Re: Anonymous Acccess to File Share on Windows Server 2003

From: Robert (anonymous_at_anonymous.com)
Date: 02/25/05 

Date: Fri, 25 Feb 2005 00:10:28 -0800

When a non-domain or machine from another domain attempts to access the
share they get the credential manager UI (dialgoue asking for user/pasword).

The user can log in using "guest" which of course requires no password.

The reason this matters is that I have devices on the network that cannot be
configured to log on, rather, they assume annonymous access works.

All of this does work for XP shares.

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uVvHTwuGFHA.3484@TK2MSFTNGP12.phx.gbl...
>I have not tried it on Windows 2003. What happens when users try to access
>the share? Can they logon with credentials? I am going to try to give this
>a try on my network soon if I get a chance. --- Steve
>
>
> "Robert" <anonymous@anonymous.com> wrote in message
> news:OPQrYqXGFHA.560@TK2MSFTNGP15.phx.gbl...
>>I checked that the share and NTFS permissions include Everyone (as well as
>>Guest as well as ANONYMOUS LOGON).
>>
>> I checked the two local security options you mention below and made sure
>> they are disabled.
>>
>> The "Access this computer from the network" has Everyone, ANONYMOUS
>> LOGON, machine\Guest, domain\Guest, Guests, Users, and a host of others.
>>
>> Appreciate the help (I can't believe something so simple is causing such
>> pain).
>>
>> Have you seen this actually work?
>>
>> Thanks,
>> Robert
>>
>>
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> news:uYKQgGUGFHA.1068@TK2MSFTNGP14.phx.gbl...
>>> OK. Make sure that the share AND ntfs permissions for the folder are set
>>> to allow everyone access and also the user right for acc this computer
>>> from the network if it already is not an included group. The other thing
>>> to check is the two security options - one for do not allow anonymous to
>>> enumerate sam and another one for do not allow anonymous from
>>> enumerating sam and shares. Set both of those to disabled for the
>>> security policy for the server. --- Steve
>>>
>>>
>>> "Robert" <anonymous@anonymous.com> wrote in message
>>> news:OlQoQhLGFHA.3792@TK2MSFTNGP10.phx.gbl...
>>>> Thanks for the reply.
>>>>
>>>> I posted this request also to microsoft.public.windows.server.general
>>>> so probably best to consilidate the two threads in
>>>> microsoft.public.windows.server.general.
>>>>
>>>> Both you and someone from MSFT gave the same guidance.
>>>>
>>>> As you can read in the other thread I enabled the guest account and
>>>> checked anonymous in Everyone group was enabled.
>>>>
>>>> I am still getting the request for credentials for non-domain machines
>>>> and machines from other domains.
>>>>
>>>> Any other ideas to check would be appreciated.
>>>>
>>>> Thanks,
>>>> Robert
>>>>
>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>> news:Og50ujJGFHA.1476@TK2MSFTNGP09.phx.gbl...
>>>>> You can enable the guest account to allow users unauthenticated access
>>>>> to shares on a computer. Then ANY user can access ANY share that has
>>>>> permissions for the share and folder [ntfs] for the everyone group as
>>>>> long as anonymous is configured to be part of the everyone group. If
>>>>> it still does not work check the user right for access this computer
>>>>> from the network in Local Security Policy [secpol.msc] to make sure
>>>>> the everyone group is included. Of course make sure your firewall
>>>>> protects your network from internet users gaining access to that or
>>>>> any computer on you etwork. --- Steve
>>>>>
>>>>>
>>>>> "Robert" <anonymous@anonymous.com> wrote in message
>>>>> news:OivSjPDGFHA.1924@TK2MSFTNGP14.phx.gbl...
>>>>>>I am trying to enable anonymous access to a file share on Windows
>>>>>>Server
>>>>>> 2003.
>>>>>>
>>>>>> I have added "ANONYMOUS LOGON" to both the share and NTFS security
>>>>>> permissions.
>>>>>>
>>>>>> When this did not work I also added "EVERYONE" and enabled anonymous
>>>>>> as part
>>>>>> of EVERYONE group in local security policy.
>>>>>>
>>>>>> I added the share name to the "Shared that can be accessed
>>>>>> anonymously"
>>>>>> under local security policy.
>>>>>>
>>>>>> My non-domain machines still pop up the logon UI when I try and
>>>>>> access the
>>>>>> share.
>>>>>>
>>>>>> Any ideas?
>>>>>>
>>>>>> Thanks,
>>>>>> Robert
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Relevant Pages

  • Re: Start again on the newbies networking problem. Re: Need help (of course) setting up network
    ... As you are working on this, do download the latest ... > servers that will help you later. ... ; guest account = pcguest ... ; logon script = %m.bat ...
    (Fedora)
  • Re: Need help (of course) setting up network
    ... Just tell us what's going on so we have a good picture of the ... server string = Samba Server ... ; guest account = pcguest ... ; logon script = %m.bat ...
    (Fedora)
  • Re: Event ID 576/538 - Guest Logon
    ... What that privilage allows you to do is to browse a NTFS path based on whether you have permissions to view/modify/execute said folder, regardless of what the parent permissions are. ... If guest sharing is enabled, then a remote computer should be able to get a remote logon. ... Remote desktop was enabled on the pc but was hardened so that after ...
    (microsoft.public.security)
  • [opensuse] samba configuration
    ... attaching my Samba configuration file for your perusal. ... map to guest = Bad User ... directory mask = 0700 ...
    (SuSE)
  • Re: File and printer sharing suddenly broken
    ... There are no logon failures. ... I was playing around on victim with the net commands and I stumbled ... other machine as guest. ... victim shows that the guest account ...
    (microsoft.public.windowsxp.security_admin)