All in the <head>

– Ponderings & code by Drew McLellan –

– Live from The Internets since 2003 –


Accessing a Windows 2003 Share from OS X

29 July 2004

At home we have a Windows 2003 Server running as a domain controller and file server. Whilst this does its job pretty nicely for Windows clients, I’ve never been able to connect to it successfully with my Mac running OS X 10.3 Panther. Browsing the network I have always been able to see the server, but any attempt to authenticate simply returned a error along the lines of “the original item cannot be found”. Frustrating.

Despite much searching over the last six months, I’d not found the solution – until today. Allow me to share the solution again, for the benefit of those searching with the same problem.

In a nutshell, the cause of the problem is the default security policy on Windows 2003 Server being set to always encrypt network connections under all circumstances. Whilst this is fine for most clients (especially Windows clients, understandably), the version of SMB that Panther uses doesn’t support encrypted connections. Apparently this support exists in Samba 3, but not on the version OS X uses. The solution is to change the security policy to use encryption when it’s available and not otherwise. Here’s how.

From Administrative Tools, open Domain Controller Security Settings.
Go to Local Policies then Security Options.

Scroll down to find the entry Microsoft network server: Digitally sign communications (always). Set this to Disabled.

The only thing left to do is to reload the security policy, as changes don’t otherwise take effect for some time. Open up a command window and type:


This will buzz and whirr for a few moments before confirming that the policy has been reloaded. With a bit of luck you should now be able to mount a network share from the Windows 2003 Server on your Mac. As I say, I’ve been searching for this information periodically for more than six months, so if you find it helpful pass it on.

Update: I’ve had lots of people ask me if there’s some way they can return the favour of the time and support fees this tip has saved them. I don’t normally do this, but if you’d like to make a donation to help running costs, that would be awesome.

- Drew McLellan


  1. § since1968: Golly Drew, that’s the most useful hint I’ve seen all summer. Thank you!

    The funny thing is, now that it works my Mac client reads files from the share much more quickly than my Windows client.
  2. § Sean Devine: I just ran into this problem yesterday. Thanks a bunch for the solution.
  3. § Sreekumar V M: hi

    Thanks a lot for this solution..
    it was of a great help for me

  4. § stevew: Thanks for the tip – it has answered a question I thought didn’t have an answer.

    By the way, is it possible to connect Entourage to an Exchange 2003 server?

  5. § Drew McLellan: stevew – yes, I’m using Entourage 2004 with Exchange 2003 right now. I don’t know about previous versions of Entourage though, as this is the first version I’ve used.

    Works nicely though – although I’ve not figured out how to access shared calendars yet.
  6. § Joppes: Woohoo, this tip worked excellent!
    Athough my error-message was something like ‘Authentication failed: username or password incorrect’, this was the solution!
    Great, thanx!
  7. § matt: Worked first time! Thank you very much as this solved an important backup issue for me.
  8. § g barrett: hi –

    In order to allow Macintosh clients to communicate with the Windows Cluster Servers via AppleTalk or TCP/IP, utilise Microsoft’s Services for Macintosh.   This allows the ITS Windows servers to be visible in an AppleTalk zone and allows Macintosh clients to connect to shares on the servers, as if the servers were Mac clients.  However, by default, the standard Apple User Authentication Module (UAM) provides weak security and thus, with the advent of Active Directory, the use of NTLMv2 (a stronger authentication protocol) for all Macintosh connections to the ITS Windows servers.  In order for Macintosh clients to use NTLMv2, it is necessary to install and configure the Microsoft User Authentication Module (or MSUAM) on the Mac client.
    get it here:
  9. § Paul Egan: i had given up on this – then months later came accross your article by accident. I have taken your advice and told every Mac-Windows user I know! Thanks!
  10. § Alex: An excellent and valuable piece of info—if not done by someone already, you should submit this to Apple to go in a knowledge base article, and also to sites like
  11. § DP Net: Thanks. This has saved me from racking my brains out for six months! Your a champion.
  12. § Sean: Thank you!

    And you’re a nice guy for not taking all the credit for it too.

    Thanks again.
  13. § Aubster!!: HOLY SMOKE batman…..” this is like discovering PLUTONIUM!!! Dont you just want to get down on your knees and thank god for knowing me” (Seinfeld 1994).....
  14. § Fenrack: Many thanks, mister.
    I speak for thousands of customers around Montreal, Canada.

    Thank you.
  15. § RobertBrown: Wow that’s great. I had my OS X box joined to active directory and verified that I could authenticate to AD and get a kerberos ticket. The error I was getting back from mount_smbfs was this:

    mount_smbfs: tree connect failed (extended security lookup2): syserr
    = Permission denied

    There are no other google indexes that point to this error so I want to be sure to link it to this page so others can find this solution. This solved my problem completely. Thanks a ton!!!
  16. § Tom Avery: You are the man. I’ve connected to Win2k without issue, but this one had me beat. Thanks for posting this! It allowed me to keep my sanity =)
  17. § tam: any idea what the security implications of this are? ie – will i be able to convince my it admin to make the change so i can connect??

    also, in response to “g barret” above – the microsoft uam will only work if the server sets up afp shares, which defeats the purpose! i want to access the currently setup (and accessed by more ppl than me) smb shares!
  18. § Robert Matney: Breeeliant tip. Thank you. It has been great help to me in my new office environment.
    I’ll be passing it on.
  19. § Josh: Hello,

    My admin is reluctant to do this for security reasons. Is this fix safe from a security perspective? Is there a way to upgrade samba in OSX so that it does support encryption?

  20. § David Wilson: A life saver. Got here via a link from Apples discussion boards. It’s taken days to get here!

    Thanks millions. I hope Apple can address by upgrading SMB or similar.
  21. § THE MAC GOD: This is perfect for SMB… we fixed that… But now, how do you get AFP to do the same? We use Quark 6.1 and we get a LOT of problems with using a multi-platform environment (connecting with SMB)... quark truncates file names, tells us the FILE NOT FOUND and erases files (have to resave)... none of this happens when we connect directly to the other Macs… So it musst be a win2k3 thing. We’ve been beating our heads in trying to get AFP running on the Win2k3 server… but when we try to connect via appletalk or direct IP with AFP, it will tell us “the alias “computer name” could not be opened, because the original item cannot be found.” OR that it couldn’t be found… Now we’ve looked and we have a zone set up and Mac services are running… but obviously something is not right. And the help files aren’t very… does anyone know of anything that may help? Thanks!
  22. § elkman: Disabling signing and making sure LM authenticaion is available are great.

