Wow...what a nice and detail response, Bigbearjedi, thank you.Yes, we need to know whether you are doing file/printer sharing through Windows folder or drive sharing, or do you have a Microsoft server running your network with a Domain Login; such as Microsoft Server 2008/2012/2016 etc. If you are connecting all these XP/W7/W8 machines together and they first login to a Domain on a server, then those same updates need to be applied to the server PC. And the next question would be are all these XP/W7/W8 machines on the same subnet? If you don't know what that means, then you need to talk to the person that setup your network originally (if not you) or who currently administrates it (also if not you).
Most likely, since you didn't mention Domain networking connecting your PCs together, someone took a shortcut and built a peer-to-peer AdHoc network. This is a lot of work to maintain!Especially if you don't have Home Networking enabled and turned on for each and every machine connecting to one another. If you don't have your network setup in this fashion, I would urge you to consider making one of your W7/W8 machines a Master and turn on Homegroup networking. Enter the Master code on each of the other subordinate or secondary PCs including the XP machines. This should fix your problem!
Of course, if you are running a Domain with either a single or multiple subnets to connect all your computers into a true LAN, as Neem pointed out, then all bets are off since your servers must be updated with the same W10 security updates as your Client machines. And there are Roaming Profile issues for login scripts that have to be dealt with as well. If you didn't build this little network yourself, again, you need to find the person who did unless he passed or is out of the country etc. and you are stuck with maintaining this network. Another piece of information that would be helpful is to know your PC count on this network; are we talking 5, 10, 25, 100, 500, 1000 PCs??
Best of luck,
<<<BIGBEARJEDI>>>
Thanks Neemobeer for your response. In my opinion I'm sure MS17-010 disable SMBv1, Windows registry or other setting must be changed after updating MS17-010. Because I have some laptops (Windows 7/8) that have not been installed MS17-010, they can access file/printer sharing on Windows XP without any problems.A wireshark capture on a XP system and a Win 7 system would be helpful in solving this. MS17-010 shouldn't disable SMBv1, do you have system administrators and are they enforcing group policy to disable SMBv1, if they are then that would be why the setting keeps reverting and also why they can't access each other.
Ah about Homegroups, I did tried that, but it only works for Windows 7 or higher. I cannot connect between Windows XP machine to Windows 7 Homegroup.You're welcome, and thanks for your information. Now we know for sure you are not using a Domain-based server network, and it is ad-hoc created. Sounds like you may have dismissed my idea about enabling Homegroups
Thank you for telling me very nice opinion and experience, BBJ. It's so detail and helpfulyou may not be aware of the fact that hundreds of settings in the Registry have been pre-optimized in the W7/W8 and XP OSes and tie in to lots of .dll files and other system networking files. Trying to tweak the legacy LANMAN settings you are trying to adjust is not going to work; believe me; I helped develop LANMAN (early M$ networking protocol) and was an early beta tester of that technology. That is all NETBIOS based stuff which is decades old; and the only clean way to transition it in a multi-OS windows network is to use Homegroups. That's up to you and it's your network. Upgrading several or most of your old XP machines may help for now; but continuing to run those XP machines without OS support from Microsoft is foolish as there have been no security updates from them since they End-of-Lifed XP supports back in April 2014.Those XP machines will continue to be more and more of a virus target, and if your employees or the employees of the company you work for attempt to do any type of financial transactions online or make credit card purchases through the Internet on those PCs; they are ripe for getting their bank accounts emptied and Identity theft attacked.
Whether or not you are in Management at this company that is employing you to maintain these 25 PCs or you are an Outsourced-IT tech; you have responsibility to tell Upper Management that this is an extremely risky business to continue operating those XP PCs. I agree with your idea to upgrade them; your job depends on educating them that this is the way to go. Not spending the money to do so, is pennywise and pound-foolish. It's your job to convince them--if you can. And, if you are successful you won't have to worry about newer MS updates causing your LAN and the PCs running on it to fall apart and cause you all these headaches.Choosing to make all your W7/W8x machines run Homegroups will make your job easier. Unless you can convince them to buy a Server PC, install Server 2012 or newer and purchase that hardware and OS and create and manage a proper Domain network. Most companies are forced to do this somewhere between 50-100 PCs; if they don't, the overhead costs kill them, and if they have to spend tons of money jury-rigging an old out-of-date network with outdated machines running 16-year old Windows, then they may never get it. During my 35+ years of network design and servicing, dozens of companies ignored my advice to do just this and pretty much every one of those are now all out of business. Most companies doing this that I've worked for have long since gone bankrupt or driven out of business by a virus attack that costs them weeks of downtime and lost sales/revenue. Hopefully, you take this conversation to heart and look at the real issues underlying the poor choice of running an ad-hoc network for that many employees.
Best of luck,
<<<BBJ>>>
Windows XP only uses SMBv1. The MS patch only fixes the vulnerability. This is probably a change in authentication that is causing the issue. If you can get the wireshark capture we could determine the issue.
I don't think there are domain controllers running in our environment, nor have group policy.The problem is pretty apparent. The XP and 7 devices are certainly not offering any common smb dialects. Since it's apparent you have Pro editions of Windows, are there domain controllers running in your environment and do you have group policy in effect and sys admins? Because their GPOs will override any local GPs you set.
No, I don't see the word DOMAIN:<domain_name> on the login screen.In that dump SMBv1 (NTLM 0.12) is being used for the SMB negotiation.
When you login to the computers do you use the same credentials or are they unique to the computers? Do you see the word DOMAIN: <some domain> on the login screen?