We have a client with two offices, one is a PC shop and the other is a Mac shop. The enjoy a friendly rivalry and it's up to me to make sure that they play nicely together.

We recently upgraded the servers in Microsoft shop to Windows 2003 and found that the Mac clients could no longer access the shares over the VPN.

Some googling and experimenting later, and we stumbled upon the issue.

The Samba client that the Macs use doesn't support encrypted communications, and the Windows 2003 server out of the box turns on encrypted communications and prevents anyone who isn't encrypting from accessing its shares.

So, a quick detour through the Domain Controller Security Policy applet in the Administrative Tools folder did the trick.

In there, go to Local Policies / Security Options.

Scroll down to "Microsoft network server: digitally sign communications (always)" and set that sucker to DISABLED.

Reapply the policy by running GPUPDATE (start, run, gpupdate) and sit back in delight as your clients can connect to the shares once again.

Thanks to MacOSXHints and AllInTheHead for the pointers.

I had to find the MAC address of a remote machine on my network this morning. Happily, WindowsXP (and above) make this easy.

They include a tool called getmac which does just that -- it gets the MAC address of any machine on the local network.

(This utility first made its appearance, it seems, as part of the Windows 2000 Resource Kit, and is available as a download from Microsoft.)

The tool couldn't be simpler to use, just open a command prompt and type:

getmac /s <computername>

It then spits back:

Physical Address Transport Name
=================== =========================================================
00-00-00-XX-XX-XX \Device\Tcpip_{0AB4C22A-1EEE-AAAA-XXXX-0X0X0X0X0X0X},
 \Device\NwlnkIpx

There are additional switches you can use to format the output or run the command under different credentials (from the TechNet article):

/u Domain \ User : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.

/p Password : Specifies the password of the user account that is specified in the /u parameter.

/fo { TABLE | LIST | CSV } : Specifies the format to use for the query output. Valid values are TABLE, LIST, and CSV. The default format for output is TABLE.

/nh : Suppresses column header in output. Valid when the /fo parameter is set to TABLE or CSV.

/v : Specifies that the output display verbose information.

/? : Displays help at the command prompt.