    Also helpful is:

    1. Make sure OSX is set to use the W2K3 domain controller as its DNS.

    2. To connect to the W2K3 server, choose go=>connect_to_server (not networks). For the
    location, fill in smb://FULL.URL.OF.W2K3.SERVER, e.g.

    I find that the go=>networks does not work for W2K3 servers (though it does strangely for W2K servers and XP workstation shares) because OSX defaults to AFP and not SMB. This is followed by a lengthy timeout accompanied by a spinning wheel…
  23. § Christopher Jastram: Oh. My. God.

    I’m not really experienced with Mac OSX, and this tip saved me TONS of time. Thanks so much!

  24. § Bernard Smith: Did this and set NT & LM authentication on. This is the onlu source of this tip that I have found. Spent several days looking for solutions thanks for getting this on the web.
  25. § Robert C. Wafle: I’ve been trying for 12 hours to access a printer I have on a Windows 2003 server, with no luck.

    It works from my W2K machine, and my WinXP machine without any problems. I can’t get to it from my OS X machine.

    I CAN get to the file shares via SMB.
    I did the whole disable blah blah gpo for digitally signing on my DC / gpupdate and poof smb worked.

    I CAN NOT see my “stupidtalk” appletalk zone from my OSX box.

    I CAN NOT get the computer to “BIND” to the Active Directory. No luck… I get some error about insufficient permissions when I use the administrator account and the correct password.

    I found an article that said to fill in the style names, and I did that. no dice.

    Neither machine has a firewall.

    I’ve tried (1) Windows Printing, (2) Services for Macintosh (AFP) and (3) Internet Printing Protocol / CUPS.

    I’ve tried to manually setup smb printing via the CUPS HTML management tool. I at least get an error message there.. its:

    “Connection failed with error NT_STATUS_ACCESS_DENIED”

    So, thats good! The computers are talking, but not authenticating, I suppose. I gave ANONYMOUS LOGIN read priv to the printer.. no dice.

    Thats why I’d like to be logged in before I try this… But I can’t bind…

    I haven’t tried print services for Unix yet.. anyone try this? Have any ideas or suggestions?

    I GREATLY APPRICIATE WHOEVER HAS AN IDEA, ANSWER, OR THE SAME PROBLEM. I don’t want to be the only one trying to do this… :)

    Right now, the best solution I have is my share. Save file to share, connect via RDP (or walk to the server) and print… but that wouldn’t work in a domain with 100 users, and I find it quite annoying for myself.
  26. § Andrew Gray: After beating my head against the wall, I tried this from

    Using the Terminal and mount

    % mkdir myshare
    For you to mount the share, you need to be logged in as root. Once you’ve created the directory, su to the root user, then enter the following command:
    # mount_smbfs -W myworkgroup //username@netbiosname/share ./myshare

    and I was able to connect to the shares, but I can not browse
  27. § Alex Ackerman: We’ve been having the same issue with afp shares not always mounting for some users on a 2003 server; we don’t have a 2000 server that I can test out though. We can mount all of the shares fine with SMB but for right now that’s not a work around that we can use. Does anyone know how to fix this issue?
  28. § Tony Dailey: Thanks for the help I worked on this problem most of the day at a customer sight. I’ll go back tomorow with some confidence.
  29. § Gareth: Hi, okay this maybe a little off topic im not sure… i have done the above to get access to the 2003 server from our osx machines and all is sweet, we can browse etc..

    however, copying files TO the server takes much longer from a mac then from a pc, yet both can copy files FROM the server to themselves at the same normal speed… ie sending 100 mbs to the server takes 10 seconds on a pc… 2 minutes on the mac…

    anyone any idea?
  30. § Chris Morris: Home run! I have been looking for this for a few days.

    I just wanted to thank you for this.
  31. § Jon: I run a Windows 2003 server (Appliance Edition) on an HP NAS 2000s. One Mac user on my network was reporting a problem connecting via SMB, and I couldn’t figure out what the deal was. Then, about a month later, another user and I both started having the same problem at the same time.

    Users on my network authenticate via Windows’ Active Directory architecture, so when they want to connect to a network share, they just have to do Command-K, select the server, then select the share (no username or password needed). Upon selecting the server to connect to and hitting OK, the user received this error:

    The Finder cannot complete the operation because some data in “smb://” could not be read or written. (Error code -36).

    I tried connecting via the command line:

    mount_smbfs -I //jonp@servername/sharename /mounts/localmountdir

    and received an error containing:

    ... extended security lookup2 …

    That led me to this page, which indicated that it might be security certificate related. Knowing that Kerberos relies heavily on time stamps, I wondered if there was any time difference between the problem clients and the server. Sure enough, their clocks were a few minutes off from one another, enough to foul things up.

    I synchronized the clocks using NTP, and now all’s well. Thanks for this hint – it wasn’t exactly what I needed, but it got me in the right direction!
  32. § Kim Bergholtz: Thx a bunch for this info.. I’ve just updated from a 2K server to a 2K3 server and suddenly I couldn’t access the hidden shares – or any other for that matter. Using this policy made it all so much better.. thx a bunch.

    I wonder if this is also the case between 2K and XP when the first mentioned is trying to vonnect but can’t / fails.. I bet it is.

    Thx again :)

  33. § David Rolfe: Thursby software sells a package called Dave that allows you to connect to smb shares with encrypted passwords. I just installed it and it works fine. But it is a tad pricey at $119.
  34. § Mark Borchers: Thanks for this info – it kind of helped. However, it did not solve it. I hate to say this, and I’ll probably be screamed at for it, but I found to completely fix my authentication problems to Win Servers with my particular i-Book, I had to lengthen the UTP cable. While trying to figure this out, I had the i-Book plugged in to a hub/switch via an ethernet cable only 18 inches long. That was cool, I thought, I have used this same cable for a myriad of other laptops (IBM) and desktop PCs for doing maintenance, repairs and the like. But not the i-Book. With this 18-inch cable, I was getting hopeless ping failures, error 36’s and 1024’s, couldn’t authenticate, couldn’t find resources, etc. Then, since I hadn’t tried it, I moved the i-Book to another location. Bingo! Up it came, with full networking capabilities. Took it back to the 18-inch cable, no good. Got a 30-foot UTP cable, plugged it in to the same hub port, and it worked perfectly. Attenuation, in my case, was the key. Not enough of it. So, if all else fails, stick in a longer UTP cable!
  35. § Bob Dole: I’m a big believer in size matters, but I seriously doubt it was the length of the cable that fixed the problem. I’m thinking your 18 inch cable was just bad. Anyway that’s for the info
  36. § JC: I thank you. My clueless IT guy thanks you. His wife and baby thank you, because he looked about thirty seconds away from filling his pockets with rocks and taking a dive off a suspension bridge.
  37. § John Hook: I have a similar problem to Accessing a Windows 2003 Share from OS X with the exceptions that I need to access a Windoz XP “Pro” box, and a Windoz Me (Millennium) box. I can see these shares in my network but when I try to connect I get the message: “The alias could not be opened, because the original item cannot be found.” I can ping both boxes, and both boxes can use files on my Powerbook 15” Aluminum 10.3.8 box. This Powerbook previously was able to access both of these windoz boxes but something happened to stop this. I would be very thankful to anyone who has a solution for me. Thanks, John Hook, Tampa, FL (813) 928-1440
  38. § Shaft: John look at this solution:

    for windows 2003 members server:

    From Administrative Tools, open Domain Controller Security Settings.
    Go to Local Policies then Security Options.
    Scroll down to find the entry Microsoft network server: Digitally sign communications (always). Set this to Disabled

    for windows 2003 domain controler:

    Use the default domain controler Security Settings

  39. § Edward Fron: Thanks! Never had problems accessing a Windows 2003 Share from OS X until installing Windows 2003 SP1.

    Since my 2003 server is not a Domain Server I did the following:

    From Administrative Tools, open Local Policies then Security Options.
    Scroll down to find the entry Microsoft network server: Digitally sign communications (always). Set this to Disabled
    Scroll down to find the entry Microsoft network server: Digitally sign communications (if client agrees). Set this to Enabled

    CMD: gpupdate

    Thanks Again!
  40. § cborkowski: Active directory users. There is light at the end of the tunnel. Here’s what I’ve found to get our setup to work.

    OSX 10.3 on up.

    Before you proceed be aware of what admin is doing what. Through the course of binding you’ll have to enter local OSX credentials as well as Domain Admin Cretentials.

    1. select cache local accont in AD plug in.
    allow administration by domain admins – enter yourdomian\domain admin, yourdomain\enterprise admin

    2. Bind your computer using a local OSX account that has the SAME user name and password of an existing AD account. Sure the sid and uid will be off but the username and password of the local account will be enough to pass you through using a true Domain Adminuser name and password when you’re finally asked for the info.

    3) Repeat (it’s insane) unitl it is bound. It may take a couple of times.

    4)After you’ve bound your mac be sure to add the domain and LDAP info in the authentication and directory tabs in the AD plug in.

    After that is’t all gravey – OSX accounts can be created fresh out of active directory and the newly created accounts even mount the users home folder specified in AD. Drives, Printers and Shares are all fully authenticated when using the proper domain folder in the network browser.

    The big problem arrises when using Windows Shared Drives – we’ve run into a number of issues revolving arround OSX data and rescource forks that cause privledge errors when mac clients connect via smb. Some OSX clients can’t move or rename folders in a timely fashion because the server w2003 doesn’t release the files from “in use”... for (sometimes) days.
  41. § Grant: Sadly, this fix doesn’t work for me. My administrator assures me the aforementioned server fix was implemented some time ago, and his ability to connect to the server backs him up on this. However, I still get the same error message.

    Even more annoying: I can create a new user account and connect to the server with it just fine. So, it’s something specific to my user account. (well, I should mention I STILL can’t connect via smbclient, even with the new user. But the finder has no problems.)
  42. § Ken Ip: Thank You!! You really save my life!!
  43. § Porchland: Our outside IT guy couldn’t figure this one out, but you did!

    I never had problems getting on board Server 2003 from my Mac machine through Virtual PC for Mac 7, but I was never able to get into the server running on the OS X 10.3 side.

    I’m planning to update to Tiger in the next few weeks, so this will be a HUGE help for backing up my PowerBook before nuke and pave.

    Once we finally stop using WordPerfect—it’s a law firm thing—I’m hoping to work almost exclusively on the OS X side of the PowerBook.

    Thanks again.
  44. § Walt: Awesome! Thanks for this. I knew it was an SMB issue, but I thought it was signing. I was using Dave 5 until the Tiger upgrade which nuked Dave. Thursby won’t have a new verion until late summer, but now I don’t need it.
  45. § Tom: Mr Drew,

    You are a gentleman & a scholar. I had some violent tendencies at first, but they are now at bay.

  46. § Simon Cavill: I’m having odd problems with Entourage since my colleague installed the SBS SP1 on our server. For some reason any mail items with file enclosures seem to take forever to get sent to the server. However If I give up and delete them, they seem to get sent anyway! I also have a similar problem (related?) copying files from the mac (OSX 10.3.9) to the server. The process takes forever and usually ends in a -36 error on the mac. Any thoughts?

  47. § JT: Has anyone tested OS X 10.4.1 integration with the Active Directory? I need to setup the following:

    (1) Run Tiger as a W2K3 Domain Controller
    (2) Automatically mount network “Home” dirs
    (3) Setup roaming profiles

    While I see these are big advances for Tiger, I have yet to find any editorials comparing these advances to the previous issues with Panther. Does the W2K3 Schema still need to be manually modified? Will the W2K3 servers be forced to downgrade their authentication mechanisms to enable interoperability with OS X 10.4.1?

    I also see that neither the Cisco VPN client, nor Norton Anti-Virus is currently compatible with OS X 10.4.1. Are their any other incompatible programs I’m unaware of?

    And finally, when considering Active Directory integration, which product is easier to implement and administer? ADmitMac or OS X 10.4.1?

    Thanks in advance.
  48. § Charles E. Grant: Thanks very much! This has been troubling me for some time, and it cleared the problem right up.
  49. § Gianni: On my Win 2003 server this setting was already “Disabled”. Still one of the 4 Mac OS X machines (10.3.9) displays ‘The Alias “WinServer” could not be opened, because the original item cannot be found’. All Mac’s can connect to the server if I hard type “smb://ipaddress/” after choosing “Connect to Server” from the “Go” menu.

    The internal easy network browser in Mac OS X seems to behave different. I compared the local settings on all Mac’s, I checked the firewalls, the Directory Access Utility and cannot find a reason why one Mac still has the problem while 3 Mac’s can connect from the Network Browse as it should!

