Registry Settings Which Affect Access To Your Server

Windows NT based operating systems (NT, 2000, XP, Server 2003) use Access Control Lists (ACLs) to meter access to files and folders which are NTFS based. If your server uses NTFS (as most do), you should know how to create and modify ACLs, to allow or prevent access to specific files and folders.

Besides the NTFS ACLs, though, there are registry based settings that can affect the ability of your server to be seen, or accessed, by clients on the network. These settings work in addition to, or in spite of, the ACLs.


  • The Hidden setting will explicitly instruct the browser to not enumerate your server.
  • The restrictanonymous setting will affect the ability of your server to be enumerated by the browser, and the ability for it to be accessed by clients using the Guest account.
  • The RestrictNullSessAccess setting will affect the ability of specific shares to be accessed by clients using the Guest account.

If you are experiencing problems with visibility of, or access to, your server, and more obvious settings or personal firewalls are not the problem, check these registry settings.

>> Top

RestrictNullSessAccess and Your Server

The separately discussed restrictanonymous setting will interfere with file sharing, in your Windows Network, by preventing your server from being enumerated ("seen") by the browser. There are other settings, though, that can interfere with Windows Networking, in other ways.

The ability to allow / prevent unauthenticated clients, to access named shares, is one such setting. If your server provides share access thru Guest, whether in Simple File Sharing, or in Advanced File Sharing with Guest-only access, access to some or all shares can be blocked by this setting.

The RestrictNullSessAccess setting, which is a value in the registry key [HKLM\System\CurrentControlSet\Services\LanManServer\Parameters], was originally part of Windows NT, and before the concept of Guest authentication in Windows 2000 and XP. The default / undefined value is "0", which says "Do NOT restrict share access to unauthenticated (Guest) clients".

If set to "1", however, you can designate specific shares (and named pipes) which will override the setting and allow access. The registry value NullSessionShares, in the above key, will then contain a list of shares that may be accessed by unauthenticated (Guest) clients.

This setting, if incorrectly made, will override any ACL entries which authorise Guest access. If your server depends upon Guest authentication, and this setting is in place, you will have problems with providing access to any, or all shares on the server.

Attribution:Information about this setting was provided by Mike Brown. Thanks, Mike!

>> Top

Checking and Reducing StartUp Time On Your Computer

Windows XP is a lot more stable than any previous operating system. With a computer running Windows 2000, and before that Windows NT, if you ran a lot of tasks on it, you learned from experience to restart the computer regularly. Improved system stability reduces that need. This is good, because even with the advanced startup procedures in Windows XP, which make it startup faster than any previous operating system, it still takes too long. So I keep my main computers on 7 x 24.

But what if you can't keep your computer on 7 x 24? What can you do then? Well, no computer will start instantaneously, but you can reduce startup time substantially. One of the best ways to reduce startup time is to remove unnecessary tasks.

Now some folks will advise you to get rid of unneeded services. They advise you to take a look at a mirror of Black Viper (the god of NT services analysis). You can turn off a lot of services that aren't needed, and save some startup time.

Many folks, though, will note that their computers started out fast, when they were new, and gradually got slower. Now that's not a services problem - you don't accumulate services as you use your computer. There are a very finite amount of services, as Black Viper's website will show.

The problem here is unnecessary user programs, loaded to start automatically. When your computer starts up, and takes a long time to load the desktop, it's starting programs that you loaded onto your computer. In many cases, these programs are ones that you didn't intentionally set to load at startup.

You can start with education and research. Autoruns, MSConfig, and StartUp Control Panel will all show you what programs are set to load at startup. And, if you like, you can even use malware anaylsis programs, like HijackFree and HijackThis, to identify autostart entries.

All of the 5 tools identified above - Autoruns, HijackFree, HijackThis, MSConfig, Startup Control Panel - will list some amount of programs that start automatically. They'll all differ in what they show, and how they show it. But they all have one common failing - none of them show which tasks take the longer amount of time to start.

If you are going to figure out which tasks you should not allow to autostart, you have to know which tasks cause the long autostart times. There are two tools that I use for this purpose. Microsoft produced Bootvis long ago, and in typical Microsoft tradition stopped distributing it. But you can get it from MajorGeeks or SoftPedia, or others (just Google on "download bootvis" for a list).

