Why is Guest account being used by Win Srv 2008 R2?

Forums Operating Systems Windows Server 2008 R2 Miscellaneous Why is Guest account being used by Win Srv 2008 R2?

Viewing 46 reply threads
  • Author
    Posts
    • #44048

      Hi all, I am using Win 2K8 R2 as a development workstation.

      I have been tracking down a security audit logon failure on a particular instance of Windows Server 2008 R2.

      One this one machine only, if I open Devices and Printers, right click on any of the Printers, click Printer Properties, then click the Sharing tab, I get a logon audit failure – printui.exe is trying to logon as Guest. Guest account is disabled which is why the audit failure occurs.

      Also, if I bring up Windows Explorer and click around in folders, I will get a logon security audit failure as well on the Guest account.I tied a task (popup window) to the logon failure event so I could immediately see it happen, and I also temporarily enabled the Guest account and verified the successful logon events were also recorded in these 2 cases.

      I have used SysInternals tools to try and track – if I enable GUEST the logons do not appear in LogonSessions, maybe they occur and complete too fast. I see no shares using GUEST in ShareEnum.

      Why is this happening, why does Devices and printers and Windows Explorer try to logon as Guest? BTW, this happens even if I am logged in as a Domain Admin.

      (BTW – system is AV/spyware free, I run HijackThis, spybot, and at least one other; system is also fully updated).

      As a follow up, I have another Win2K8 R2 box that acts as DC, where this does not happen – it does not use Guest to logon, so it gets no audit failures or audit successes for logging on. As far as I know the systems should be configured pretty much the same other than one being a DC and the other (offending) box just being a non-DC server. I have checked the Local Policy Settings extensively to see if something is different and I don’t see anything.

      So why does this one box insist on logging in as Guest for Windows Explorer and Devices and Printers/Sharing?

      Here is the event log–
      ==========
      Log Name: Security
      Source: Microsoft-Windows-Security-Auditing
      Date: 5/1/2010 7:07:53 AM
      Event ID: 4624
      Task Category: Logon
      Level: Information
      Keywords: Audit Success
      User: N/A
      Computer: WILDCAT.xxxxxxxxxxxxxxxxxxx
      Description:
      An account was successfully logged on.

      Subject:
      Security ID: xxxxxxxyyyyy
      Account Name: yyyyy
      Account Domain: xxxxxxx
      Logon ID: 0xdc92e

      Logon Type: 3

      New Logon:
      Security ID: WILDCATGuest
      Account Name: Guest
      Account Domain: WILDCAT
      Logon ID: 0x229dbd6
      Logon GUID: {00000000-0000-0000-0000-000000000000}

      Process Information:
      Process ID: 0x1420
      Process Name: C:WindowsSystem32printui.exe

      Network Information:
      Workstation Name: WILDCAT
      Source Network Address: –
      Source Port: –

      Detailed Authentication Information:
      Logon Process: Advapi
      Authentication Package: Negotiate
      Transited Services: –
      Package Name (NTLM only): –
      Key Length: 0

      This event is generated when a logon session is created. It is generated on the computer that was accessed.

      The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

      The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

      The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

      The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

      The authentication information fields provide detailed information about this specific logon request.
      – Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
      – Transited services indicate which intermediate services have participated in this logon request.
      – Package name indicates which sub-protocol was used among the NTLM protocols.
      – Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

    • #50784

      Open up the local security policy of your machine and navigate to

      Local Policies > Security Options > Network Access: Sharing and security model for local accounts

      If the setting is set to guest only then the network logon will automatically mapped to Guest account. Check out this setting and see if it is the culprit. It might be.

    • #60603
      Anonymous

      Open up the local security policy of your machine and navigate to

      Local Policies > Security Options > Network Access: Sharing and security model for local accounts

      If the setting is set to guest only then the network logon will automatically mapped to Guest account. Check out this setting and see if it is the culprit. It might be.

