Every time the AFP accesses a network it will have to obey the rules of Windows. Normally, network access from Desktop applications is very simple. The user assigns a drive letter to every network drive and enters the user name and password, if required. The application can now access the network drive through the network drive letter (e.g. F: or Z:).
The AFP, by contrast, is a server product that can be run independent of the registered user. Windows manages network allocations per user. This means that allocations are created the moment the user completes his registration. Inversely, this also means that as long as no user is registered, no drive allocations will be available. In the standard configuration both the Web server and the AFP will be loaded when the computer is started. If this is an automatic process the AFP will run with no registered user.
In AFP applications, access to other machines should only be made via the UNC notation, like \\Server1\D$\Data. During development and testing of your application you are usually registered with the server. In many cases, access to the network drive letter appears to work flawlessly. Don't be misled. Always test your application immediately after the system start, before registration. Errors are also possible if the AFP runs under a user account that is different from the currently registered user. In such a case Error 108 (Table is being used by different user) may display.
There is a further problem that frequently occurs when you access a network. Even though you can interactively access certain tables, AFP reports that access to these tables has been refused. In the standard configuration, the AFP will run under the user account SYSTEM. Usually, this user will have unlimited privileges on his machine, but no network privileges.
To access another machine you have two possibilities. Either you set up local users with identical user names and passwords on both machines, or, for AFP purposes, you set up a domain user who has the required privileges for both machines. Setting up a domain user is preferable over local users as this makes the configuration less cumbersome when machines are swapped and you already have a fully functioning domain. In contrast to earlier versions the user account being used for AFP need not be a local user account.
When using ODBC to access Visual FoxPro tables or Jet Engine databases (MDB files). you have to take access permissions into account, too. ODBC drivers always execute in the security context of the calling application. Neither the Visual FoxPro, nor the Access ODBC driver is a client/server driver, rather accesses all tables directly. When specifying the data source in the connection string, you must use UNC paths if the database is located on a different computer. The user account of AFP must be granted access to these files.
To sum it up - Whenever you access a network, make sure that this access is only made via UNC names and that the user registered with the service has Web server and data server privileges.