My favourite tool, for this purpose, is Process Explorer. One of the metrics, under View - Select Columns, on the Process Performance tab, is Start Time. By sorting on Start Time, you can get a neat log of the startup sequence of each system and user task. You can even export the log to a text file. Exporting the log to a text file makes the final step in this process a lot easier.

If everybody using a particular computer is experiencing slow startup, look for common tasks. Simply eyeballing a Bootvis or Process Explorer log should give you some candidates for removal. If everybody in the domain is experiencing slow startup, look at the domain setup too.

If some users complain, but other don't, then do some relational analysis. Compare two users on one computer (with problems noted), and then on another computer (no problems noted). With a total of 4 test cases, you should easily find the offending programs, and banish them from startup. Comparing the Bootvis or Process Explorer logs will make this task a lot easier.

>> Top

If I Was A Hacker

If I was a bad guy, and I probed a range of addresses, with a bogus connection attempt, I'd expect any one of 4 possible returns from each of the addresses probed.


  1. "Address unreachable" from the upstream gateway.
  2. "Connection refused" from the router or firewall.
  3. Reply from target, from an unstealthed computer or router.
  4. No response, from a stealthed computer or router.


If I were a true hacker (not a cracker or script kiddie), I think I'd prioritise my hack attempts based upon those results.

  1. "Address unreachable" = You can't hack what doesn't exist.
  2. "Connection refused" = Interesting, but there's so many responding that way.
  3. Reply from target = Boring.
  4. No response (stealth) = Now we're talking. A true challenge. Thinks he's invisible, eh?


I'd go after #4, then #2 and #3, in that order. Security By Obscurity = No Security.

>> Top

Using Public WiFi Networks

Setting up and using WiFi, as an alternative to Ethernet in your home, is a tricky project. Wifi will never be a true alternative to Ethernet.

There are things that you can't control, as a domestic WiFi LAN owner.

  • Noise on the channel (analogue interference).
  • Neighbors sharing the WiFi spectrum (digital interference).


When you take your portable computer to the local coffeeshop, you are still subject to the problems of a domestic WiFi LAN. You have additional problems too, issues that you (as a mere customer) can't control.

  • Security used by the hotspot, to control access, and to keep the customers safe.
  • Other customers at the hotspot (digital interference).
  • The Internet service used by the hotspot.

These issues all apply after you are connected to the hotspot.

Security Issues - and the Initial Connection
Initial hotspot connection is a big issue. And authentication / encryption is a part of the connection problem.

  • Authentication identifies you to the hotspot Access Point, letting only those who have legitimate access use the network. Authentication prevents unauthorised active use of the network.
  • Encryption encodes the network activity between your computer and the access point, so no hackers can snoop on your activity. Encryption prevents unauthorised passive use of the network.
  • WEP, which is the original standard for WiFi security, only provided encryption, with a static encryption key. The hackers figured out how to break the key, so WEP was dismissed as insecure.
  • WPA / WPA2 has several versions of authentication and encryption. You will probably use the simplest in your home WiFi LAN: WPA-PSK with TKIP. PSK is a pre-shared key, similar to the key used in WEP, but more complex. TKIP is an encryption protocol which starts off by using the pre-shared key, but changes the encryption key regularly, to keep hackers from breaking the key. By preventing unauthorised access (by using authentication), and snooping (by using encryption), a WiFi LAN is safer.
  • At most big hotspot chains, like T-Mobile, they have dismissed using WPA (or even WEP), because it's a pain to setup and to manage. If you setup a home LAN, you will (should) use WPA or better, because you control the LAN, and because you need to keep YOUR LAN (with maybe some non-WiFi computers even) secure. But how can you do that, if you don't control or can't meet the customers and their computers?
    • Not every Starbucks customer, with a laptop, is capable of setting up a WPA client, without help.
    • Very few hotspots have anybody on staff, even remotely proficient in setting up WPA security, and available during store hours.


