In that case, it's working as intended. You can't simultaneously hide the presence of the devices on the network AND make them available for password-based access. By "able to access the system" I presume you mean that you can "see" the computer, but not actually do anything else with it.