Question Sharing files on home network issue

[memory]

Trying to setup file sharing between 2 desktops. These are on same network, both running windows 10 pro, connected to switch using ethernet, which is connected by ethernet to router. I can see the computera on the network page. But when I try to open it, it says can't access it, network path not found.
Both have file and printer sharing turned on, password protected sharing off. Either desktop can see and access wireless devices like a printer.

 

[memory]

None of my machines' SMB Direct in firewall are checked and it does not hinder the Windows's file sharing and network discovery capability. Also none of them has SMB 1.0 enabled.

Disable MBAM and see.

How to Temporarily Disable Malwarebytes

Your computer contains important business information and private files that you can't afford to lose. Malwarebytes Anti-Malware protects against data loss by removing malicious files before they infect your system. If your Malwarebytes product stops working or conflicts with other programs, you...

smallbusiness.chron.com

I turned off MBAM and no difference.

On desktop A, I have enabled insecure guest logons in local group policy editor. Also in local security policy, microsoft network client digitally sign communactions always is disabled as it should be according to one of the links you provided.

Now I can't even see desktop B through A, and B can't see itself either.

 

[mxnerd]

Did you turn on password protection?

 

[memory]

Did you turn on password protection?

View attachment 41234

This was going to be my next question. At the moment I have that turned off. With that turned on, how do I set a password for that?

 

[mxnerd]

This was going to be my next question. At the moment I have that turned off. With that turned on, how do I set a password for that?

CTRL-ALT-DEL. No wonder I never encounter the message you saw.

No password for admin is a bad, bad idea & practice. Virus/malware is going to execute without your permission. Don't know how good your Malwarebyte protection is.

 

[memory]

I didn't realize the password needed for file sharing was the same on used for login.

So in order to share files over the network, I have to have password protected sharing turned on. So is it not possible to share files with that turned off? I was sure I done it in the past without it turned on.

So on desktop A and B, I turned that on. B can see A and access it with the password. But A can't see B at all. Desktop B has recently just had windows 10 reinstalled, updated and has very few programs, only running windows defender

 

[mxnerd]

Did you try the \\IP_address_B method? Sometimes Windows just have trouble resolving the name.

Also shutdown router and all PCs. Then power back on one by one, starting with router.

 

[memory]

Did you try the \\IP_address_B method? Sometimes Windows just have trouble resolving the name.

Ok I did that and it worked.

I still don't get why the laptop and desktop C was able to access all the computers with password protection off but nothing could access them.

 

[mxnerd]

Just turn on password protection for all machines. Do not leave any machine without password protection.

 

[mikeymikec]

Security software: Don't disable, remove it completely at least for the test. Also, if you've had another third party piece of security software installed previously, even if you 'properly' uninstalled it, look for a removal tool for it on the company's website. I've seen a few cases of "removed" / "disabled" security software still messing things up.

 

[memory]

CTRL-ALT-DEL. No wonder I never encounter the message you saw.

No password for admin is a bad, bad idea & practice. Virus/malware is going to execute without your permission. Don't know how good your Malwarebyte protection is.

I am a little confused about the password deal. I have a password set, have to use that password to login to windows each time. I thought since I set a password, I would need to enter that each time I make certain changes that require admin. But it still doesn't ask me for a password. Would it only ask me for a password if I am on a guest account? Only have the one admin account. So why would a virus or malware or whatever need a password? With no password set, it seemed like it was more secure as my own computers couldn't access each other through my own network. Am I thinking about this wrong?

 

[mikeymikec]

I am a little confused about the password deal. I have a password set, have to use that password to login to windows each time. I thought since I set a password, I would need to enter that each time I make certain changes that require admin. But it still doesn't ask me for a password. Would it only ask me for a password if I am on a guest account?

Or if you're signed in as a non-admin user. You're correct, mxnerd is not.

mxnerd's advice would be technically correct with his advice if he also advocated people signing in as non-admin users, then set a password on the admin account, then a UAC prompt would require a password and UAC bypass exploits would have a tougher time working. The user has the admin password for when it's required by UAC, but that would be the only time it gets used.

 

[memory]

I noticed something that seems strange to me. On desktop A and B, if I log into A and don't log into B, just leave it at the sign in screen, I can still access desktop B through the network on desktop A. I would have thought you would have to be fully signed in before you can access them.

 

[mxnerd]

I noticed something that seems strange to me. On desktop A and B, if I log into A and don't log into B, just leave it at the sign in screen, I can still access desktop B through the network on desktop A. I would have thought you would have to be fully signed in before you can access them.

That's the way it is. Not strange at all.