    • #50785

      Thanks for the reply! I checked it, it’s set to “Classic – local users authenticate as themselves”.

      If you have any other ideas or hunches please let me know, as I am out of ideas. Thanks for your time!

    • #60604
      Anonymous

      Thanks for the reply! I checked it, it’s set to “Classic – local users authenticate as themselves”.

      If you have any other ideas or hunches please let me know, as I am out of ideas. Thanks for your time!

    • #50786

      @awalt wrote:

      Thanks for the reply! I checked it, it’s set to “Classic – local users authenticate as themselves”.

      If you have any other ideas or hunches please let me know, as I am out of ideas. Thanks for your time!

      Are you joined to a domain? Your logon type is set to 3 which is network logon which leads me to believe you are joined to a domain, check your domain security policy and see if its set to “guest only”.

    • #60605
      Anonymous

      @awalt wrote:

      Thanks for the reply! I checked it, it’s set to “Classic – local users authenticate as themselves”.

      If you have any other ideas or hunches please let me know, as I am out of ideas. Thanks for your time!

      Are you joined to a domain? Your logon type is set to 3 which is network logon which leads me to believe you are joined to a domain, check your domain security policy and see if its set to “guest only”.

    • #50787

      Thanks for your help? How do I change/examine this on the Domain Controller? This has changed a lot since I last looked at it on the DC side…

      PS yes I am on a domain…

    • #60606
      Anonymous

      Thanks for your help? How do I change/examine this on the Domain Controller? This has changed a lot since I last looked at it on the DC side…

      PS yes I am on a domain…

    • #60607
      Anonymous

      On your domain controller…
      Start > Administrative Tools > Group Policy Management

      Expand Forest, then Domains. Click on your domain – wildcat I assume?

      Do you have any linked GPOs? Or just “default domain policy”

      Right-click on default domain policy and click edit.

      Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network access: Sharing and security model for local accounts

      Check the condition of this setting tell me if it is defined or not, if it is not defined then the default is “Classic”.

      Also, is your user account a member of the Domain Admins group in Active Directory Users and Computers? Please report back with your findings, I hope we can solve this problem for you. Please excuse me I’m not an expert in Windows Server but I’m trying to learn.

    • #50788

      On your domain controller…
      Start > Administrative Tools > Group Policy Management

      Expand Forest, then Domains. Click on your domain – wildcat I assume?

      Do you have any linked GPOs? Or just “default domain policy”

      Right-click on default domain policy and click edit.

      Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network access: Sharing and security model for local accounts

      Check the condition of this setting tell me if it is defined or not, if it is not defined then the default is “Classic”.

      Also, is your user account a member of the Domain Admins group in Active Directory Users and Computers? Please report back with your findings, I hope we can solve this problem for you. Please excuse me I’m not an expert in Windows Server but I’m trying to learn.

    • #50783

      Thanks again for the help!

      FYI Wildcat is the offending 2K8 R2 computer, not the domain name…

      I have a linked GPO, so I made sure the change was in there. It shows up under the domain name, and its link order is #1 above the default domain policy. I assume that is correct?

      The setting you told me about was not defined, I set it to the “Classic” setting.

      My user account is a Domain and Enterprise Admin in Active Directory, as well as an Admin on the offending computer local account.

      I then logged off and logged back on, and the same attempt to logon as Guest occurs.

      Thanks again for helping me look at this!

    • #60602
      Anonymous

      Thanks again for the help!

      FYI Wildcat is the offending 2K8 R2 computer, not the domain name…

      I have a linked GPO, so I made sure the change was in there. It shows up under the domain name, and its link order is #1 above the default domain policy. I assume that is correct?

      The setting you told me about was not defined, I set it to the “Classic” setting.

      My user account is a Domain and Enterprise Admin in Active Directory, as well as an Admin on the offending computer local account.

      I then logged off and logged back on, and the same attempt to logon as Guest occurs.

      Thanks again for helping me look at this!

