Friday, January 21, 2005

Logon failure: the user has not been granted the requested logon type at this computer

How to Troubleshoot Service Startup Permissions

How does anyone manage Windows XP at home? I use the Pro version, and it really expects to run within a managed LAN. It is quite awkward to do networking using XP Pro in a peer-to-peer network. Windows 2000 was easier.

In this case I needed to share a folder. I tried allowing access to the Guest acccount. Gave me the above error message. Turns out the Guests Group is not a group that XP expects to share too. Instead it provides that cryptic error message.

You can use the Windows Management Console to drill down the even more cryptic solution:

Console Root:Local Computer Policy:Windows Settings:Security Settings:Local Policies:User Rights Assignment:Access This Computer from the Network.

There one sees the list of Groups that are permitted to Access via the network. That list includes "Everyone" (not what you think) but not "Guests" or "Guest".

Rather than add Guests I backed away and added a new user in the Users group to support this sharing need.

Wow. Not only is this pretty darned cryptic, the sheer complexity suggests lots of pitfalls. No wonder XP machines are so hard to make secure (not to mention I can't run as "User" and get work done on XP, but in OS X I always run as "User" -- a basic security practice).

No comments: