly suggest that you include a link to the original article, and date of copying, if at all possible. Again, this is for your own good.

>> Top

Welcome to PChuck's Network

Microsoft Windows is an incredibly complex operating system. Making an installation of computers running Windows work, at all, is a challenge. Making one work properly is even more of a challenge. Fortunately, thanks to the Internet, the problems which you may be observing today may have already been discussed, and resolved, by other folks before you. And there are many websites to give you advice, based upon those experiences.

Now, many websites offer you learned advice on various subjects; some on Windows Networking, as PChuck's Network does. Many websites are procedure oriented. If you know what to do, they will give you details showing you how you can use a particular wizard. But - if you don't know what to do, or how to solve a given problem, how are you going to find a solution? That's like using a dictionary - some folks think that you can learn how to spell a word, by looking it up in a dictionary.

PChuck's is organised by goal. For problem solving, it's organised by symptom. Now, it's not finished - few websites are ever actually finished. But give it a shot - it may have an answer or two for you.

If this is your first visit here, you may wish to start with the introduction, How To Get The Most Out Of PChuck's Network.

Having reviewed the site introduction, you may find that there are several ways to benefit from the material here.

And check out my Links page, for extra interests of mine.

More articles are added frequently, and existing articles are revised even more frequently. Check here regularly, using a newsfeed reader for best results. And tell your friends about PChuck's Network!

>> Top

Common Problems and Resolutions

"Error = 5" aka "Access Denied"
"Error = 53" aka "Name Not Found"
Intermittent Connectivity Problems When Computer Is Idle
Intermittent Server Visibility Caused By The Restrictanonymous Setting
Intermittent WiFi Connectivity Problems Caused By WiFi Client Manager Conflicts
Internet Access Problems Caused By DNS Problems
Internet Connectivity Problems Caused By A Corrupt Or Hijacked Hosts File
Internet Connectivity Problems Caused By The MTU Setting
Irregularities In Access To Individual Shares On A Single Server
Irregularities In Access To Network Neighborhood (Workgroup)
Network Access Affected By Limited Or No Connectivity
Network Access Affected By LSP / Winsock / TCP/IP Corruption
Network Access Affected By NetBIOS Over TCP/IP Being Inconsistently Set
Network Access Affected By Physical Networking Issues
New Network Connections Wizard Functionality Damaged By System Restore
Server Access Affected By IRPStackSize
Server Access Affected By User Not Granted Requested Logon Type
Server Access Affected By Maximum Simultaneous Connections
Server Visibility Affected By The Invisibility Setting
Server Access And Visibility Affected By Personal Firewalls
Server Access and Visibility Affected By Less Known Registry Settings
Well Known, Yet Mysterious, Errors May Have Simple Resolutions

>> Top


Asking For Help For Internet Connectivity Problems
Asking For Help For Network Neighborhood Problems
Diagnosing Intermittent Connectivity Problems
Hacking Defined
Finding Computers On Your Network
Layered Security
Malware (Adware / Spyware)
Networking A Windows Vista Computer
Networking Your Computers
The NT Browser and Windows Networking
Restrict Your Privileges
Solving Network Problems
Troubleshooting Internet Connectivity
Troubleshooting Network Neighborhood (Windows Networking)
Watching What Your Computer Is Doing
WiFi Environment Analysis
WiFi Networking
WiFi Security
Windows Networking - Elementary
Windows Networking - Advanced
Windows XP And Vista File Sharing

>> Top

Diagnostic Procedures and Tools

CPSServ (NOTE: Requires download of PSTools) (free).
Command Windows
Event Viewer
Finding, and Tracking, Computers On Your Network
Local Security Policy Editor
My Personal Toolbox
Net Config
NetCheck (NOTE: Requires download of PSTools) (free).
Network Connection Wizard
Network Stumbler
Network Setup Wizard
Registry Editor
Services Wizard
Static Route Table
System Restore
Windows Explorer
WindowsUpdate Log Interpretation

>> Top

Using The Internet Properly

Bottom Post, Please
Download Software Selectively
Help Us To Help You
Getting Help On Usenet - And Believing What You're Told
How To Contact Me
How To Post On Usenet And Encourage Intelligent Answers
Interactive Problem Solving
Please Don't Hijack Threads
Please Don't Spread Viruses
Provide Diagnostic Data As Text, No Attachments or Images
Provide Essential Details When Asking For Help
Please Use BCC:

