I have a group of XP users with notebooks on our internal domain who need to
be able to share files etc when off the company domain. Typically a group of
them would be out at a client and need to share files between each other.

The problem is that they usually are able to "see" each other in Winodws,
but cannot access each others computers. Usually the error is access denied
insufficient rights.
Even when we create local users with admin rights we have no success. We
have to unjoin the domain and create a workgroup and then we can work.

On returning to the office the notebooks are set back to domain to tak
advantage of the domain group policies.

Any suggestions on how to network off a domain?

Thanks in advance ...

On Mon, 27 Nov 2006 12:54:02 -0800, Gerald <Ger***@discussions.microsoft.com>
wrote:

Show quoteHide quoteGerald,

There are several services that your computers are probably getting while
connected to the domain.
1) DHCP - IP address settings.
2) Name resolution - conversion of computer name to IP address.
3) Browsing - share broadcasts supplied to each computer.
4) Authentication - a domain server that identifies each person connecting to
another computer.
<http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html>
http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html
<http://nitecruzr.blogspot.com/2005/07/windows-networking.html>
http://nitecruzr.blogspot.com/2005/07/windows-networking.html

If you're un joining the domain, and creating a workgroup, you're bypassing
issue 3.  But you're doing it the wrong way.  And there are other issues.
1) Apparently you are using fixed IP addresses, or maybe APIPA settings,
successfully, and getting IP addresses.
<http://nitecruzr.blogspot.com/2005/07/limited-or-no-connectivity.html>
http://nitecruzr.blogspot.com/2005/07/limited-or-no-connectivity.html
2) If you normally have a domain, you probably have DNS based name resolution.
That's a problem, it will cause "name not found" and "access denied", when
you're off the domain.
<http://nitecruzr.blogspot.com/2005/06/mysterious-error-5-aka-access-denied.html>
http://nitecruzr.blogspot.com/2005/06/mysterious-error-5-aka-access-denied.html
3) If you normally have a domain, you probably depend upon the domain master
browser.  Your computers could be using cached information, which expires
eventually.  This too could cause "access denied".
<http://nitecruzr.blogspot.com/2006/09/nt-browser-and-windows-networking.html>
http://nitecruzr.blogspot.com/2006/09/nt-browser-and-windows-networking.html
4) If you depend upon domain authentication, and you're off the domain, with no
domain controller to authenticate you, you'll get "access denied".
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html

So how to do this?
1) Setup fixed IP addresses on each computer, instead of APIPA.
<http://nitecruzr.blogspot.com/2006/08/manual-network-setup-procedures.html#Alternate>
http://nitecruzr.blogspot.com/2006/08/manual-network-setup-procedures.html#Alternate
2) Setup LMHosts on each computer, defining each other computer by the fixed IP
address setup in step 1.
3) Define shares by fixed IP address, against the setup in step 1.
4) Setup local accounts on each computer, activated for network access, with
synchronised passwords.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help

Are these notebook computers running an ad-hoc WiFi network?  That's another
barrel of monkeys.

What you describe is standard domain-member behaviour, and cannot be easily
altered.

Reason, BTW, is that domain members look to the server to authenticate
access-requests to their own shares. If the server ain't there, no dice.  In
workgroup mode, share-access is authenticated against the local
user-accounts.

One solution is to take the laptops permanently out of the domain, though
that may raise some issues with access to peer-shares on computers which ARE
domain-members.

-------------------------------

An alternative approach to XP network logon -  http://mylogon.net

You do not need to unjoin the domain.  Try:

1.  On each achine create local user accounts which match the user names and
passwords used to log onto the other machines.

2.  When off-site, have users log onto the local machine instead of the
domain.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

Show quoteHide quote

connection problems. winsock? Please help
Network 2000 and XP Home
puter_…
netsh routing commands fail on Windows XP Pro
wireless and wired network
IE has encountered a problem ...
Internet connection
lose connectivity after inactive a while
Router Problem
network printer question