    • #50782

      Ok bear with me here lol

      You are a domain administrator so you should be able to add/remove roles, create new users/groups, OUs in AD, modify GPOs. Answer these questions for me so I can get a better idea of what you can and cannot do.

      1. Go to C:Windows. Right-click on folder hit properties. Click on Security tab.

      List all the accounts you see under Group or user names.

      Now click Advanced button at bottom. Then Owner. Who is the current owner of the Windows folder?

      2. Navigate to C:Windowsexplorer.exe. Repeat the same process and tell me who is listed under group or user names and who is current owner.

      3. Navigate to c:windowssystem32printui.exe. Repeat same process.

      Your results should look something like this:

      1 – C:WINDOWS

      CREATOR OWNER
      SYSTEM
      Administrators (SEALY1986/Administrators)
      Users (SEALY1986Users)
      TrustedInstaller

      Current owner: TrustedInstaller

      2 – C:WindowsExplorer.exe

      SYSTEM
      Administrators (SEALY1986Administrators)
      Users (SEALY1986Users)
      TrustedInstaller

      Current owner: TrustedInstaller

      3 – C:Windowssystem32printui.exe

      SYSTEM
      Administrators (SEALY1986Administrators)
      Users (SEALY1986Users)
      TrustedInstaller

      Current owner: TrustedInstaller

      These are the results of my ACL on my domain controller. I have a HP printer installed and connected via USB to my domain controller computer. I have printer sharing enabled through active directory and I have a laptop with server 2008 r2 as a workstation connected to my domain with domain administrator account and I can navigate through windows explorer and connect to printer without guest. If your list matches mine then atleast we can safely say it is not an access control problem or even a permissions issue.

      The next step I would suggest would be to check the universal group membership caching setting in Active Directory Sites and Services. Navigate to Sites > Default-First-Site-Name (OR a name you put in yourself) Right-click on NTDS Site Settings and choose properties. By default it should be unchecked.

      If this doesn’t work I would suggest you demote your developer workstation back to a WORKGROUP again. Disconnect it from your domain so the only policy affecting the system is the local policy. We might be able to determine if this is a domain-wide or localized problem. You can always join back to the domain if the problem still persists. Hope one of these solutions fixes it cause im running out of ideas lol

    • #60601
      Anonymous

      Ok bear with me here lol

      You are a domain administrator so you should be able to add/remove roles, create new users/groups, OUs in AD, modify GPOs. Answer these questions for me so I can get a better idea of what you can and cannot do.

      1. Go to C:Windows. Right-click on folder hit properties. Click on Security tab.

      List all the accounts you see under Group or user names.

      Now click Advanced button at bottom. Then Owner. Who is the current owner of the Windows folder?

      2. Navigate to C:Windowsexplorer.exe. Repeat the same process and tell me who is listed under group or user names and who is current owner.

      3. Navigate to c:windowssystem32printui.exe. Repeat same process.

      Your results should look something like this:

      1 – C:WINDOWS

      CREATOR OWNER
      SYSTEM
      Administrators (SEALY1986/Administrators)
      Users (SEALY1986Users)
      TrustedInstaller

      Current owner: TrustedInstaller

      2 – C:WindowsExplorer.exe

      SYSTEM
      Administrators (SEALY1986Administrators)
      Users (SEALY1986Users)
      TrustedInstaller

      Current owner: TrustedInstaller

      3 – C:Windowssystem32printui.exe

      SYSTEM
      Administrators (SEALY1986Administrators)
      Users (SEALY1986Users)
      TrustedInstaller

      Current owner: TrustedInstaller

      These are the results of my ACL on my domain controller. I have a HP printer installed and connected via USB to my domain controller computer. I have printer sharing enabled through active directory and I have a laptop with server 2008 r2 as a workstation connected to my domain with domain administrator account and I can navigate through windows explorer and connect to printer without guest. If your list matches mine then atleast we can safely say it is not an access control problem or even a permissions issue.

