This article was previously published under Q122702
This article has been archived. It is offered "as is" and will no longer be updated.
Windows NT allows a service to use either a system account or a user-specific account to access resources on a local or remote computer. Afteryou upgrade a computer from Windows NT version 3.1 to Windows NT version3.5, 3.51 or 4.0, the service may fail or an "Access Denied" error messagemay appear if the service is using the system account.
If a service is using the system account to access resources, the servicelogs on with a set of "null credentials." In Windows NT version 3.1, systemaccounts had general access to shares. However, in Windows NT version 3.5,3.51 and 4.0, there is a Server service registry parameter that enablestighter security by allowing you to specify by name which shares (andpipes) the system account can access.
The Registry parameter is "RestrictNullSessAccess" (without the quotationmarks) and it defaults to TRUE. Two other parameters, "NullSessionPipes"and "NullSessionShares" (without quotation marks) allow you to specifylists of share names and pipe names that can be accessed by the systemaccount. In other words, by default, the only shares your client's servicecan access are those listed in the "NullSessionShares" parameter value. Tochange this behavior, the administrator can either set"RestrictNullSessAccess" to FALSE, or add the names of shares the serviceneeds access to in the "NullSessionShares" parameter value on servers wherethose shares exist.
To disable the "RestrictNullSessAccess" entry, modify the Registry bydoing the following:
WARNING: Using Registry Editor incorrectly can cause serious, system-wideproblems that may require you to reinstall Windows NT to correct them.Microsoft cannot guarantee that any problems resulting from the use ofRegistry Editor can be solved. Use this tool at your own risk.
Start the Registry Editor (REGEDT32.EXE)
From the \HKEY_LOCAL_MACHINE subkey, go to the key: