Nov 172015
 

Decided to whip up a post about an issue that I have been running in to more and more as of late.

Typically, situation goes as follows: Customer has an environment where there are industrial machines running Windows CE Embedded computers as controllers. These systems typically are configured to either host files, or grab files off a network. These systems are typically dated, and IT staff is unable to get the Windows CE based machines to connect to network shares on Windows Servers running SMB version 2 or later (ie. Windows Server 2008 and later).

 

This issue is due to authentication issues with protocols and incompatibles. Over the years, Windows File Sharing has come a long way (SMB to be precise). Numerous security enhancements have been made, authentication mechanisms, etc…

In all cases, I’ve noticed companies usually either give up, or hire someone who is able to resolve it, but the resolution is never documented.

 

The solution I have come to could be considered somewhat controversial (due to the fact that Windows XP has reached it’s EOF), but I’ve found a way.

To provide file sharing solutions, in my experiences I have been able to accomplish this by implementing a Windows XP based “proxy” machine (calling it a proxy by name, not by actual usage). Configuring a Windows XP machine, enabling the “guest” account on it, and configuring file shares, will allow users on the network to dump files on these “proxy” network shares, in turn which will be browsable and accessible to the Windows CE machine. This Windows XP machine can be joined to the domain, to allow seamless authentication with other network users/computers, and also contains it’s own local user database.

The guest account needs to be enabled as the Windows CE machines typically browse and do initial file sharing handshakes as “guest”. You’ll also need a local user account configured on the Windows XP machine, which is the account that the actual Windows CE machine will use to connect/authenticate against the share and it’s access.

Please note, you may also have to go in to the “Local Security” policy, and allow guest access to file shares and browsing on the Windows XP machine.

 

As always, since Windows XP has reached it’s end of life, no more security updates are available. You want to make sure you have other security measures in place to mitigate any security concerns that could arise from having an active XP OS running on the network. If anyone else has a better solution or can comment further on this, please do! I’ve had to deal with this issue multiple times for CNC machines with older CE based controllers, as well as handheld Windows CE devices that require network share access.