 

[mikeymikec]

I noticed something that seems strange to me. On desktop A and B, if I log into A and don't log into B, just leave it at the sign in screen, I can still access desktop B through the network on desktop A. I would have thought you would have to be fully signed in before you can access them.

Network logons are not tied to the local user logged on at all. Also, it is possible to create users that can only sign in via network/locally. On a WIndows Pro/Server machine, if you want to learn more in this respect take a look at group policy security settings, it'll give you an idea of what's possible.

 

[memory]

Since I only use one account, security wise there is no difference whether I have a password set or not, correct?

 

[mikeymikec]

Since I only use one account, security wise there is no difference whether I have a password set or not, correct?

Simple question, complicated answer!

In terms of using a computer like a normal user would for desktop applications, no (assuming there isn't a concern regarding physical on-site security).

In terms of the computer being accessed via the network, maybe yes. If you want someone to access a Windows share over the local network without a password, then beware three scenarios that spring to mind it could allow people outside the local (presuming Internet-connected) network:

1: Most local Internet-connected networks have a private IP range provided by NAT by a router. It's possible for an Internet-based attacker to circumvent the protection offered by NAT to access information on your local network. If you have a share without a password, that's obviously at risk in that scenario. I would consider this scenario to be more likely if you have data that someone could conceivably intentionally target (though I suppose some tech-savvy black-hats could come up with a ransomware attack that involves accessing via SMB and encrypting everything accessible).

2: Same as the first point but through wifi (e.g. someone outside the building).

I can't remember what my third point was going to be!

If we're talking really casual use of SMB (ie. not remotely private/sensitive information at all), then passwordless logins might be worth considering. However, it's not a great trial to use the credentials for the user who typically signs on to a given workstation as the network access credentials too, then when the computer tries to access that share for the first time it'll throw up a login box, type the details and save them. For casual users, that's the way I normally set it up.

One other thing, SMB really isn't worth a shit in terms of hardened network security. Never leave an SMB share open to Internet access intentionally, it's not designed to take the pounding that it would get if bots on the net could see it. It would be a heck of a lot more secure to use some kind of cloud storage provider instead (e.g. Google Drive, OneDrive, Dropbox, Cloud Drive, etc).

 

[memory]

Simple question, complicated answer!

In terms of using a computer like a normal user would for desktop applications, no (assuming there isn't a concern regarding physical on-site security).

In terms of the computer being accessed via the network, maybe yes. If you want someone to access a Windows share over the local network without a password, then beware three scenarios that spring to mind it could allow people outside the local (presuming Internet-connected) network:

1: Most local Internet-connected networks have a private IP range provided by NAT by a router. It's possible for an Internet-based attacker to circumvent the protection offered by NAT to access information on your local network. If you have a share without a password, that's obviously at risk in that scenario. I would consider this scenario to be more likely if you have data that someone could conceivably intentionally target (though I suppose some tech-savvy black-hats could come up with a ransomware attack that involves accessing via SMB and encrypting everything accessible).

2: Same as the first point but through wifi (e.g. someone outside the building).

I can't remember what my third point was going to be!

If we're talking really casual use of SMB (ie. not remotely private/sensitive information at all), then passwordless logins might be worth considering. However, it's not a great trial to use the credentials for the user who typically signs on to a given workstation as the network access credentials too, then when the computer tries to access that share for the first time it'll throw up a login box, type the details and save them. For casual users, that's the way I normally set it up.

One other thing, SMB really isn't worth a shit in terms of hardened network security. Never leave an SMB share open to Internet access intentionally, it's not designed to take the pounding that it would get if bots on the net could see it. It would be a heck of a lot more secure to use some kind of cloud storage provider instead (e.g. Google Drive, OneDrive, Dropbox, Cloud Drive, etc).

Little confused about the statement in bold. Are you saying the password needed to login to windows should be different than the password needed to access the shared files?

 

[mikeymikec]

Little confused about the statement in bold. Are you saying the password needed to login to windows should be different than the password needed to access the shared files?

That wouldn't be my default position no. This is what I meant:

Desktop A has files on that need to be accessed from desktop B as well, so a network share on A is set up.
To access that network share, user A's login credentials (who uses desktop A) are needed the first time desktop B tries to access that network share. Tick the box to save the password.

 

[memory]

Ty all for the help.

Have another issue, pertaining to same thing, file sharing over network. Not sure if I should create new thread about this.

So have another building that has a wireless router connected via ethernet to first router in the house. When I have a computer, using same laptop as used in the house, connected to the second router, internet works fine. But I can't see the computers in the house through the network. Tried connected both wireless and ethernet.

EDIT: Nvm, second router was plugged into modem instead of router. Plugged it into first router and now can see and access the computers through the network.