    Also it seems many Win XP Pro users run into this issue reading some other posts. What does the Network Browser in Mac OS X do different than “Connect to Server” in the “Go” menu?
  50. § Steve: Interesting find…

    Been working on this for bit(day and a half on OS X 10.4.1).. I did determine that it was a policy setting on a DC that was causing the issue…

    Also, AD kerberos does work NICE ! And you can even impersonate by creating yourself a new Kerberos ticket using the in System/Library/CoreServices then use the app to change your currently selected Kerbero Ticket.. Viola mount using a different AD user.

    Question: Can SMB client signing be turned ON on OS X to fix the issue instead of leaving Windows boxes vulnerable to MIM attacks by changing this policy ??

    Good work..!
  51. § verbal: WOW Thank you so much. Works with X.4 first time.
  52. § spectrum: Well, I had enabled these settings long ago because we have a few XP Pro clients on the Windoze side.

    However, my macs still have this problem. So, this fix hasn’t “fixed” my mac issues. :/
  53. § kathy: Help – I am using a lab of iBooks with a Windows2003 server. We are able to connect to the server via afp. However, the computers will not keep the connection. The computers randomly disconnect – I need a solution fast. I have been assured all settings on the server have been adjusted to fix the problem. However, we are still dropping off.

    I also have another lab of os 9 and os x desktops and the os x emacs have the same problem. We need to have this fixed soon—any suggestions.
  54. § David: For the record: I had a similar problem to the original one here except that I was trying to connect my new (wonderful) Mac running Tiger directly to a Windows XP Home client, not a server. A connection which had been working perfectly started to give the ‘original item cannot be found’ error.

    The discussion above prompted me to look at security settings on the PC. I realised that the firewall (Kerio) on my PC, which was running when we first connected, was not running. Once I restarted the firewall, the connection from my Mac worked again. I have no idea why this works this way but it worked. Might be useful to someone else.
  55. § Jerry: I found some documentation on Microsoft’s site about how to connect clients funning 10.3 and up to Windows 2003 Small Business Server. It talks about setting up for SMB and (in the appendix) Services For Macintosh. It is a 40 page document that goes step by step through everything including several ways to access email on the server.
  56. § Ahmed: Thanks heaps for that, you’ve saved me a big headache.
  57. § Josh: Thanks, a lot! I’ve beating myself up over this problem for days. This solution works great. Also, any suggestions on making my network alias’s remain on the desktop after rebooting? Using Mac OSX. Any help would be greatly appreciated.
  58. § VolneiChicago: I tried to do the changes in my server according to above.(Digitall sign (always) = disabled) However, there is no way for me to access the domain controllers shared folders.

    It gives me the “alias” message and in the console I have mount_bmfs: could not login to server MYSERVER: syserr = permission denied.
    PS.: it is MAC OS X joined to my domain.
    I can access others w2k3 on my network and XP boxes.
    Anyone has seen this problem?

  59. § Rico from Toronto: Hey Drew,

    Another butt you saved here…

    Guessed I’m lucky, just met with this issue 2 hours ago. Otherwise it could be another 6 months for me to solve if I didn’t find your page.

    Probably enough links now that google ranked you high, I’ve now bookmarked your blog =)

  60. § Ronny: Hi,

    I have a very similar problem as the one that this wonderful solution caters for:

    Mac OS X 10.4 computer trying to connect to a share on a Windows XP machine over a local area network. Mac connected via Airport wireless to router/DSL modem, PC connected via ethernet cable to the same router. All internet connectivity fully functional, ping between systems works, sharing works for a third Windows laptop also connected to this network, but NO WAY I can get the Mac to connect to the Windows XP share.

    Seems to be a problem with password encryption as well, but there’s not really a Policy key that I can find to disable it… HELP???
  61. § Fabio: Hey all

    I have just run into the same problem with my W2k3 SBS and a Mac mini running Tiger.

    I have fixed the security issue on W2k3, but I still cannot connect to shared folders on W2k3. When connecting to it with “smb://...” no logon popup appears, but the usual error…

    Anybody can help?

  62. § Daniel Lanovaz: Bravo. Finally an article that described how to solve my SMB connectivity problems between a Mac OS X 10.4.2 machine and my Windows 2003 Server shares. I will certainly forward this article on to others.
  63. § Gern: I appreciate your advise.

    We’re able to reduce much time spent for this configuration.
    Thanks a lot.
    (worked on OS X 10.3.9 Japanese)
  64. § analytik: OH MY … EVERYTHING!!!

    Thanks, thanks a million times! We’ve spent few DAYS trying to google for a solution, even Apple support is quiet about this problem – man, you’ve saved me a lot of trouble. Thanks again.

    Oh, and for google users like me: Mac OS X 10.4 10.3 smb samba can’t connect incorrect password smb/cifs Finder console
    tree connect failed: NT_STATUS_BAD_NETWORK_NAME
  65. § Sparrowhawk: Brilliant! Thanks much
  66. § Jared Eitnier: great info…thanks a bunch
  67. § Ross: Hi

    I have tried all off the suggestions with the Domain Controller Security Policies to connect using afp however I get an error message that the Volume cannot be mounted (mount failed).

    I need to access an Adobe CS2 Indesign file on a Win2k3 server using AFP because Indesign CS2 does not work with SMB.

    Does anyone know why I am getting this message and a work around to incorporate both AFP and SMB.

  68. § Matt: AWESOME! Thank you so much for sharing that information. This was my first attempt at connecting a MAC to Windows Domain and I Was having the same issue and was a bit lost.

    Thanks Again!
  69. § Brian Corder: Just wanted top say thanks. Great solution. Our ‘consultants’ said it wasn’t possible, and they wouldn’t do it. Needless to say, now it done.
  70. § Andy T: Win 2003 sp1; Mac OS 10.4.2. All server settings are correct (smb signing, etc). File servers allowed access to Mac OS for 4 weeks. Yesterday FS # 1 gave the -36 error (can;’t read smb data); today FS # 2 started with the problem. FS # 3 still works for now….shares on the DC’s are also available (for now). It’s only a matter of time I guess. Anybody got any ideas?
  71. § Paul Lammertyn: GREAT ! I used to connect macs to windows servers on a regular basis until OSX arrived! Thanks to your solution I’ve got it to work under OSX also. Many thanks
  72. § Scott New: Many thanks. You are a life saver.
  73. § Larry: Thank You!!!
  74. § dean Marshall: excellent tip….googled…found and bam! Saved me after trying off and on for months and were not dummies :)
  75. § Jessica: I was getting the error message “The alias [server] could not be opened, because the original item cannot be found.” Then I came across the article and the solution worked, allowing me to connect to the server.

