I've had about 50/50 shot of SMB scanning working on Windows 10 using Live Login instead of Local Account and I do not know what lets it work or not work. Any tips or advice?
I've had about 50/50 shot of SMB scanning working on Windows 10 using Live Login instead of Local Account and I do not know what lets it work or not work. Any tips or advice?
Last edited by Kidaver; 07-05-2018 at 08:27 PM. Reason: more specific question sorry copier tech (multitasking and addled brain)
"In a cruel and evil world, being cynical can allow you to get some entertainment out of it."
This is a copier forum.
Try https://answers.microsoft.com/
Let us eat, drink, and be merry, because tomorrow we may die!
For all your firmware & service manual needs please visit us at:
www.copierfirmware.co.uk - www.printerfirmware.co.uk
Personally I prefer using my Windows Live login only online for websites that require it. When you try to use it for SMB scanning you introduce far too many unknown characters into the whole transaction.
Let us eat, drink, and be merry, because tomorrow we may die!
For all your firmware & service manual needs please visit us at:
www.copierfirmware.co.uk - www.printerfirmware.co.uk
But back to the question...................
I personally set up a new Admin log in account, call it scans for example & set a password, give this password to customer IT etc & ask them not to change it.
You can then use these credentials to set up SMB scanning etc.
Let us eat, drink, and be merry, because tomorrow we may die!
For all your firmware & service manual needs please visit us at:
www.copierfirmware.co.uk - www.printerfirmware.co.uk
Always setup a local account with a password for scanning, even do this on windows 7 and domain environments now too. Guy I work with even goes further and edits the registry to "hide" the account so the customer can't edit it and not see it on the login screen.
In a domain environment, I'll generally request IT to create a service account for scanning, and then create shares with Domain Users granted read/write or modify permissions. The last thing you want to do is go through the trouble of creating a local account on a PC or server only to have the customer running a GPO that deletes any local accounts not in a whitelist. If you're able to put the account that the machine and share are using to authenticate outside of your hands, then it's one less thing to worry about. For the network environments I manage, I go to the level of creating a GPO for service accounts that deny them the ability to log into any machine on the domain. They can authenticate to a machine, or run a service on a PC, but someone that happens to find the password for the service account wouldn't be able to do much with it outside of the scan shares, which are the only things that they can authenticate to, since all of my workgroup customers are running a Professional version of Windows (one of my requirements for support), I'll create a similar local security policy on the machines for any account being used for scan authentication.
As for the Microsoft account scanning issue, keep in mind that a Microsoft account is more or less a means of authenticating to internet services, not the local machine. SMB works on the principles of local accounts (be they in a domain or a local PC), a Microsoft account is working as a shim on top of a local account on the computer without any visibility to what that account is so there's nothing for an external device to authenticate against. For the few workgroup customers I support, I've recommended creating a traditional local account for their PC's and then just associating their Microsoft account (generally O365) to that local account to allow local resources to continue to function.
Bookmarks