      The next step I would suggest would be to check the universal group membership caching setting in Active Directory Sites and Services. Navigate to Sites > Default-First-Site-Name (OR a name you put in yourself) Right-click on NTDS Site Settings and choose properties. By default it should be unchecked.

      If this doesn’t work I would suggest you demote your developer workstation back to a WORKGROUP again. Disconnect it from your domain so the only policy affecting the system is the local policy. We might be able to determine if this is a domain-wide or localized problem. You can always join back to the domain if the problem still persists. Hope one of these solutions fixes it cause im running out of ideas lol

    • #60608
      Anonymous

      Thanks for the suggestions! Here is what I found:

      The accounts under c:WINDOWS, explorer.exe and printui.exe all look the same as yours except my domain name in lieu of SEALY1986. Where does it say who the current owner is? I did not see that, but I suspect it’s ok (I’d be happy to check it again though).

      Now – I took the offending Win2K8 R2 box out of the domain, put it in WORKGROUP (should be only PC in that group). Just as a lark, I tested, and I get the same logon audit failure on Guest in explorer.exe! So it has nothing to do with domain/domain settings.

      Does that generate any ideas? I’ll keep looking too.

    • #50789

      Thanks for the suggestions! Here is what I found:

      The accounts under c:WINDOWS, explorer.exe and printui.exe all look the same as yours except my domain name in lieu of SEALY1986. Where does it say who the current owner is? I did not see that, but I suspect it’s ok (I’d be happy to check it again though).

      Now – I took the offending Win2K8 R2 box out of the domain, put it in WORKGROUP (should be only PC in that group). Just as a lark, I tested, and I get the same logon audit failure on Guest in explorer.exe! So it has nothing to do with domain/domain settings.

      Does that generate any ideas? I’ll keep looking too.

    • #60609
      Anonymous

      @awalt wrote:

      Where does it say who the current owner is? I did not see that, but I suspect it’s ok (I’d be happy to check it again though).

      In the Security tab, click on Advanced (it’s near the bottom). In the new dialog that opens, click on the Owner tab. You’ll find the current owner there.

    • #50790

      @awalt wrote:

      Where does it say who the current owner is? I did not see that, but I suspect it’s ok (I’d be happy to check it again though).

      In the Security tab, click on Advanced (it’s near the bottom). In the new dialog that opens, click on the Owner tab. You’ll find the current owner there.

    • #60610
      Anonymous

      Try this:

      Reboot the offending computer and press F8 repeatedly to open Advanced Boot Options. Choose “Safe Mode with Networking”. Login with the Built-in Administrator account (not your user created one). Click on Devices and Printers, right-click Printers choose Properties. Click on the Sharing tab. IF you are allowed to continue, change the sharing permissions and give full control to the Administrators group ONLY. If you see “Everyone” remove it. Same thing for Guest, etc etc.

      Now while still in safe mode go to Control Panel > User Accounts > Manage another Account

      Create a new administrator account called “tempadmin”.

      Now log back off and reboot as normal. First login with the offending administrator account like you always do and try to access printer sharing. Do you still receive the same printui.exe error? If this doesn’t work logoff and login with your newly created tempadmin account. Now try to do the same thing. Report back with your results.

    • #50791

      Try this:

      Reboot the offending computer and press F8 repeatedly to open Advanced Boot Options. Choose “Safe Mode with Networking”. Login with the Built-in Administrator account (not your user created one). Click on Devices and Printers, right-click Printers choose Properties. Click on the Sharing tab. IF you are allowed to continue, change the sharing permissions and give full control to the Administrators group ONLY. If you see “Everyone” remove it. Same thing for Guest, etc etc.

      Now while still in safe mode go to Control Panel > User Accounts > Manage another Account

      Create a new administrator account called “tempadmin”.

      Now log back off and reboot as normal. First login with the offending administrator account like you always do and try to access printer sharing. Do you still receive the same printui.exe error? If this doesn’t work logoff and login with your newly created tempadmin account. Now try to do the same thing. Report back with your results.