    However, a week later, I am getting the same error message again and the settings haven’t changed in AD. I even tried “not defining” the service and re-disabling it followed by the gupudates, but it hasn’t worked.

    Any suggestions?
  76. § jimena: Hi
    we have the same problem with InDesign CS2, we need to connect Mac OSX to windows 2003 server via AFP. I try with “connect to server” but I recieved the error code -35…

  77. § Kieran Egan: Thanks for the tip. Came across the same problem in RedHat 8.0 – Samba 2.2.5 not seeing shares on W2KSBS. Your tip fixed it.
  78. § charles: I am looking for any information on how to setup a roaming profile for users on our network im running panther and windows 2003 server. any help id love it thanks.
  79. § Melpheos: You made my day :D

    thanks a lot, it saved me a lot of time
  80. § karl: i tried your suggestions but it doesnt work for me, i dont know what was the problem, the error was “alias cannot be found” and another thing was i had a user that can connect to active directory, but when we try other user, we cant connect….pls. help me, thanks
  81. § Susan: Just want to say thx a mil had 2 engineers out to look at this and they purchased telephone support from Apple reseller and still couldn’t fix it. I read your article today and solved it in 5 mins. Thx a million very helpful
  82. § JIMz from HK: IF your page does show up as the first link when people google for the same solution, it would have saved millions of hours from all the people sharing the same headache.

    My blessing goes to those still seeking this solution, and hats off to you. ;)
  83. § Antony: The tips here are very useful. But I’ve another problem about prining. I’ve a few Macs using OS X client (10.3) connecting Windows 2003 Server SP1 (both file and print server)using AFP.
    1. Sometimes after printing from Mac, it state that cannot connect to printer.
    2. Macprint servers sometimes drop out of zones and can’t get back.

    Any suggestion.Thank you! :)
  84. § Dashrath: i have win2003 base problem is that my all client is disconnected after 10 to 15 minute whenever i connect to my server.plz give me solution.
  85. § Scotteh: This is all well and good for a domain controller, but what about a w2k3 server that is NOT the PDC? I dont have that option in my Administrative Tools menu and I assume its because this computer is not the controller.

    Also, has anyone sent this thread to Apple? This seems so insane that they wouldnt do an update (for ALL the oses) so we dont have these problems!! (but in the world of computers, what else is new!?)
  86. § krd: New to Mac platform – great tip for the first issue i encountered after marrying the 2.

    very cool this thing called Mac :)
  87. § Todd Beals: Wahoo…..!! You’ve made me look like a champ and I can’t thank you enough :) Thanks so much for sharing and I owe you a 6 pack…

    I’ve looked for days and talked to many “experts” and this was such an easy fix….
  88. § The Mutt: OMG!! WWJD? Use this tip I hope. It was absolutly driving me nuts! That answer was like a gift from “J” himself. THANK YOU!!
  89. § Timh: A Win 2K3 server I had set up using this info had stopped accepting Mac OS X connections. Turned out that I had to enable NetBios over TCP/IP under properties of the ethernet connection>TCP/IP>Advanced. Then connections were working again.
  90. § Harold Brown: You are the man, I spent close to ( well there and there abouts) 100 years trying to figure this out. Thanks a heap I’ll make sure I pass this on to my friends.
  91. § Bryan: Thanks for the tip, this solved a lot of headaches when the one Mac user visits the office :)
  92. § cesar: my error started with “username or password incorrect” even though it never prompted me with a password box. i changed the security settings, no change….read timh’s post, enabled netbios and now my error is “some data could not be read or written, error code -36.

    still going at it
  93. § Ras Teddy:

    As we would Say in Barbados “Be Christ this working real good boss”

    Thanks Allot

  94. § Gabo:

    Sirs, I have a similar problem when trying to access the server from the network like \\domain.. always says “network path not found”. if I try to ping server does work but if I ping the IP Works.

    What do you think?


  95. § Charles:

    Jimena, when connecting to an AFP share the -35 error code is caused because you need to install the Microsoft UAM. This is required by Windows 2003 Servers because the MAC tries to send the password in clear text and the Windows machine will not allow it.

  96. § Jeff Adams:

    I found this article which helped me tremedously in connecting to win2003 server active directory.

  97. § Robert C. Wafle:

    LOL, I suppose this is still a problem for many. I hear that Tiger fixed a lot of issues with this. Can anyone confirm? I want to purchase a Mac with OS X Tiger soon.

  98. § JackSim:

    Thanks for this hint!

    Robert, it’s not fixed on Tiger. I ran into the problem using a Mac with Mac OS X 10.4.4. This hint allowed me to connect to Win 2003 shares from that Mac (it wasn’t working before that).

  99. § Jeremy H:

    I’ve had several Macs connected to a w2k3 file server working great, except for the ”._” issue that I have to work around. I recently upgraded my DCs to w2k3 but still operate in 2000 native mode since I have a few 2k systems floating around. Shortly after demoting my 2k DCs and shutting them off and then upgrading our network core switches to all gigabit, our Macs started having huge issues that I think might be related to authentication/smb signing and am hoping someone else has had the same issue and can help sort it out.

    When our Mac clients transfer files to any Windows box in the org now they will hang near the end of the transfer and on occasion the connection will fail.

    console logs show;

    Feb 16 15:23:25 macuser kernel0: smbfs_smb_qfsattr: (fyi) share ‘NTFS’, attr 0×700ff, maxfilename 255
    Feb 16 15:24:29 macuser KernelEventAgent85: tid 00000000 received VQ_NOTRESP event (1)
    Feb 16 15:24:29 macuser KernelEventAgent85: tid 00000000 type ‘smbfs’, mounted on ’/Volumes/datafolder’, from ’//DOMAIN;MACUSER@SERVER/DATAFOLDER’, not responding
    Feb 16 15:24:29 macuser KernelEventAgent85: tid 00000000 found 1 filesystem(s) with problem(s)
    Feb 16 15:25:52 macuser kernel0: smbfs_close: error 60 closing
    Feb 16 15:26:13 macuser KernelEventAgent85: tid 00000000 unmounting 1 filesystems

    The log says it is unmounting the filesystem but it rarely really does unmount.

    I don’t see any errors on the server side.

    Anyone else seen anything like this?

  100. § Vital:

    Thanks so much! I set up a pretty nifty little network here for what is now my place of employment (network admin) and have win2003 running as a domain controller and file server! When I recently bought a mac notebook, the only thing that I could not figure out that made me hate my life everyday was this problem! You put an end to a headache that has been killing me for months!! THANKS AGAIN

  101. § Johnny:

    Yes, it’s great, but to reiterate the point that has been brought up before: What are the implications of this to the security of the network?

