PChucks Network: Irregularities In Individual Share Accessibility

When I talk about strategies for diagnosing network problems, one of the principles that I recommend is Relational Pattern Analysis. Look for computers that have the same problem, and other computers that don't. When you have problems that can't be solved easily, when you use one of my troubleshooting guides like Irregularities In Workgroup Visibility, the larger your network, the better. You need computers that don't have the problem, and computers that do, so you can identify the common thread between each set of computers, and then identify the problem itself.

Sometimes, though, your problem may be more complex. Instead of all shared folders on your server being invisible or inaccesible, maybe some are accessible, but others aren't. Maybe only some are even visible. Now what do you do?

Visibility, and accessibility, of individual shared files and folders are controlled by Access Control Lists, or ACLs. The RestrictNullSessAccess setting can affect access to individual shares, if your server is authenticating with the Guest account.

The easiest way for your shares to differ in visibility is to have improperly differing ACLs. The easiest way to resolve this is to identify, and correct, the differences between the ACLs.

With Windows 2000, and Windows XP Pro, the solution here is simple. Edit the ACLs. Your can do this by the obvious (but more time consuming) way, by using the GUI in Windows Explorer. Or you can do this by the less obvious, but more efficient scriptable way of using CACLS. Both procedures are discussed in Server Access Authorisation techniques.

With Windows XP Home, you can't use the GUI in Windows Explorer. Windows XP Home, and Simple File Sharing, set all permissions the same (supposedly). They don't give you any way of changing any permissions, short of global settings where you identify each share, and allow (or disallow) network users to change the contents. With XP Home (or with XP Pro, if you prefer), you may use alternate Server Access Authorisation techniques.

But, having identified the above possibilities, and carefully read and followed all instructions, sometimes you still can't get things working just right. There are known problems which can't be solved by simple ACL editing.

If you want to provide a secure computer, one of the recommendations is to keep the operating system updated, religiously. Microsoft issues monthly operating system updates, with patches of varying criticality. In most cases, it is beneficial to apply all critical patches. In some cases, like yours, it isn't.

In this case, patch KB885250, as referenced in bulletin MS05-011, has been recently identified as the culprit in odd file sharing scenarios. The Microsoft article (KB895900): You cannot save a file from your Windows XP-based or Windows 2000-based computer..., and a subsequent article (KB896427): After you install security update 885250, both describe the symptoms of this problem. Symptoms caused by application of patch 885250 can, and have been known to, cause file sharing scenarios of varying complexity.