    • #60611
      Anonymous

      I rejoined the domain to get some work done. Should I be in the domain or still in the workgroup?

    • #50792

      I rejoined the domain to get some work done. Should I be in the domain or still in the workgroup?

    • #60612
      Anonymous

      @awalt wrote:

      I rejoined the domain to get some work done. Should I be in the domain or still in the workgroup?

      It shouldn’t matter now that we have established this isn’t a domain-wide issue its something effecting your local computer, so it doesnt matter if you are joined to a domain or not. Are you able to use the Run As command as a workaround or does it force you to always use guest?

      BTW: I am moderating this forum, particularly yours so we can help resolve this annoyance. So please don’t hesitate to respond back quickly.

    • #50793

      @awalt wrote:

      I rejoined the domain to get some work done. Should I be in the domain or still in the workgroup?

      It shouldn’t matter now that we have established this isn’t a domain-wide issue its something effecting your local computer, so it doesnt matter if you are joined to a domain or not. Are you able to use the Run As command as a workaround or does it force you to always use guest?

      BTW: I am moderating this forum, particularly yours so we can help resolve this annoyance. So please don’t hesitate to respond back quickly.

    • #50794

      When I boot into safe with networking and bring up Devices and Printers (note this computer is part of the domain again, but I logged in as the local Built In Administrator), there is only a devices section, no printers section. The printer is there, but it has a little yellow triangle with an exclamation box, and hovering over it says troubleshooting necessary. Must have to do with safe mode. Right clicking on it/Properties did not give me a security tab, it had a General Tab and a Hardware tab, that one had a list of all system devices. I couldn’t see anywhere to get the Permissions info on this page or in Devices and Printers.

      I created the local account TempAdmin as an administrator. I logged in, cleared the event log, and brought up Windows explorer. I just clicked around some folders, and refreshed Event Log. I had 8 audit failures, login failures, the subject user name was TempAdmin, the target user name was Guest!

    • #60613
      Anonymous

      When I boot into safe with networking and bring up Devices and Printers (note this computer is part of the domain again, but I logged in as the local Built In Administrator), there is only a devices section, no printers section. The printer is there, but it has a little yellow triangle with an exclamation box, and hovering over it says troubleshooting necessary. Must have to do with safe mode. Right clicking on it/Properties did not give me a security tab, it had a General Tab and a Hardware tab, that one had a list of all system devices. I couldn’t see anywhere to get the Permissions info on this page or in Devices and Printers.

      I created the local account TempAdmin as an administrator. I logged in, cleared the event log, and brought up Windows explorer. I just clicked around some folders, and refreshed Event Log. I had 8 audit failures, login failures, the subject user name was TempAdmin, the target user name was Guest!

    • #50795

      It almost feels like it is some sort of simple file sharing, but that doesn’t exist in Win Server 2K8.

    • #60614
      Anonymous

      It almost feels like it is some sort of simple file sharing, but that doesn’t exist in Win Server 2K8.

    • #50796

      Well I turned off file and printer sharing, and Public folder sharing, and the error continues. It’s not that…

    • #60615
      Anonymous

      Well I turned off file and printer sharing, and Public folder sharing, and the error continues. It’s not that…

    • #50797

      Yeah simple file sharing just treats remote users with the same “standard” permissions. Your problem is the local account on the physical computer itself cannot use its own credentials.

      Are you getting an audit failure with event ID 4625?

    • #60616
      Anonymous

      Yeah simple file sharing just treats remote users with the same “standard” permissions. Your problem is the local account on the physical computer itself cannot use its own credentials.

      Are you getting an audit failure with event ID 4625?

    • #50798

      Yes, 4625. Here is a sample of a latest one (domain name and account name changed to protect the innocent):

      An account failed to log on.

