Tuesday, July 20, 2010

Make Windows 98 See Vista / Win7 Shares

Sneaky Micro$oft...  In the move to Vista and Windows 7, they broke connectivity to Windows 98 clients without telling anyone.

When you install your file shares on a new Vista or Windows 7 machine you'll discover a weird error message on your Windows 98 machines when trying to connect to file shares on the new machines.  It just keeps saying that the password for a share called IPC$ is no good.

My charge controller data logger is a Windows 98SE Toshiba laptop that can't be upgraded to XP. Although I could use a newer machine, I like the Tosh because it only uses 11W of power to do its work and doesn't need a fan to keep cool so it will work quietly in the corner of the living room.

Fear not.  I've found out how to get around the problem.

The basic problem is that after XP, MS changed the logon authentication method to improve security.  Windows 98 uses LM authentication.  XP uses NTLM1 and LM authentication so it was backwards compatible.  Vista only uses NTLM2 authentication (but it was ok because XP machines got upgraded automatically to NTLM2 by automatic update).  Poor old Win98 got left behind.

However, what you need is the Directory Services Client package from the Windows 2000 Server (from a server or the server CD or as a download from Microsoft).  This allows Win98 machines to log on to Windows 2000 domains but also includes the updates to support NTLM2 authentication.  Download DSClient.exe and install the package by running it.  Make sure you get the Win9x version (there was a NT4 version with the same file name).

That's the first step.  After installing it you need to enable NTLM2 on the Win98 machine.  To do this you need to edit the registry to add a new value to a key.

Run regedit and navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA

Add a new value called LMCompatibility of type DWORD and value 3

Setting this value to 3 tells Windows to use NTLM2 authentication.  Reboot.

Now, Windows 98 can't log on to shares using a different user name (XP introduced the "connect using different user credentials" option) so you need to make sure your Win98 user and password is the same as a local account on the Vista machine that you've given permission to use the shared folder.  This is the same as normal share set-up.

On the Vista machine you also need to edit the registry to change the hashing of LM credentials.  Otherwise, you'll be able to see the share but not be able to access any file from the Win98 machine (if you try, you'll wait for a few minutes and Windows 98 will say something like "the network resource is no longer available").

Run regedit on the Vista machine and navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA 

There should already be a value called nolmhash set to a value of 1.  Change it to 0.

This will make Vista file shares less secure but only to the same degree that XP was.

The final step is that on the Vista machine you have to reset the password for the local user account that you will be using on the Win98 machine to access the share.  You can set the new password to be the same as the old one but by going through the change process, it changes the way the new password is decoded by Vista (to the old method used by XP).  Now you should be able to browse the network neighbourhood to the Vista machine from the Win98 machine and access files on the share. 

I still had some weirdness after this in that I could write new files and rename existing files on the share but not open existing files for reading or copy a file from the share to my Win98 local disk.  Some kind of permissions problem on the Vista machine but in my case I only needed to write logged data to the share and rename yesterday's file (and I could do this) so I wasn't going to fret too much about not being able to read/copy files.

There were some bugs in the Win9x DSClient package originally and these did apparently get fixed in a Windows 2000 Server service pack but you can't download this updated DSClient package separately for some reason (unless you have a Windows 2000 Server and get it in the service pack).

So for now (at least), my Windows 98 laptop lives on to fight another day!

No comments:

Post a Comment