Forceguest=0 isn't effective on XP Home, even after reboot.

Should you have problems with the MS logon plugin, here's the place to look for help or report issues.

Forceguest=0 isn't effective on XP Home, even after reboot.

Postby franckyca » 2005-07-01 17:20

Hi,

I've 2 PC under XP Home with UltraVNC 1.0.0 (build of 24 Jun 2005) and activated MSLogon II.

I've added one user in the configuration of UltraVNC MSLogon on each PC and modified Forceguest to "0" into regedit.

But the thing is that, every time i try to connect to the other PC, i got "VNC Authentication failed". In XP event viewer, the account seems still to be "guest" so I don't understand how to really force system not to use "guest" account.

If I add "Guest" account in UltraVNC MSLogon selection with FullAccess, everything works fine.

Did I missed something ? :roll:
thanks for help.
franckyca
 
Posts: 1
Joined: 2005-07-01 16:59

Postby Marscha » 2005-07-11 13:14

I'm sorry but I have no XP Home available to test the scenario.
In the event log you should see if the connection failed because it is not authenticated or not authorized.
Not authenticated means either username or password is wrong.
Not authorized means that authentication succeeded but the user is not member of a group in the ACL.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48

Postby redge » 2005-07-15 16:37

XP SP2 home french
I have same issue

after I was "modified Forceguest to "0" into regedit. " on XP SP2 home and XP SP2 Professional

work well with XP SP2 professional
now I can use MS-Logon II too (would be a good idea if automatically activated when user select MS-Logon II)

not work on XP Home (I think, because there limited feature can't be used on enterprise network, dedicaced only for home network use)
anybody can confirm this point with XP Home ?


XP Home

Event viewer - Security
Echec de l'ouverture de session
Reason: user name unknown or wrong password
User name: redge
Domain:
Session typ: 3
Open Processus aperture: NtLmSsp
authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Name of workstation: MY_NOTEBOOK

Event viewer - Application
15/7/2005 18:44 Invalid attempt from client 192.168.xxx.xxx
15/7/2005 18:44 Invalid attempt (not authenticated) from client 192.168.xxx.xxx using redge account

same account using MS-Logon I successfull
same account using MS-Logon II VNC authentication fail (even is MS-Logon II !!!)
Last edited by redge on 2005-07-15 17:09, edited 2 times in total.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
redge
Super-Mod
Super-Mod
 
Posts: 6815
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Possible solution for "Invalid attempt (not authorized)

Postby edwindevaan » 2005-08-24 10:02

Hi,

I had a problem with Ultr@VNC v1.0.1 Viewer connecting to a Ultr@VNC v1.0.1 Server. Viewer is running on English Win2000 Prof SP4; Server is running on English WinXP Prof SP1. Although I was certain I had everything set up just fine (MS-LogonII, user full access) I still could not get a connection. Since the VNC Server was running on a system not installed by myself I started checking al Windows options I usually set when installing a fresh installation. I found that disabling "Use Simple File Sharing" solved the mysterious problem. I am convinced this should always be disabled to have a more secure network environment but I guess M$ put it in there for a reason. Hope this helps you out there having the same problem so look no further! :)

Kind regards,
Edwin de Vaan
www.ingTECH.nl
edwindevaan
 
Posts: 3
Joined: 2005-07-14 19:22
Location: Druten - The Netherlands

Postby Rudi De Vos » 2005-08-24 10:09

The foreguest is a realy dangerous setting....

Using ntlm, and testing the user/passwd....NTLM always answer Yes
if forceguest is set. Setting forceguest allow anyone to access your shared resources, but also answer YES to all authenticate requests.

For this reason, we refuse VNC access via NTLM if foreguest is set, as
the answer to authenticate a user would always be YES.
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5488
Joined: 2004-04-23 10:21

got it....