With most hotspot chains, the hotspot AP itself will be open, and use a captive portal for access restriction. You connect to the hotspot, THEN you authenticate using your credit card (or maybe a token provided by the store running the hotspot). Using a hotspot provides challenges similar to, but not limited to, those involved when using a public computer.

To really understand the differences between WEP / WPA / WPA2, and open (with credit card / token), authentication, you have to start with some understanding of the OSI network model, and network layers.
  • WEP / WPA / WPA2 authentication and encryption occurs at layer 2, the Data Link layer. Data link authorisation / encryption occurs between your computer, and the hotspot Access Point, with a mere minimum of information transmitted in the clear (ie visible to any hackers). Based upon the WPA shared key and settings on your computer and on the Access Point, a lot of initial conversation takes place, between your computer and the access point, that you don't see.
  • Open, followed by credit card / token, authorisation, involves a brief initial conversation, between your computer and the access point, that you don't see (layer 2 again). This is followed by with some portions of the transaction transmitted in clear (unencrypted), and readable by any nearby hackers.
    • Initial connection to the hotspot AP is open to anybody. This eliminates the need for setting up WEP / WPA authentication for each WiFi customer.
    • Once a (Layer 2) connection between the AP and a client computer is established, you the customer see a "Please Login" screen in your browser, and can either enter a credit card number (if connectivity is open to everybody paying), or a token (if connectivity is sold by the store running the hotspot). Generally, the browser will use an encrypted protocol between the browser and the hotspot; if so, you will see the familiar padlock icon in your browser. This allows you to use your credit card with some degree of security (but still be careful).
    • Since you have an open connection (with maybe the credit card transaction encrypted), any Internet use will be unencrypted. Whatever you do with your browser, or any other Internet traffic, is available for snooping by any nearby hackers.

  • Any Internet activity between your home LAN (or a public access point) and a distant Internet server, unless transmitted securely (with the padlock), is open to any Internet snooper. Traffic volume on the Internet is immense though, and merely snooping Internet traffic is likely to be a waste of time. With a properly setup home network, all WiFi traffic between your computer and the access point is encrypted; with a hotspot, this may not be the case. A hacker, snooping local traffic on an unprotected WiFi LAN, is much more likely to pick up relevant secrets from unwary customers.


Don't be an unwary hotspot customer. As with using any public computer (and even if you carry your own computer with you), protect yourself when using any LAN that you don't control.

>>Top

Other Customers at the Hotspot

As discussed in my other articles, you have to share the bandwidth. If there are other customers at the hotspot, they will be accessing the Internet too. If they are just browsing the web, and you are doing likewise, you can likely share just fine.

If either you or another customer is using a hotspot to download large music or video files, the other customers may suffer from degraded service. As with any WiFi LAN, depending upon how the hotspot is setup, those with intense network activity (such as downloading large files) may cause unfairly degraded service for the other users.
  • Don't go to a crowded hotspot and download large files during peak use periods.
  • Don't be surprised when your network performance drops during peak use periods.


>>Top

The Internet Service Provided By The Hotspot
As in your home, the quality of the Internet service provided, to any hotspot, may vary. Cable broadband based Internet service will vary depending upon time of day (and Internet access by the cable customers who are immediate neighbours to the hotspot). DSL based Internet service will vary depending upon the distance from the hotspot to the telephone connection office.

Issues like the WiFi channel used, which you would change at home to avoid interference by the neighbours, will be ones that you won't be able to control. And service outages, that you can only report to your ISP from home, you won't be able to report to the hotspot service provider. They will affect you, nonetheless.

Identifying A DNS Problem In Your Internet Service

DNS, which lets you translate a host name or URL into an IP address, is a key process in Internet use. Sometimes, though, it doesn't work. You try to browse to http://www.example.com, and you get a cryptic

Firefox can't find the server at www.example.com.

or
We can't find "www.example.com"

or worse, sometimes the classical
404 Not Found

Or even, the white screen of death - no error - no response.

Now the above example symptoms could have been caused by any of several scenarios.