>> Top

Networking / Security

Ad-Aware or Spybot S&D? You Decide
Beware Of Hidden Physical Personal Firewalls
Components Definition - Networking
Design Your Network Properly
Have Laptop Will Travel?
Computer Uniqueness and Security Needs
ICS Is Not The Only Possible Solution
Make Your Wireless Computer Connect Only To Your Network
NAT Router - What Is It?
NAT Routers With UPnP - Security Risk, or Benefit?
Online System Virus Scanning Services
Pop-Ups - How To Deal With Them
Protect Yourself - Restrict Your Privileges
Protect Yourself When Using A Public Computer
Protect Yourself When Using A Public WiFi LAN
Protect Your Hardware - Use A UPS
Quick Networking With A CrossOver Cable
Setting Up Two Routers On The Same LAN
Sharing Dial-up Internet Service With A Router
Spam Spam Spam - Spam Spam Glorious Spam: Early Spam, and Modern Spam.
SSID Broadcasts
WEP Just Isn't Enough Protection Anymore
WiFi Will Never Be As Fast As Ethernet

>> Top

Windows Networking / File Sharing

Address Resolution On The LAN
Browsing and Multiple Subnets
Domain vs Workgroup? Plan Properly
Cleanup Your Protocol Stack
Components Definition - Windows Networking
Local Name and Address Resolution On Your Computer
One Use For IPX/SPX
Setting Up File Sharing Properly
Windows 9x (95/98/ME) and the Browser
Windows NT (NT/2000/XP/2003/2006) and the Browser
Windows Vista / XP / 2000 On A Domain

>> Top

PChuck's Network NewsFeeds

This blog is PChuck's Network. This post is PChuck's Network NewsFeeds, and you are looking at the blog itself. What you see is a lot easier for you to read, than for computers to do so. There's another copy of your blog, that's designed for computers to read.

The other copy is called the blog (site) feed. The site feed is read by a newsfeed reader. If you would like to be informed, automatically, when this site (or any of millions of other sites on the Internet) is updated with new and interesting articles, you get a newsfeed reader, and subscribe to one or more feeds.

You have several choices, for newsfeed readers. Here are a few examples.

You have several feed choices, for PChuck's Network. You can take any of these feed URLs, and subscribe using any of the above (or numerous other) newsfeed readers.
CommentsBlog Comments - AtomBlog Comments - RSS
PostsBlog Posts - AtomBlog Posts - RSS

Please note that the above 4 feeds are just suggestions of what you may subscribe to, to get the most out of my blog.

Background Information Useful In Problem Diagnosis

When you need help with your computer, and its behaviour on the network, please remember that the ones who need to help you aren't in front of it with you. Background information and observations, that you might make or ignore, can be useful in determining the cause of your problems.

Please start by providing details about your network, and about the problem for which you need help.

  • When providing background information, please format it properly. Please don't munge or hide the details, such as computer names. Don't interfere with our ability to help you.
  • Describe, as precisely as possibly, what you are doing, and what you are seeing.
  • Provide the complete and exact text, in any observed error messages. Look for details in Event Viewer, if possible.
  • Describe the computers on your network. Identify the operating systems on each computer - Name, Edition (if Windows XP, is it Home or Pro?) (And if XP Pro, is it using Guest or non-Guest authentication?), and Service Pack level.
  • How does each computer, and each other network device connect? Do you have all computers connected, as peers, to a router? Or do you have a host (running ICS) and one or more clients? Make and model of network software and hardware - personal firewalls, routers, hubs, network cards - is useful too.
  • Describe the scope of your problem. If you have more than one computer, does the problem show up on each computer simultaneously? Does it show up on each computer, but at different times? Is there a time of day or day of week pattern?
  • Describe when you first observed the problem. What network, or system changes, did you make just previous to the observation? How long had you had your previous network, and system, configuration, before that change?
  • Describe the workaround that you're using, when you experience the problem.

Solving system problems is a lot like solving crimes - the smallest detail may lead to the guilty party.

Remember, I can't watch you when you're fixing your system, so don't make me beg for details. Help Us To Help You. For more thoughts on this subject, see How To Post On Usenet....

Privacy Statement

You are reading this statement because you are asking for help with a networking problem. You read about this website in a serious help forum - this website is only advertised in forums where serious help is given. You have to trust us, and to Help Us To Help You.

  1. Nobody helping you here has any intent of deceiving you, or of compromising the integrity or safety of your network, in any way.
  2. No information provided initially, in browstat or ipconfig, is of use to anybody with dishonourable intent, in compromising the integrity or safety of your network.
  3. If you are asked to provide any additional information, that request will be made only as necessary to diagnose your problem.
  4. If you do provide any information which could possibly compromise the integrity or safety of your network, you will be advised how to mitigate the risk.

>> Top