  102. § Aaron M Baxter:

    We did all the above steps on the server software and installed the MS UAM. NOW, I can log in, but when I do all I see is something called the Microsoft UAM volume. All it contains are OS9 UAM installers.. That’s the only thing I can see.

    Is there something else that needs to be done on the server software that allows me to see what I actually came for?

  103. § Ryan:

    Thank you !!!!!!!!!!!!!!!!!!!!

    Trying to access Windows 2003 share from VMWare ESX Server using SAMBA Client. This did the job !!!! Cheers !!!!!!

  104. § Jase Clamp:

    I manage a design firm with 10 stations, a mix of os X and sbs03 server…. X users were cut off for like 5 months. And now…. its so simple.

  105. § Billy:

    BEST FIX EVER!!! Thanks man.

  106. § vitor:

    even though i was able to go through the part that asks me for my password, and recognize the server, after following your instructions… i can’t go through the part that says “Select the SMB/CIFS shared volume you want to connect to”.

    Once i choose the one i want from the menu, it goes back to the “The alias ‘XXX’ could not be opened, because of the original item cannot be found”. I’m going back and forth to the windows server to figure this out, but i can’t! HELP, Please!

  107. § Paul Wynder:

    My problem is the other way round I’m afraid – trying to connect PC users to Mac SMB shares. Being in a massive corporate AD network I’ve absolutely zilch chance of getting the admins to turn off SMB signing. More chance of Saddam getting a US passport.

    PC users trying to map to the Mac SMB share get prompted for an ID/PW. Even entering a valid account just brings back the same prompt (and increments the failed logons count for the AD account in the process).

    Thursby’s DAVE installed on the Mac server overcame this. Unfortunately though, my joy was short-lived when it completely screwed Mac AFP clients connecting to the concurrent AFP share for the same volume :(

    DAVE + AFP + AD all in the same bed is BAD news for AFP clients, unless you can mess about with your DC. Any two of the three will work fine together. Thursby don’t want to know when their product merely breaks something else.

  108. § Ricardo:

    You Rule! Thank you so much for posting this.

  109. § Christoffer Ericsson:

    This guy should get the nobel price or something! Absolutely brilliant!

    Now it works!

    Thanks man!

  110. § Carl Fink:

    That tip about turning on NETBIOS over TCP/IP just fixed a problem that had frustrated us for weeks.


  111. § Michael:

    To #99 Jeremy H, regarding locked files on 2k3 server aka the ”._” issue.

    Read the info at the link below.

    Looks like we have limited options to “fix” this OS X “feature”.

    Simple, Robust or Cheap – pick two.

  112. § Skyroom Ron:

    Thank you so much. I’ve wasted hours on this problem and I was relieved to see that someone smarter than me had already nailed it. Once again it showed that the Internet is synonomous with information, and that Google is the entranceway.

    Thanks again for taking the time to post this solution to a vexing problem.

    Skyroom Ron

  113. § Mats:

    Tadaa !! I can confirm that this is a workable fix even under SCO Openserver 5.0.5 !

  114. § Garrett Dimon:

    Thank you. Thank you. Thank you.

  115. § TonyM:

    You may alternatively install the Microsoft UAM on the Mac so it uses encrypted passwords. Do a google search for download and howto.

  116. § tetranuta:

    Thank you so much. I tell us in spanish.
    pase mucho tiempo buscando la solucion a este problema.

  117. § ramil:

    can i marry your brain…
    thanks dude…

  118. § Toby:

    Yes, you “fixed” a macintosh problem by disabling a security feature on a windoze server…

    I dont really clasify that as a fix in anyway at all, but more a work around for a problem which hasnt been solved yet…

    Still, very nice work, seems you have made a lot of people happy :]

    You made me happy with your image in the banner, but this post doesnt solve my problem or answer the question – just a botch it work around untill i actually know why this problem is occuring or mac fix it!

  119. § Drew:

    Toby – of course it’s up to the individual to assess the security concerns before making any such change. However, I think you’ll find that for most people this won’t be a concern. If your security model relies on a Windows server encrypting SMB connections, then you probably ought to be tunnelling your connections instead.

  120. § Dam:

    We got the same problem for a couple of days. Thanks to your excellent explanation and hint we’ve solved the problem with a few maus clicks.

  121. § Thomas Wittke:

    Great tip! Thank you for posting that!

  122. § Jorge:

    Dear Drew, For me its been a year trying to find a solution to connecting my house Macs (preferred by the whole family) to our Win2003 Server. You’re a life saver. Just when they had almost lost all confidence in “Techno-Dad”. You’ve recued my shattered reputation and I thank you much for this. Nevertheless, I’m taking full credit in order to regain their adoration. Thanks again!

  123. § Jimbo:

    This isn’t quite what I need, I have an issue with to Win2K servers via afp: random disconnection of Mac OSX users, open a desktop share up and it appears think it’s a different share, and we have 3 Win2k shares per desktop – and this appears to lead to kernel panics. Any suggestions? I have heard that ExtremeZ-IP fixes this sort of behaviour – but I’d rather not spend that sort of cash.

  124. § Vince:

    thanks, upgrade my 2000 server to 2003 and my os x box could not login… many thanks

  125. § nl-x:

    Domain Controller Security Settings should be
    Domain Controller Security Policy in my case. But thanks anyway.

  126. § Mark Wilson:

    I’m a Windows man who is making the switch to a Mac at home and this one had me stumped until I found your blog – thanks for taking the time to post the solution.

    Strangely, the option to digitally sign communications (if client agrees) didn’t seem to make any difference, so it really is necessary to disable digitally signed communications (always). Although it would seem logical to make the change via Group Policy, this is a computer setting (so is not applied to a user account) and as Macs are not domain members they are not affected by group policy either (although the policy for the target server could be set at domain level)

    Beware that if editing local policies, these are overridden by site and domain-level policies; however in this case, it’s probably best to make the change only on those servers to which access is required from a computer that doesn’t support SMB signing as the need for digitally signed communications is intended to prevent man-in-the-middle attacks from occuring and disabling this represents a security risk. Further details can be found in the Microsoft Windows Server TechCenter (

  127. § Ash:

    In response to Aaron Baxter (post no.102)

    I had the same problem. It turned out that I had made the simple mistake of typing in the IP address of our domain server instead of our file server.