Postby ssimpson » 2005-08-29 22:44

This is what i found incase anyone else is still having trouble. With SP2 which is all I run, you must type domain\username in the username field. If you do not include your domain name vNC does not know were to look.

so if your Domain is BOB and your name is JOE you would type
BOB\JOE
ssimpson
 

VNC Authentication fails

Postby henderpw » 2005-10-12 20:45

My experience with UltraVNC authentication is as follows:

1. I manage a Windows Server2k3 domain.
2. I work from a Windows XPpro sp2 machine, UltraVNC Viewer installed.
3. I have UltraVNC server installed on a Windows NT4 member server that is still in service.
4. The VNC Server requires MS Logon and is set for administrators local.
5. In the local administrators group on the NT4 server lives the domain group which contains my username as a member, that username being listed in the form of domain\username.
6. VNC'ing into the 4.0 server from XP requires only my username to authenticate. If I try to authenticate with domain\username the VNC Viewer status goes from "password requested" to "Wrong Password" and the windows pops with VNC authentication failed. Again is I use only my username, NOT domain\username, and it works fine.
henderpw
 

Postby Marscha » 2005-10-13 06:31

do you use MS-Logon I or II on the NT4 box?
MS-Logon I does not understand domain\username syntax.
It automatically assumes username is either
- a local machine account or
- an account from the domain the computer is joined to.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48

Postby PAGANIS » 2005-10-20 16:18

Hi,
i have the same problem with XP Home edition SP2 and ms-logonII
i tried to log with user/domain, no succes
PAGANIS
 

MS-LOGON II on XP HOME

Postby Guest » 2005-11-01 22:43

PAGANIS wrote:Hi,
i have the same problem with XP Home edition SP2 and ms-logonII
i tried to log with user/domain, no succes


I have the same issue. Forceguest=0 does not seem to effect the WinVNC server on my Windows XP Home box.

I have added the user Jeffrey to the ACL for MS-LOGON II. Full Control.
When I attempt to log on I get Invalid Attempt (not authorized) from client xx.xx.xx.xxx using Jeffrey account.
But in the Event Viewers Security section the following suggests it's still using the Guest account.

Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 576
Date: 01/11/2005
Time: 8:48:42 AM
User: THE5HOME\Guest
Computer: THE5HOME
Description:
Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x2D3BAB)
Privileges: SeChangeNotifyPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Is it that MS-LOGON II will not work with XP HOME or could it be another issue?
Guest
 

Postby Marscha » 2005-11-07 08:05

Guest, you are right that MS-Logon II seems to use the Guest account and not the Jeffrey account.
The event log just uses the username that is sent together with the password.
Marscha
Former moderator
Former moderator
 
Posts: 471
Joined: 2004-05-14 06:48

Re: Forceguest=0 isn't effective on XP Home, even after rebo

Postby TheFatherMind » 2008-05-11 09:39

For some reason it is not common knowledge that Windows XP Home does not support user accounts on the network. All inbound user accounts when trying to access a network share are converted to "Guest" or "NETWORK". I am SURE that this is directly connected to this problem. The Authors of UltraVNC should disable the MSLogon option on XPHome Machines or should find a different way of checking the authentication. This is in some respects a bug because they are trying to get XP Home to do something it will NEVER do.

I am ashamed of Microsoft for not making this VERY clear inline of the networking when you go to enable it. I spent hours trying to understand why nothing I was doing was working some time back.

And to save anyone reading this time... You will find tons of posts on the net showing work arounds to force XP Home to allow user accounts not just Guest on the file and print sharing. And not a single one of them will work. It just cannot be done.
TheFatherMind
 
Posts: 3
Joined: 2008-05-04 08:31

Re: Forceguest=0 isn't effective on XP Home, even after rebo

Postby redge » 2009-10-22 19:11

UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
redge
Super-Mod
Super-Mod
 
Posts: 6815
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva


Return to MS logon plugin

Who is online

Users browsing this forum: No registered users and 3 guests