IPC$ Problems Networking Nt/2k with Win9x
This article is focused on the home user running a workgroup with NT 4 or Win2k with Win95, Win98, or WinMe computers networked together. NT and Win2k server versions are also capable of using Domains and Active Directories but these work in different manners and are not covered here. Please read the whole article before attempting to set this up, especially the Tips and Notes area. Also this article does not cover security aspects and is highly advised you look at other articles dealing with those issues.
For this article I will refer to Win95, Win98 and WinMe all as Win9x and assume a network of one NT or Win2k computer connected to one Win9x computer. Once the basics are understood networking multiple systems is straightforward.
The Error
Ok, you got your home LAN connected and the hardware (NICs, hub, ...etc) show it's working and they are all physically talking to each other. You hop on your NT or Win2k computer and attempt to connect to your Win9x computer. You can see all your shares on the Win9x computer. Next you hop on your Win9x computer and attempt to connect to the NT or Win2k computer... ah oh. You get a dialog asking for a password for some IPC$ thing. What the hell is this?
This is a common problem I get asked when people new to NT or Win2k first attempt to networking it Win9x computers. By default NT and Win2k REQUIRES all computers and users that connect to the computer (services aside, like web servers) logon and authenticate themselves before they allow data to be accessed for security reasons. The user that attempts a connection to this computer must be known to the system and have the access required. If it doesn't know who you are it responds back using the IPC$ share (InterProcess communication) with a "huh?" Win9x gets quite confused by this. If a NT or Win2k computer was unknown to another NT or Win2k computer it would show a dialog that lets you enter in both username and password. In the case of Win9x, it is unable to ask for a username, hence change usernames, for network access. With Win9x you can only change your username for network access by logging out.
The proper way to solve this issue is to add all usernames on your Win9x computer into your NT or Win2k user database. Note this is not the same as the computer name. The exact way this is done under NT and Win2k is a bit different so I broke up the steps into two parts. Directly below are steps for Win2k, move further down or click here for WinNT.
Windows 2000
General Steps:
- Find out the usernames and passwords used on your Win9x computer.
- Add each user from the win9x computer into the Users and Passwords control panel or Local Users and Groups in Computer Management/MMC.
- Check to make sure that the users you created have network logon access and that Win2k allows LM Lan authorization (these are the default).
1. Find out the usernames and passwords used on your win9x computer.
This part usually confuses people because most people don't even realize they log into a Win9x computer. Most people don't use profiles and passwords so Windows doesn't ask you to logon. The first time you use Win9x it will display a logon prompt (with a key icon) asking for a username and password. If you enter a blank password here Windows assumes you don't want to be asked to logon on startup from now on.
There are a few ways to find out what your username is. On Win98 or WinMe you can usually see the username right on the start menu above the shutdown option: "Log off username." Sometimes you see the username has been cut off: "Log off MyReallyLon..." If this is the case or if you're using Win95, you need to try another way. A sure way to find out this information on any system is to look for all PWL files. Every username on a Win9x computer should have a corresponding PWL file where the filename is a username. Having a username "Mike" would have a "Mike.pwl" file, username "Administrator" would have an "Administrator.pwl" file and so on. You can find these files by using the Find files or Search for files command on the Start menu and entering "*.PWL" (without quotes) under the Named box. If you find a RNA.PWL file you can ignore this one, I believe this file contains the list of PWL files (but in a unreadable format).
Next you need the password for each user. If windows hasn't been asking you to logon, your password is blank. If it has, you either already know it or you can ask the person who does. You might not want to use a blank password since anyone can then logon to your Win2k computer. To change the password on Win9x use the Password or Users and Passwords control panels. There are some tricks to help with this in the Tips and Notes area below.
2. Add each user from the win9x computer into the Users and Passwords Control panel or Local Users and Groups in Computer Management/MMC
Now that you know all your usernames and passwords needed you need to get them on the Win2k computer. Login as a user with administrator privileges and go to My Computer, Control panel, then Users and Passwords. You should see a list of users on your system like Administrator and Guest. Press the Add button and you will see an Add New User wizard. Enter for "User name:" one of the usernames. Enter in appropriate values for Fullname and Description but these are not required. Press next and enter in the password. Username and Password MUST match the Username and Password on the Win9x computer. Next you want to choose what kind of access you want to give that computer/user. If you are not sure use Restricted User. Repeat the procedure for all usernames and passwords.