      Subject:
      Security ID: DomainNameDOM
      Account Name: DOM
      Account Domain: DomainName
      Logon ID: 0x291404

      Logon Type: 3

      Account For Which Logon Failed:
      Security ID: NULL SID
      Account Name: Guest
      Account Domain: WILDCAT

      Failure Information:
      Failure Reason: Account currently disabled.
      Status: 0xc000006e
      Sub Status: 0xc0000072

      Process Information:
      Caller Process ID: 0xe08
      Caller Process Name: C:Windowsexplorer.exe

      Network Information:
      Workstation Name: WILDCAT
      Source Network Address: –
      Source Port: –

      Detailed Authentication Information:
      Logon Process: Advapi
      Authentication Package: Negotiate
      Transited Services: –
      Package Name (NTLM only): –
      Key Length: 0

    • #60617
      Anonymous

      Yes, 4625. Here is a sample of a latest one (domain name and account name changed to protect the innocent):

      An account failed to log on.

      Subject:
      Security ID: DomainNameDOM
      Account Name: DOM
      Account Domain: DomainName
      Logon ID: 0x291404

      Logon Type: 3

      Account For Which Logon Failed:
      Security ID: NULL SID
      Account Name: Guest
      Account Domain: WILDCAT

      Failure Information:
      Failure Reason: Account currently disabled.
      Status: 0xc000006e
      Sub Status: 0xc0000072

      Process Information:
      Caller Process ID: 0xe08
      Caller Process Name: C:Windowsexplorer.exe

      Network Information:
      Workstation Name: WILDCAT
      Source Network Address: –
      Source Port: –

      Detailed Authentication Information:
      Logon Process: Advapi
      Authentication Package: Negotiate
      Transited Services: –
      Package Name (NTLM only): –
      Key Length: 0

    • #50799

      I set up a little experiment. I opened up the Event Log to the Audit page which generates success/failures. Next I created a network share called “temp”, located at \STEVENTemp. Next I went to my laptop and typed in \STEVENTemp. When it asked me for credentials I put in Guest which obviously is disabled. The laptop waited for about 5 seconds and then displayed a “account is disabled” logon failure message. I refreshed the event log and I noticed that it generated about 15 audit failures all linking to the guest account. I believe what is happening is the remote computer is trying to contact the server (ACK) for a certain amount of time until it timeouts with the failed message. During its time of trying to contact the server this is why I see the consecutive audit failure messages.

      Somebody or maybe yourself is trying to access a particular network resource which is set to use only anonymous access (which includes guest) and thus why you are probably receiving this audit failure.

    • #60618
      Anonymous

      I set up a little experiment. I opened up the Event Log to the Audit page which generates success/failures. Next I created a network share called “temp”, located at \STEVENTemp. Next I went to my laptop and typed in \STEVENTemp. When it asked me for credentials I put in Guest which obviously is disabled. The laptop waited for about 5 seconds and then displayed a “account is disabled” logon failure message. I refreshed the event log and I noticed that it generated about 15 audit failures all linking to the guest account. I believe what is happening is the remote computer is trying to contact the server (ACK) for a certain amount of time until it timeouts with the failed message. During its time of trying to contact the server this is why I see the consecutive audit failure messages.

      Somebody or maybe yourself is trying to access a particular network resource which is set to use only anonymous access (which includes guest) and thus why you are probably receiving this audit failure.

    • #50800

      I believe I found the reason why you are getting those audit failures.

      Open up command prompt and type in the following:

      net user guest /active:NO

      Now go to Network and Sharing Center. Click “Change Advanced Sharing Settings”

      Turn On Network Discovery
      Turn On File and Print Sharing
      Turn Off Password-protected sharing

      Save changes.

      Now go to a different computer and type in the sharename of your offending computer.