    Entering the correct IP address into Finder-Go-Connect to Server gave me access to the shares that I was expecting to see

    The only shares visible to a G5 on the domain server were the UAM and a Sophos Antivirus folder or two.

  128. § Johan Stoop:

    Woow: I’m really impressed with this easy solution.. This works now for all my mixed environnements with Mac-W2K3-Linux clients.. Yee thx a lot

  129. § Miles Wu:

    Thanks so much. I’m still surprised this hasn’t been resolved in 10.4.7

  130. § John Freeman:

    Wow! Thats for the tip! we just upgraded our server to 2K3 R2 and had a heck of a time getting our mac clients to connect. Now, they connect without issue.

    Thanks again!

  131. § Jasen Nicewonger:

    We have 2 Win 2003 File Servers. We do not use afp because it is a v 2. something (old technology) our macs are bound to A/D using the active directory pluggin. Kerberos and SSO work perfectly when connecting to these servers. They can even change their A/D password and it syncs with their keychain password. No downgrade in security was required.

  132. § Philip S.:

    Fantastic. Straight to the problem. Problem ‘nixed! Thank you sir!

  133. § GL:

    We had similar issues, and especially issues with Quark and Dreamweaver. I was about to lose all my hair. We finally bit the bullet and bought Extreme IPZ. It solved all our afp, Quark quarkiness and resource fork problems.

  134. § Matt Hollander:

    Hey this works pretty well. Thanks for the help. Now if anyone can tell me how to setup roaming profiles so that I can roam from Windows XP Pro to Mac and Back to Windows without using ADMIT MAC email me PLEASE.

  135. § Diego Fernandez:

    Thank you man!!! your tip is great, i’ve been fooling arounf for hours trying to tackle this issue!!!

  136. § Carlo Patargo:

    Like magic: its simple and easy… once you know how to do it. Thank you very very much.

  137. § Shawn Levasseur:

    Thank you for this article. I’ve been having this problem for a long time, and had given up on it. Just gave it another try, and found this page via Google.

  138. § andrew:

    thank you so much.

  139. § Shidony:

    Brilliant! Tried this with SCO OpenServer 5.0.5 today and the problem I’ve been wrecking my brain over ceases to exist :D

    Thanks Microsoft for the headache and TYVM Drew for the prescription :)

  140. § Frank:

    THANK YOUUUU Perfekt solution! Greets from Frankfurt

  141. § Tsuko:

    Thanks very much. Moved to MacBook from PC a couple of months ago – everything is so much simpler! My firm is half-half split Mac and PC still. I installed SBS2003r2 a few weeks ago, but was only managing to fully access server folders using Parallels which was annoying. I’ve been searching for this solution for a fortnight – now I can sleep at night! I’ll share the knowledge.

  142. § pj_servadmin:

    If it has not been stated yet, the reason that encryption is the default is because you can do replay attacks to against the server.

    Specifically, I ran into this issue when trying to reduce SMB communications overhead between domain member servers – the thing that failed when I flipped it over to “never encrypt” was an inability to download the group policy file (even though it was not being used).

  143. § llw:

    I have the same problem—from my new imac, I get an error message ”[computer name] could not be opened, because the original item cannot be found.” I read the remedy above, but cannot find Administrative Tools to begin thep process.

  144. § Patrick:

    Upgrading to Tiger fixes all this guys. The goofy Quark filenames, locked and disappearing files are fixed. You can also have your OSX users log in to their machines under AD credentials.

  145. § Mrad:

    See, we’ve gone through this at my company. We just upgraded to Windows Server 2003,took care of the digital encryption, and we can connect to the windows shares okay, but the connections keep dropping. We don’t lose any other network connectivity.

    My sysadmin is stumped. Anyone got any ideas(pretty please)? Thanks in advance!

  146. § Mrad:

    Actually, it looks as though it was a licence issue – we didn’t have enterprise edition, so we had a limitation of 10 user connections at a time. Well, there are about 20 people in my company, so we where constantly competing for connections!

    Anyway, hope this helps anyone who might have this issue.

  147. § Thierry:

    Wonderfull. THE solution for me here also !!
    Great thanks from Paris, France

  148. § Matt:

    This is great. I’m a first time MAC user and a LONG time windows user. I’m running OSX 10.4.8 and this problem was driving me crazy. Apple has to correct this problem for users asap.

    Thanks A Bunch.

  149. § James:

    Hi, everyone. We had a similar problem at our school where we needed mobile lab iBooks with OS 10.3 and 10.4 to access AFP share on Windows 2003 server to be able to run Mavis Beacon Typing program. The problem was when we tried connecting to AFP it would give us errors (different error for OS 10.3 and 10.4). In OS 10.3 it would not let us even connect to the share but OS 10.4 it would come up with a login window and fail after you logged in. When we connected with SMB it worked fine, but the typing program was not compatible with SMB protocol. Its amazing how such a simple solution had us stumped for weeks. We called Apple and Riverdeep (Mavis Beacon Teaches Typing 16 company) on this issue, Apple said there was no know issues connecting OS X to AFP shares on Windows 2003 Server, so they were no help. Riverdeep spent hours with us on phone support to try to figure it but were not able to help. After spending hours with outside network tech support we were able to find a very simple fix that we should have seen right away. Here is how we solved this issue.

    1.)You will need to create a new share that you want to access.
    2.)Go to Start menu on your server
    3.)Open All Programs -> Administrative Tool -> Manage Your Server
    4.)Under “File Server” click on “Manage this file server”
    5.)Under “File Server Management” tree right click on “Share” and select “New Share”
    6.)In the Wizard click Next
    7.)In this next window either browse to the place where you want to create the new share or type it in and click Next.
    8.)Here is where we found the solution. Make sure “Apple Macintosh users” is checked, and click Next.
    9.)Configure your permission in this next window and click Finish.
    10.)Now you should be able to access your AFP share from your Macs, at least in our case this worked.

    Also thanks for everyone sharing their knowledge on issues, you guys have been great help. These types of forums are more help most of the time than the people that actually created the software.

  150. § Jr Network:

    Best solution for W2K3 Server with MAC OS 10 or above save me TONS of time

  151. § Ellert:

    Great find.
    While i am being cursed by all the windows nerds here in the company for buying a Mac, they where laughing at the problems i had with this. (yes its sad, but that is the real world eh)
    Thanks for this sollution.
    I wonder if it would be that difficult to detect this problem for Apple. Instead of finding a sollution they could at least give a more descriptive message…

  152. § Jose Wilches:

    Sir, thank you very very much, Google and yourself Rock.
    Saved me a lot of headaches.

