Ok, time for someone else to solve my dilemma.

Short:
Accessing one of my Windows PCs over the network from my Mac or network-connected settop box requires authentication (user/password) and for the other system (identically set up as far as I can tell), it doesn't.

Full:
I have two Windows machines sitting right next to each other and connected to the same local network. Each is set to the same workgroup and as far as I can tell they also share pretty much the same LAN configuration. Guest account is disabled on each machine and every shared drive/directory is set with Sharing permissions with both the "Everyone" and default user (with admin access) to have "Full Access." I've even got the Security settings on both computers matching up, each containing the "Everyone" group with full access.

Both are running Windows XP Professional SP2. I'm not certain at what state of additional updates each one is. They both currently have auto-update turned off.

I can see and access both of these machines from each other using UNC paths. Typing \\machinename works from each machine to the other (as well as to themselves). This will list all shares for the connected computer.

I can access both machines from my Mac as well by using the name/password of the primary user I mentioned above, again showing me all the shared volumes.

Here's where the issues start...

I can access one machine from my Mac as a GUEST - that is, without having to authenticate. I can't do this for the other. It gives me an error saying that machine doesn't accept guest connections.

Likewise, from my new SageTV Extender settop box (also on my network and with the same workgroup setting) I can access one machine without authentication while the other needs name/password.

I'm totally stuck and can't figure out rhyme nor reason why access to the two machines differs in this way while they appear to be set up identically.

Both have the built-in firewall active and set the same way. Both are set up to log in automatically. Both are set to allow remote connections (and I successfully use Remote Desktop Connection with both).

As I was writing this message I noticed that in fact I was missing the "Everyone" in the Security settings for each of the shares on the problem computer. I've since added those with matching settings (full) to the other computer. No dice, same issue.

Help?

Windows will cache negative permissions matches. Other SMB clients may as well. Try rebooting every computer and try again now that you've added the "Everyone" setting.

So this is assuming that my most recent changes to "Security" may work, right?

To tell you the truth, I don't even know why the two machines differ in that regard, since I don't recall ever having edited the Security settings on either, only the Sharing prefs.

I did forget to mention (though I suspect it might have been obvious) that Simple File Sharing is not enabled on either machine. I'll be posting another message about some additional differences I've found on these machines from a UI perspective in Explorer.

Ok, it didn't work... So I tried the opposite, which was to remove the "Everyone" from the server that did work.

I'm modifying settings for individual shares, so this still allowed me to connect to the machine as Guest and see a list of shares. I then could not open the shares (as expected).

The machine I complained about originally won't even let me connect to it to see the shares, so it seems I can't even get to the point where the recent changes to the security settings per-share will make a difference.

Still stuck.

Have you looked into the Group Policies of the two systems?

Precisely:
start GPEDIT.MSC (just type it into a command prompt session, or at the RUN box).
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
There you'll find few options that may be affecting the behavior of your machines:

- Network Access: Let everyone permission apply to anonymous users
- Networl Access: Named Pipes that can be accessed anonymously
- Network Access: Shares that can be accessed anonymously

Also, in a different location: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> user rights assignment , you may find more settings that may be involved here.
- Access this computer from the network

Thanks for the help! Adjusting some settings did it.

I have no idea why the policy was different on this machine, but I compared the two to find out where the differences existed. The most important one (I figure) was:

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> user rights assignment > DENY ACCESS TO THIS COMPUTER FROM THE NETWORK

The "guest" was included on the problem machine as a value. I removed that plus I set ACCOUNTS: GUEST ACCOUNT STATUS to "Enabled" in the other part and all is working.

Curiously, the enabled status for the guest account here in the policy settings seems to have nothing to do with the setting of the similar name in the Users control panel. That one is still set to Disabled.

I very much dislike Windows networking and policy rights. It just seems like years of design and feature alteration by hundreds of people not communicating with each other. In the end you're left with a very difficult to manage mess.

After doing this and then slightly restricting the "Everyone" group in each Volume's Sharing permissions, I had to go and recursively apply Security and Ownership to each volume.

Some individual files and folders somehow were completely missing ownership information and couldn't be accessed over the network. For instance playing a movie or copying a file (from not TO the server)