      For example \OFFENDING-PC

      When it asks you for credentials just

      After you have connected to network share close out. Notice what happens? The guest account is a Built-in system account by the operating system and by telling the machine to turn off password protected sharing you’ve told it to use anonymous access, which is why it is trying to use Guest to logon. By disabling the account you are receiving those event id 4625 audit failure errors as a result. The machine will try turn on the guest account to allow anonymous access. I had my guest account disabled and when I turned off password protected sharing it magically turned itself on. I believe this is why. I wouldn’t really put so much stress over audit failures/successes your machine will probably generate 2,000 or more of them in a couple days, why stress yourself after looking at everyone. You should really only be monitoring this if someone else has trouble contacting a network resource using an account that is supposed to be able to connect. FYI – Relax lol

    • #60619
      Anonymous

      I believe I found the reason why you are getting those audit failures.

      Open up command prompt and type in the following:

      net user guest /active:NO

      Now go to Network and Sharing Center. Click “Change Advanced Sharing Settings”

      Turn On Network Discovery
      Turn On File and Print Sharing
      Turn Off Password-protected sharing

      Save changes.

      Now go to a different computer and type in the sharename of your offending computer.

      For example \OFFENDING-PC

      When it asks you for credentials just

      After you have connected to network share close out. Notice what happens? The guest account is a Built-in system account by the operating system and by telling the machine to turn off password protected sharing you’ve told it to use anonymous access, which is why it is trying to use Guest to logon. By disabling the account you are receiving those event id 4625 audit failure errors as a result. The machine will try turn on the guest account to allow anonymous access. I had my guest account disabled and when I turned off password protected sharing it magically turned itself on. I believe this is why. I wouldn’t really put so much stress over audit failures/successes your machine will probably generate 2,000 or more of them in a couple days, why stress yourself after looking at everyone. You should really only be monitoring this if someone else has trouble contacting a network resource using an account that is supposed to be able to connect. FYI – Relax lol

    • #50801

      I did the net user guest /active:NO

      However,
      Turn On Network Discovery — was already On
      Turn On File and Print Sharing — was already on
      Turn Off Password-protected sharing – doesn’t exist for me on that screen! Article “Enable or disable sharing and discovery” on technet.microsoft.com says it’s for non-domain use only. It also says “To grant access to a shared folder on this computer on another computer, you must create a user name and password on this computer and supply them to the other user…”

    • #60620
      Anonymous

      I did the net user guest /active:NO

      However,
      Turn On Network Discovery — was already On
      Turn On File and Print Sharing — was already on
      Turn Off Password-protected sharing – doesn’t exist for me on that screen! Article “Enable or disable sharing and discovery” on technet.microsoft.com says it’s for non-domain use only. It also says “To grant access to a shared folder on this computer on another computer, you must create a user name and password on this computer and supply them to the other user…”

    • #60621
      Anonymous

      Leaving domain to try this, maybe something is messed up on the local part. Stay tuned..

    • #50802

      Leaving domain to try this, maybe something is messed up on the local part. Stay tuned..

    • #60622
      Anonymous

      FIXED IT!!!

      Here is what I did – I removed the computer from the domain. I then went in and did what you said, especially turning off Password-protected sharing. Went back and joined the domain, and even though that entry never shows anywhere, the logon failure is gone! This actually sounds like a big to me, it must be turned on by default and even though it’s WinSrv 2008 in a domain somebody is looking at that value.

      I have been trying for 10 minutes to make it happen and I can’t.

      Thanks SO MUCH for your help, I’ll update if anything changes in the next few days.

    • #50803

      FIXED IT!!!

      Here is what I did – I removed the computer from the domain. I then went in and did what you said, especially turning off Password-protected sharing. Went back and joined the domain, and even though that entry never shows anywhere, the logon failure is gone! This actually sounds like a big to me, it must be turned on by default and even though it’s WinSrv 2008 in a domain somebody is looking at that value.

      I have been trying for 10 minutes to make it happen and I can’t.

      Thanks SO MUCH for your help, I’ll update if anything changes in the next few days.

    • #60623
      Anonymous

      Glad I could be of assistance.

    • #50804

      Glad I could be of assistance.

Viewing 46 reply threads
  • You must be logged in to reply to this topic.