  153. § Jason Clark:

    Thank you so much for posting this information. Saved me hours of frustration trying to figure out why the network folders seemed to be a snapshot rather than a current look!

  154. § David Kim:

    Have been struggling with this for months, on-and-off. The solution works, but for me there was one other key thing to avoid Error -36.

    I had installed Windows Server 2003 but not as a Domain Controller and had operated my network in Workgroup mode. Along with this, I am not sure my DNS server was properly configured.

    Short story: I ran the Domain Controller/AD setup wizard (new Domain, new Forest) and let it auto-configure the DNS.

    Then, presto! All the Mac OSX and SMB interaction suddenly worked, with the above-mentioned security modification:

    Microsoft network server: Digitally sign communications (always). Set this to Disabled.

    Thanks for all the tips.

  155. § Justus:

    Thank you so much! I’ve been tearing my hair out on this issue for months!

  156. § tominko:

    and whats about samba server? i have freebsd server with running samba server and i want to connect there from mac, how i can disable there ‘Digitally sign communications’ ?



  157. § Michael Argentini:

    I love you.

  158. § adrianan:

    I can’t bind the Mac OS X client to the windows 2000 domain even I made the changes to Domain Controller Security Settings.The server is only domain controller server with no DNS capabillities.
    When I try to bind the MAC OS X client from directory access/Active Directory settings the response is “An invalid domain and Forest combination was specified. ...” Thanks for any tips.

  159. § Randy:

    Dude you rule!!! This worked perfectly and apple wanted to charge me $50 for tech support.
    I’ll just give it to you!!!

  160. § David Prosen:

    THANK YOU! I have a customer that I had to upgrade thier domain from NT to 2003, and they used 3rd party software to get Macs to connect before, but it was not compatible with Windows 2003. You saved me a lot of headaches.

  161. § Steve Trail:

    My client had been looking for a solution to get his iMac to connect to a windows 2003 share for a year. This got him connected in two minutes. You are the man. Thanks

  162. § Jimmy:

    WONDERFULLLLLLLLL! This has been haunting me for days now. Thanks!

  163. § daniel gauthier:

    weird, before implementing this change on the server, I was able to access the share via the smbclient command on the command-line, however the Finder was not working..

    I wonder why the Finder doesn’t use the encryption if smbclient is able to..

  164. § charley:

    Would this also work for printer shares on a Win 2003 Server? I can see the printer but it prints gibberish. The Mac book cannot be joined to the domain for the time being.

    Many thanks

  165. § Koen De Coninck:

    Thanks, I have been looking for this issue for some time and even crashed the windows 2003 server (installing the Macintosh services gave some surpising results).

  166. § Riyaz:

    Oh man! I tell you what. I have just bought a new MacBook, having spent over £1000 on it and with really no Mac knowledge, I was thinking that living the MacDream was going to be impossible. BUT – Your solution solve my networking error out in 4 minutes!!! Thank you so much for your time and detailed explaination. People like you are what makes the internet a great place! Thanks

  167. § Richard Maynard:

    Amazing – Windows Server 2003 and OSX Tiger didn’t work with sporradic erros and this minor policy change worked a treat. Thankyou so much.

  168. § drew:

    I love you so much right now. Thanks for posting this.

  169. § Richard S. M.:

    Thank you!
    This tip was great! Too bad I had to search a while on google to get it.. but it was worth it! :D

  170. § Dave C:

    We had access problems with both XP & OS X clients for file and printer sharing on an XP box, but changing LmCompatibilityLevel in the registry to 3 fixed it-

  171. § lodear:

    Excellent! Thank you for this! I’ve been talking to two different Windows gurus about this. They had me install Mac services, etc., and had me enable “digitally sign communications (when the client agrees)”, but never had me UNable “digitally sign communications (always)”! One little search, and I found the answer right here! Thanks again!

  172. § STIFF:

    Thank you so, SO much.


  173. § Troy D:

    Hey Mate, thanks a bunch for this.. I dont normally work with Macs but clients of mine consistantly buy different types of hardware and expect me to know everything.. your a legend!

  174. § Christoph Freitag:

    @timh: THANKS A LOT!

    After weeks (!) of looking for a solution of exactly this problem I reread the thread above, enabled the NetBIOS over TCP/IP settings on the Windows SBS Server—and magically I can now log on.

  175. § Sean:

    That worked for me, thanks a mill, i could have spend ages looking this up. fair play to you for getting it up on the web and on google search.

  176. § Augwell:

    I have a problem semi-related. Please read and help me if you can, I desperately need it.

    I am a mac tech at a research center with about 150 pc’s and 55 macs. I am able to connect and access all shares and volumes. My problem lies in changing network passwords from a Mac. With macs running 10.3 and 10.4, I am able to install the MS UAM and it allows me to successfully change password via the MS UAM window that says microsoft on it. But, on some 10.4 machines, I installed the MS UAM and rebooted only to find that when I connect to the share via AFP;//servername, the MS UAM window that says microsoft on it will not pop up. I am only getting the standard mac osx auth window. Please email me if you have a fix. I can’t find any info on this problem anywhere.


Work With Me logo

At we build custom content management systems, ecommerce solutions and develop web apps.

Follow me


  • Web Standards Project
  • Britpack
  • 24 ways

Perch - a really little cms

About Drew McLellan

Photo of Drew McLellan

Drew McLellan (@drewm) has been hacking on the web since around 1996 following an unfortunate incident with a margarine tub. Since then he’s spread himself between both front- and back-end development projects, and now is Director and Senior Web Developer at in Maidenhead, UK (GEO: 51.5217, -0.7177). Prior to this, Drew was a Web Developer for Yahoo!, and before that primarily worked as a technical lead within design and branding agencies for clients such as Nissan, Goodyear Dunlop, Siemens/Bosch, Cadburys, ICI Dulux and Somewhere along the way, Drew managed to get himself embroiled with Dreamweaver and was made an early Macromedia Evangelist for that product. This lead to book deals, public appearances, fame, glory, and his eventual downfall.

Picking himself up again, Drew is now a strong advocate for best practises, and stood as Group Lead for The Web Standards Project 2006-08. He has had articles published by A List Apart, Adobe, and O’Reilly Media’s, mostly due to mistaken identity. Drew is a proponent of the lower-case semantic web, and is currently expending energies in the direction of the microformats movement, with particular interests in making parsers an off-the-shelf commodity and developing simple UI conventions. He writes here at all in the head and, with a little help from his friends, at 24 ways.