  1. Host www.example.com doesn't exist.
  2. Host www.example.com isn't operational today.
  3. Your DNS (that translates www.example.com into an IP address) isn't working.
  4. Your MTU setting is causing a problem with accessing www.example.com.
  5. (This is not fiction, folks) - Your ISP, or a government agency, is intentionally blocking your access to www.example.com.
  6. You don't have Internet connectivity.


What to do now? Well, if your Internet connectivity is down, you've got different work to do. But, if you can access any other web sites, or if you're otherwise certain that your service is not the problem, then make sure that your DNS is working. To do this:

  • Find out the IP address of the web site. There are various web sites all over the Internet that will let you use their DNS servers, thru your browser. I use 2 web sites, consistently, and keep their URL and IP addresses available.

    1. All Net Tools, by IP address: http://216.92.207.177/toolbox .
    2. All Net Tools, by name: http://www.all-nettools.com/toolbox .
    3. DNS Stuff, by IP address: http://66.36.247.82/ .
    4. DNS Stuff, by name: http://www.dnsstuff.com/ .

    I use either of those two web sites; in case one goes down I use the other. And, if I'm researching a DNS problem, I access either one by its IP address. Finally, given the possibility that one or the other might change its IP address, I can hopefully resolve its name, using the other website. So, I keep all 4 addresses handy.

    • For All Net Tools, I enter the web site URL into the "SmartWhois" window, and hit Enter or Go!.
    • For DNS Stuff, I enter the web site URL into the "DNS lookup" window, and hit Enter or Lookup.

  • Conduct a simple 4 step test. In this example, I'll target www.yahoo.com, which uses (among many others) 66.94.230.33. Feel free to use whatever web site, for your testing, that pleases you.
    • Clear all caches, to ensure consistency.
      • Clear DNS cache. From a command window, enter "ipconfig /flushdns".
      • Clear the cache in your browser.
        • From Firefox, Tools - Options - Privacy - Cache - Clear Cache Now.
        • From Internet Explorer, Tools - Internet Options - Temporary Internet files - Delete Files.
    • From a command window:
      1. Ping www.yahoo.com.
      2. Ping 66.94.230.33.
      3. Note success / exact text of error messages.
    • From your browser:
      1. Browse www.yahoo.com.
      2. Browse 66.94.230.33.
      3. Note success / exact text of error messages.

  • Now, consider the results of the tests.
    • If you see a difference between both IP address accesses, as compared to both named accesses, you very likely have a DNS problem.
    • If you can ping (with a successful return), but not browse, with identical results for IP address and name, you may well have an MTU setting problem.
    • If you see a combination of results, you may need to research BOTH a DNS and MTU problem.
    • If the tests aren't conclusive, consider the ubiquitous LSP / Winsock corruption problem.
If you want to read a more detailed description of this diagnostic technique, check out Roberto's Report: DNS and MTU - Interpreting Results.

>> Top

You Have To Share The WiFi Bandwidth

The most common networking medium today is Ethernet. The most popular Ethernet uses 4 wires, 2 for sending and 2 for receiving, to provide 100M full duplex bandwidth. The equivalent to 100M Ethernet is 802.11g WiFi, which provides 54M half duplex bandwidth.

If you have just 2 computers with Ethernet adapters, the simplest thing to do is to connect both with a cross-over cable. If you have 3 or more computers, you'll likely get a switch or router, and connect each computer to that, one Ethernet cable / computer. With full duplex switched Ethernet, you'll get a total of 200M bandwidth in each conversation between a pair of computers - 100M sending, and 100M receiving. As you add computers and Ethernet cables, the total bandwidth provided by your network grows. This is why we say that an Ethernet network is scalable.

Wifi, on the other hand, is not scalable. With your computers connected thru WiFi adapters, whether directly to each other (ad-hoc mode), or to a WiFi router (infrastructure mode), all computers must use the channel together. No matter how many computers you have - 2, 3, or more, your computers will have to share the channel. And if your neighbour has a WiFi LAN on that channel, your computers will have to share the channel with your neighbours WiFi LAN.

By saying "share the channel", I am saying that, when your WiFi router is transmitting, no other computer or router within range of your router can transmit. Only one device - computer or router - can transmit over any channel at any time.