3. Check to make sure that the users you created have network logon access and that Win2k allows LM Lan authorization
While these items are usually selected correctly by default it's good to check incase you or some other program has changed the defaults. Open up Local Security Policy under My Computer, control panel, Administrative Tools. Under Local Polices then User Rights Assignments look for Access This Computer From The Network and double click it. You should see a list of groups or users. You want to make sure that the users you are creating have this right. You can either add the user or the group the user belongs to. Note that Restricted User is in the group User and Standard User is in the group Power Users.
Also in Local Security under Security Options find the LAN Manager Authentication Level. You want to choose an option that includes sending LM responses, which Win9x uses. Send LM & NTLM Responses is the default and works fine. There are patches for Win9x that allows it to use the more secure NTLMv2 protocol which you might want to look into.
Now you can hop on the Win9x computer and attempt to connect to a Win2k computer. It Works!
Windows NT
General Steps:
- Find out the usernames and passwords used on your win9x computer.
- Add each user from the win9x computers into User Manager.
1. Find out the usernames and passwords used on your win9x computer.
This part usually confuses people because most people don't even realize they log into a Win9x computer. Most people don't use profiles and passwords so Windows doesn't ask you to logon. The first time you use Win9x it will display a logon prompt (with a key icon) asking for a username and password. If you enter a blank password here Windows assumes you don't want to be asked to logon on startup from now on.
There are a few ways to find out what your username is. On Win98 or WinMe you can usually see the username right on the start menu above the shutdown option: "Log off username." Sometimes you see the username has been cut off: "Log off MyReallyLon..." If this is the case or if you're using Win95, you need to try another way. A sure way to find out this information on any system is to look for all PWL files. Every username on a Win9x computer should have a corresponding PWL file where the filename is a username. Having a username "Mike" would have a "Mike.pwl" file, username "Administrator" would have an "Administrator.pwl" file and so on. You can find these files by using the Find files or Search for files command on the Start menu and entering "*.PWL" (without quotes) under the Named box. If you find a RNA.PWL file you can ignore this one, I believe this file contains the list of PWL files (but in a unreadable format).
Next you need the password for each user. If windows hasn't been asking you to logon, your password is blank. If it has, you either already know it or you can ask the person who does. You might not want to use a blank password since anyone can then logon to your NT computer. To change the password on Win9x use the Password or Users and Passwords control panels. There are some tricks to help with this in the Tips and Notes area below.
2. Add each user from the win9x computers in to User Manager.
Now that you know all your usernames and passwords needed you need to get them on the NT computer. Login as a user with administrator privileges and go to User Manager under Administrator Tools (common) on the Start menu You should see a list of users on your system like Administrator and Guest. On the User menu choose New User. Enter for "User name:" one of the usernames. Enter in appropriate values for Fullname and Description but these are not required. Enter in the password. Username and Password MUST match the Username and Password on the Win9x computer. You want to disable the "User Must Change Password At Next Logon." Press the Groups button. Now choose what group you want to that user to have. If you are not sure use Users. Repeat the procedure for all usernames and passwords.
Now you can hop on a Win9x computer and attempt to connect to a Win2k computer. It Works!
Tips and Notes
But my NT Users Don't want to give me their passwords!
That's fine but you still need to get their passwords on your NT or Win2k computer. One way is to give that user a temporary password and logon into that user's account on the NT or Win2k computer. Press Ctrl-Alt-Del once and choose Change Password. Get the user and enter in their password for themselves.
You said I can login automatically with a password on Win9x, how?
With Win9x you can use TweakUI's network login to automatically logon to any username and password allowing you to not put a blank password on your NT or Win2k computer but still not having to enter a password on your Win9x computers. Note that, as TweakUI itself says this password is not encrypted and can be discovered if someone has access to your Win9x computer. As always you should restrict your users to allow the bare minimum that they will need. Download TweakUI
But can't I just enable the Guest account?
While having the guest account with a blank password will any anyone to access your NT or Win2k computer this would open a large Security hole. It's rated #8 in SANS Ten Most Critical Internet Security Threats.
Last Update: Jan 26th, 2003 (minor)Written by Mike "Catfish" Moniz @ Halfdone Development