SYMPTOMS
When you share a CD-ROM (IDE or SCSI) or floppy disk drive but then try to
access it over the network (either remotely or locally through UNC or NET
USE) the following error message is displayed:
Access Denied
Additionally, the directory \\<machinename>\<sharename> remotely or locally
will cause the following error message to appear:
File Not Found
Sharing and accessing a hard drive remotely or locally in the same manner
will work fine.
CAUSE
There are 2 registry entries in the HKEY_LOCAL_MACHINE\Software\Microsoft\
WindowsNT\CurrentVersion\Winlogon subkey:
AllocateCDRoms:REG_SZ
AllocateFloppies:REG_SZ
One or both of these entries has been added and/or set to 1, thus disabling
access to everyone but the locally logged on user.
AllocateCDRoms REG_SZ 0 | 1
Default: 0
Determines whether data in the CD-ROM drive is accessible to other users.
This value entry satisfies, in part, the C2 security requirement that you
must be able to secure removable media.
Value Meanings:
0 Compact discs in the CD-ROM drive can be accessed by all administrators
in the domain.
1 Only the user logged on locally can access data on the compact discs in
the CD-ROM drive.
Because the CD-ROM drive is a volume, by default, it is shared as an
administrative share on the network. If the value of this entry is 1, the
CD-ROM drive is allocated to the user as part of the interactive logon
process and, therefore, only the current user can access it. This prevents
administrators and remote users (and even the same user at a different
workstation) from accessing the drive while the current user is logged on
to the computer. The drive is shared again when the current user logs off
the computer.
Windows NT does not add this value entry to the registry. You can add it by
editing the registry or by using a program that edits the registry.
AllocateFloppies REG_SZ 0 | 1
Default: 0
Determines whether data in the floppy disk drive is accessible to other
users. This value entry satisfies, in part, the C2 security requirement
that you must be able to secure removable media.
Value Meanings:
0 Floppy disks in the floppy disk drive can be accessed by all
administrators in the domain.
1 Only the user logged on locally can access data on the floppy disks in
the floppy disk drive.
Because the floppy disk drive is a volume, by default it is shared as an
administrative share on the network. If the value of this entry is 1, the
floppy disk drive is allocated to the user as part of the interactive logon
process and, therefore, only the current user can access it. This prevents
administrators and remote users (and even the same user at a different
workstation) from accessing the drive while the current user is logged on.
The drive is shared again when the current user logs off.
Windows NT does not add this value entry to the registry. You can add it by
editing the Registry or by using a program that edits the registry.