To share the channel, a WiFi device uses a strategy called Carrier Sense Multiple Access/Collision Aviodance (CSMA/CA). CSMA/CA, which is similar to a strategy previously used by classical (pre-switched) Ethernet, is not an efficient strategy.

  • Each WiFi component has to listen to the channel for some amount of time, before transmitting, to ensure that nothing else is currently transmitting. Precious portions of your 11M (54M, 128M) bandwidth are wasted, when listening.
  • Even with each WiFi component listening to the channel before transmitting, it's always possible to have a collision, when two or more components pick the same time to start transmitting. When there's a collision, both components will have to retransmit; more of your bandwidth is wasted, when retransmitting.


With Ethernet, if you use the proper equipment and design your network within limits (mainly, with each computer connected, by no more than 100 metres of Cat-5 or better cable, to the router or switch), you're pretty much guaranteed 100M bandwidth. With WiFi and CSMA/CA, the general estimate is that you will get 1/3 - 1/2 of the stated bandwidth. And that only involves your computers and router, with your router managing the relationship. When your neighbour's WiFi LAN becomes involved (and both routers have to manage a peer-peer relationship), your channel availability, and bandwidth, drops further.

There are 11 802.11 channels, but only 3 do not overlap. To minimise interference with other WiFi networks, everybody should use only channels 1, 6, or 11.



Non Overlapping Channels
Bottom ("1")
Middle ("6")
Top ("11")


Now, 802.11b and 802.11g are mature, ratified standards. Each manufacturer of standard equipment designs it to perform in a predictable way, so if your WiFi router has to share the channel with a router made by another manufacturer, it will perform properly. But 802.11g doesn't provide enough bandwidth, so the manufacturers have developed a new standard, 802.11n. The new standard was only recently ratified by the various WiFi vendors, and this will limit its effectiveness.

As you increase the effective size (area / volume) of your WiFi neighbourhood, your WiFi components will be able to detect ("see") more WiFi networks using any channel. Since only one WiFi device can transmit at any time, your WiFi network will spend more time waiting to use the channel. When simply waiting becomes unsuccessful, it will spend additional time recovering from collisions. More waiting / collisions = less effective bandwidth = slower file transfers. Pure and simple.

>> Top

Don't Upgrade To Solve Active Problems

You see these questions in the forums occasionally:


  • I have a problem with my computers - I can't access each computer from the other. Since one computer was running Windows 98, I upgraded it to Windows XP. Now I still can't access both computers from each other. And the old computer runs really slowly. What do I do now?

  • I was having file sharing problems, on my Windows XP SP1 computer. Somebody suggested that I upgrade to Service Pack 2.


The advice, given frequently, starts with:
Did you back up your previous installation? If so, roll back there. First, fix the problems. Then plan the upgrade properly.

Prepare for your upgrade properly. Have a recovery process in mind, should the upgrade not go successfully. This means that you need to solve your current problems before you upgrade. Don't risk a triple whammy.

  1. Downtime caused by the upgrade.
  2. Downtime caused by recovering to the old operating system.
  3. Downtime caused by having to fix the original problems with the older operating system.

Fix issue #3 first. Then upgrade.

Older Operating Systems - Windows 98, Windows ME, Windows NT

Even though 99% of the patrons of PChuck's Network are looking for help with networking between computers running Windows 2000 or Windows XP, there will always be those with older operating systems. Even though you'd be much better off (on a computer that will support it) upgrading to Windows XP, I will always advise you to only upgrade from a working system.

Do not expect to get rid of problems by upgrading. Fix your problems first. That being an issue, how do you network Windows XP with older operating systems? What are the issues between Windows XP and older operating systems?


  • The browser. The browser provides the contents of Network Neighborhood. For all computers to see the same computers displayed in Network Neighborhood, there can be only one authoritative computer - the master browser. Selection of a master browser works best when all computers play by the same rules. If you have 2 computers on your LAN - one running Windows 98, and the other running Windows XP - a computer running Windows XP should always be elected as the master browser.
    • The Windows XP operating system is more reliable. It manages resources better, and will provide more diagnostics.
    • A computer running Windows XP is probably newer than one running Windows 98. The hardware will probably be more reliable, and have more power.
    • Since it's newer, you'll probably use a computer running Windows XP more. The browser infrastructure is much more stable, when using a computer that's online constantly.

    Since Windows XP is the preferred authority, on any network with mixed population, the browser election process should always favour a Windows XP computer for master browser. The Windows XP browser process uses this reasoning. Unfortunately, the Windows 98 browse master does not do this, reliably.

  • File sharing. Once you get past the issue of seeing what's available on the LAN, you'll want to access what's available.
    • Computers running Windows 98 can share files using share level access (one password used by all), or user level access (similar to local accounts in Windows XP). Other older operating systems have other possibilities. This subject is covered in detail in the referential Microsoft white paper File and Printer Sharing with Microsoft� Windows.
    • If you're using a client computer running Windows 98, trying to access a server running Windows XP, and you're asked for the IPC$ password, the server needs the Guest account activated for network use.
    • A computer running Windows 9x will use either Guest authentication, or it will use non-Guest authentication, at your discretion. But understand the differences.
    • Windows 95 / 98 clients will have a problem with (KB160843): share names with more than 12 characters.
    • Computers running Windows 95 / 98, and computers running Windows 2000 / XP, will happily use LM Authentication when starting a sharing session. Unfortunately, LM Authentication is not as secure as its successors, NTLM and NTLM V2. If you involve Windows Vista, you'll have a problem, since Windows Vista, by default, only uses NTLM V2.

  • More information:


>> Top

Windows XP and Service Packs

Every version of Windows, from Windows 3.1 and Windows For Workgroups to Windows eXPerience, has been full of flaws. From logistics and usability design problems, to security holes, to out and out instability problems, Windows has them. I help people with problems - it's how I got to be an MVP. The problems just don't stop.

Periodically you see somebody ask for help in an online forum, and as part of the system description, admit that they have one or more computers with Service Pack 1 (occasionally, no service pack) on their network. They all have good reasons for not applying SP2.


  • I never got around to applying it.
  • I heard too many stories about how unstable it is.
  • My brother (cousin, neighbor, barber,...) told me not to apply it.
  • It uses too many resources.
  • I don't need it, it was just security enhancements, and my computer is safer without it.
  • I don't need it, I can protect my computer without it.
  • My computer is fine right now. You can't fix what isn't broken.
  • ... and endless variations.

One of the problems with Windows, in general, is its stability and security problems. One of the causes of stability and security problems is the need for Windows to support multiple versions of different software, whether its own, or third party products.

Periodically, Microsoft issues rollup updates, which give it a baseline to work from when supporting their own product. SP2 was one of those rollups. By continuing to use Windows SP1, and by encouraging others to do so, you are requiring useless complexity in Windows.

Yes, your layered security, and your knowledge of proper computer use, avoids your need for SP2, within limits. If your computer is fine right now, and you don't plan to ever add any new hardware or software, you're only vulnerable to problems (and newly discovered security issues) in the current hardware and software. Maybe you can live with that. I'm not sure that I could.

What if you plan to add any hardware or software to your computer? Maybe one day the video card will die on you. Maybe you'll add a new game, or maybe a newer version of your browser, Instant Messenger, or audio / video player? Will the new hardware or software be tested for SP1? Will it even run under SP1?

All hardware requires drivers, that have to support the Service Pack. If you have to buy a new network or video card, can you find one that supports SP1? Take a look at Walmart next time you're there.

No software company has unlimited resources. Do you expect new software to be designed to work under SP1? Do you expect new software to be tested under SP1? For how long? How about the web sites that you surf to? Will they support your old browser, that supports XP SP1, forever?

XP SP2 has been out for a long time. Its time to put SP1 to bed, and prepare for SP3 or Vista, which ever comes first. As Windows customers move to SP3 or Vista, support for SP2 will continue. But support for SP1 should not.

Move to SP2. Windows is bad enough with it - its worse without it. And do it before you have to upgrade your browser, or install a new network or video card. Upgrading to SP2 is stressful. Upgrading to SP2 AND replacing your network card, simultaneously, will be far worse. That said, plan your upgrade, and fix all active problems first.