Refer to the Windows system's network login, generally we first think of is 3389 login, that is, through the Terminal connection server login target machine. However, you may not be quite sure that the network logon between Windows systems is mostly done through port 139. This is stipulated by the SMB/CIFS Agreement, the client establishes the connection through 139, sends the user name and the password to the server side, the server side listens in 139 ports, receives the request to the client, examines receives the user name and the password, if the error, then rejects the connection, if correctly, gives the client the corresponding authority, This is the most basic network logon process for Windows.
The above statement you may feel very abstract, in essence, this login process we can visualize it as the target machine to establish an IPC connection. The net use command you perform is an IPC connection to a machine, that is, to make a request through 139, and if the user in your NET command is a administrators group, then the target machine will give you administrators permission to connect to your IPC. If it is the permission of the guest, of course, if it is a null connection, the permission is negligible.
A little knowledge about IPC: IPC is the acronym for Internet Process Connection, the remote network connection. It is a feature of Windows NT/2000/XP that establishes a communication connection between two computer processes. Then, the communication of some network communication programs can be based on IPC. For example, an IPC connection is like a dug tunnel, and then we use the program to access the remote host through the tunnel. By default, IPC is shared, which means that Microsoft has dug this tunnel (IPC) for us. What are the requirements for establishing an IPC connection? First of all, your own system should be Winnt above, Windows 98 is not, because WIN98 network management this aspect of the function is very little, Windows 98 is not IPC,IPC Windows NT and Windows 2k/xp/2003 have.
OK, understand the IPC connection, we go further, in fact, IPC is a kind of shared resources, but more special, we use NET to establish IPC connection, plainly, is to use our master username and password to apply for each other's IPC shared resources. In the same way, when we map the other disk using the net USE command, we also use our username and password to request the other disk share resources. Therefore, net use this command regardless of whether you apply for IPC resources or disk resources, you are logged in via the 139 port advanced network and then proceed.
The network login process is basically the case, we continue to drill down, look at the permissions of the network login issues. The first thing to say is that the Windows 2000 system and the Windows XP system are handled differently on this permission issue.
Look at Windows 2000 first. WINDWS 2000 system to do more real (oh, how to say it?) , the Windows 2000 system gives you logon rights entirely according to the username and password you provide. That means you're logged in with a super user (which is a connection), and you get access to the Superuser, you log in with the guest, you get a connection to the guest, and you use a null connection, The right to be given is as insignificant as it was previously said.
Looking at Windows XP again, this is different from the Windows 2k System. The default Windows XP system does not grant logon permissions based on the username and password you provide. You can find this in the help of the Windows XP system, as shown in the figure. There are two modes of network logon for Windows XP: "Typical" and "Guest Only", which are explained in detail as follows:
Help for Windows XP systems
If the logon mode is set to typical, the user-supplied user is logged on during the logon process, and the logon is successful with that person's permissions. If set to guest only, the logon process, regardless of the user who logged in, if the login succeeds, automatically maps to the Guest account, that is, only the guest user's permissions, in simple terms, Windows XP network logon access to the permissions depending on the system settings, if the "typical", Then you can get the right permissions for the user you have, if you have superuser, then access to the power is Superuser rights, and if the "only guest", then no matter what user rights you use, even the superuser, the connection can only get the guest permission, unfortunately, Windows The XP system defaults to "guest only."
The rights of the network login to clear up, we expand the following, when we go to request the resources of the target machine what permissions, ipc$ very simple, in the target system by default, regardless of the guest user, administrator user, or even null, can be logged in, The disk resources are different, by default, you can only log on with users in the Administrators group, that is, you can map disks only with Superuser rights.
Now the network login has been talking about the same, here is a specific question, the following is a friend posted on the forum: LAN, the other side of the use of XP, opened the 139 port, I use the other machine super User IPC connection (password and user name must be correct), prompt success, want to use NET using Z : ipd$ This command mapped each other's D disk, but always prompted the user name and password is incorrect, even if I put the correct username and password to enter, or not. Why is that??
With the basics that I've described earlier, now we can fully answer this question, the other is the Windows XP system, with the correct superuser password, using this password to establish an IPC connection is successful, but the mapping disk is unsuccessful, due to the Windows XP "Guest only" default setting, No matter what password you use to log in, is the guest permissions, and the mapping disk must be administrator permissions, so the disk can not be mapped successfully, the IPC can connect successfully because the IPC connection does not require any special permissions, any user password or even null can be.
Here's a summary of By default, Windows 2000 systems can get any shared resources for the target as long as you have Superuser privileges, and Windows XP systems are different because the default setting is "Guest only", so no matter what user you log on to, even if you have a superuser password , but the permissions you get after you log on are just guest.
