Article ID: 122702 - Last Review: November 1, 2006 - Revision: 2.1

Using the System Account as a Service in Windows NT 3.5

View products that this article applies to.
This article was previously published under Q122702
Expand all | Collapse all

SUMMARY

Windows NT allows a service to use either a system account or a user- specific account to access resources on a local or remote computer. After you upgrade a computer from Windows NT version 3.1 to Windows NT version 3.5, 3.51 or 4.0, the service may fail or an "Access Denied" error message may appear if the service is using the system account.

MORE INFORMATION

If a service is using the system account to access resources, the service logs on with a set of "null credentials." In Windows NT version 3.1, system accounts had general access to shares. However, in Windows NT version 3.5, 3.51 and 4.0, there is a Server service registry parameter that enables tighter security by allowing you to specify by name which shares (and pipes) the system account can access.

The Registry parameter is "RestrictNullSessAccess" (without the quotation marks) and it defaults to TRUE. Two other parameters, "NullSessionPipes" and "NullSessionShares" (without quotation marks) allow you to specify lists of share names and pipe names that can be accessed by the system account. In other words, by default, the only shares your client's service can access are those listed in the "NullSessionShares" parameter value. To change this behavior, the administrator can either set "RestrictNullSessAccess" to FALSE, or add the names of shares the service needs access to in the "NullSessionShares" parameter value on servers where those shares exist.

To disable the "RestrictNullSessAccess" entry, modify the Registry by doing the following:

WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

  1. Start the Registry Editor (REGEDT32.EXE)
  2. From the \HKEY_LOCAL_MACHINE subkey, go to the key: 

          \SYSTEM
        \CurrentControlSet
          \Services
            \LanmanServer
              \Parameters
  3. From the Edit menu, select Add Value.
  4. For the Value Name, enter RestrictNullSessAccess. For Data Type, select REG_DWORD and choose OK. In DWORD Editor, enter 0 for Data. Choose OK.
  5. Exit Registry Editor and restart Windows NT.
APPLIES TO
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
Back to the top
Keywords: 
KB122702
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations