Re: unrestricted access to a file share

Hi Steve,

Yep, I have also noticed that the raised bar is making it hard for
some that do want the open-access flavor of the old days. XP
in a home environment especially introduced some waves with
the "force guest" behavior.

I understand and agree that your posting and mine were not
endorsing the solutions but mentioning them (using guest and
enabling anonymous, respectively) as they addressed the stated
requirement of the OP.

On Guest, at least I assume it is right to call it authenticated,
since if you give it a password you need to provide that to
get Guest access. I also do not and have really never used
Guest but have always thought of it as getting the Authenticated
Users sid in its token.

Good to see you back, by the way :-)

--
Roger

"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uTEGHeWOGHA.3260@xxxxxxxxxxxxxxxxxxxxxxx
It used to fairly easy to allow anonymous access to a share in Windows
2000 when the admin or user wanted seamless access to a share and not as
easy in Windows 2003 with increased default security as several users that
have tried it have indicated. Interesting comment about "Guest is not
anonymous but known and authenticated" if I remember correctly I have
seen anonymous listed in security log and in Shared Folders -connections
when users are accessing a share when guest is enabled and everyone has
permissions though I have not looked into it that thoroughly as I have not
needed it myself. While there are other alternatives I was just trying to
help the original user accomplish what he wanted which seemed to be
seamless access with as little overhead/confusion as possible. In this
case the OP seems more focused on only the availability aspect of the
security triad of confidentiality, integrity, and availability. --- Steve


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:On2Q7DUOGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
Yes, I was thinking of suggesting use of Guest also to him.
I believe if Guest is used then the policy to Let everyone
permissions apply to anonymous users is not needed as
Guest is not anonymous but known and authenticated.
If however the Let everyone ... anonymous is used, as
the post indicated, then the Shares that may be accessed
anonymously comes into play.
Personally I still think Shenan has suggested the better
route, using an account/password that is limited to the
share access (no log on locally) and then just giving this
account out to those at the location. It they are using
XP this could be cached in the network credentials
manager of their normal account and they would then
quickly forget it.

"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uut0WtOOGHA.1180@xxxxxxxxxxxxxxxxxxxxxxx
If that is really what you want to do try enabling the guest account on
the server. In addition you may need to configure in Local Security
Policy [secpol.msc] the security option for accounts: limit local
account use of blank passwords to console logon only to be disabled and
the security option for network access: let everyone permissions apply
to anonymous users to be enabled. --- Steve


"Dragon Lord" <DragonLord@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:80E8086C-31AC-4820-A631-A0C620C2118D@xxxxxxxxxxxxxxxx
The way my business is set up, I need to create a file share that can
be
accessed by anyone. The servers will be deployed in the field with no
access
to the Internet or the central office. Users will need to access the
fileshare that have never been defined on the server (neither the user
or the
server are domain members) when they are at the remote site.

My Share permissions are Everyone for full/change/read.
My NTFS permissions are Everyone for read/write/execute

I have added anonymous logon to everyone through the security policy,
and
have even tried enabling null shares. Neither worked. Whenever I
access the
stand alone server, it challanges me for credentials.

Is there any way to open up the fileshare so it does not need to
authenticate the user?

Thanks








.

Relevant Pages

  • Re: write with cURL
    ... you can stop making excuses. ... Part of Jerrys' security is not letting you on his server... ... up an account for you, process the billing, etc. ...
    (alt.php)
  • Re: write with cURL
    ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
    (alt.php)
  • Re: write with cURL
    ... It takes time to set up an account for you, process the billing, etc. ... Sorry, my servers are secure. ... Nothing you have told me shows me you know how to lock down a server so that it is secure - other than to use the server's file security. ...
    (alt.php)
  • Re: having problems creating packages - access denied..
    ... I've given a global group (which contains all of the site server computer ... full share permission and also full local security permission. ... SMS uses the site server computer account to connect to ...
    (microsoft.public.sms.admin)
  • Mysterious "Support" account created on Win2k server
    ... One of my web servers appears to have had an intrusion. ... Advanced Server, SP3, up to date on all security patches. ... I discovered that the Local Security ... single local account called "Support" that I did not recognize. ...
    (Incidents)
Loading