Jon Simpson

SMB File Sharing to a Windows Vista Ultimate PC from OS X 10.4

15 Apr 2007 — vista, smb, macosx

After upgrading the computer that holds the majority of the files on my network to Windows Vista Ultimate, I had a few problems accessing it from the Mac running Tiger. Turns out some of the network security options and authentication defaults have changed between XP and Vista.

As Mac OS X 10.4.9 does not appear to have a version of Samba that supports the more secure default authentication of Vista, it’s necessary to tell the Vista PC to use the older methods of authentication and only the newer if requested. To achieve this, a modification to Group Policy is required.

  1. Click Start, then type gpedit.msc into the Start Search field, and press Enter
  2. Click the Continue button on the User Account Control prompt. This will launch the Group Policy Object Editor for the Local Computer Policy.
  3. In the Group Policy Object Editor, expand:
    • Computer Configuration
    • Windows Settings
    • Security Settings
    • Local Policies
    • Security Options
  4. Open the ‘Network security: LAN Manager authentication level’ policy and change the Security Setting to: Send LM & NTLM - use NTLMv2 session security if negotiated
  5. Click the OK button to save changes, and then close the Group Policy Object Editor.

Additionally, I use the default Windows shares to gain access to drives (C$, D$ etc) that Microsoft enables for administrative use. However, Vista ships in its default security configuration with remote access to these disabled. There are apparently methods to re-enable these by changing the UAC settings of Vista, but I found a registry hack online that re-enabled remote filestore access without changing the other UAC settings.

  1. Click Start, type regedit and press enter.
  2. Browse to
    • HKEY_LOCAL_MACHINE\
    • SOFTWARE\
    • Microsoft\
    • Windows\
    • CurrentVersion\
    • Policies\
    • system\
  3. Right-click a blank area in the right pane, and click New
  4. Select DWORD Value
  5. Call the new value LocalAccountTokenFilterPolicy
  6. Double-click the new item, and give it a value of 1
  7. Restart your computer

There’s a lot of information on accessing Macs from Vista, but not a lot from the other way around. Hope this information helps out. Apparently the Group Policy modifications may not be possible on the Home versions of Vista, but I only have access to Ultimate, so if this is true, there may be other ways.

Comments

This is exactly the type of article I’ve been looking for! I just got a Mac, and am trying to transfer the files off my windows vista box over the network. Thanks to this tip, I got further than I could before (OS X will actually connect to the shares and show their contents), but once I try to copy a file everything grinds to a halt. The “Copying” dialog box appears, but never changes - its stuck at Zero KB. Any ideas what I might need to change?

Brent, 06 Jul 2007

 Home