Re: Anonymous Acccess to File Share on Windows Server 2003
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/26/05
- Next message: Steven L Umbach: "Re: What is more worse: Open ftp ports or open vpn port with pptp?"
- Previous message: Paul Adare: "Re: 2003 PKI Design Question"
- In reply to: Robert: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Feb 2005 22:26:57 -0600
First try giving the guest account a password. If that does not work in
Local Security Policy [secpol.msc] configure the security option for limit
local account use of blank password to console logon only to be disabled. I
did a quick test on my home domain and was able to logon to a W2003 server
with the guest account enabled only after giving the guest account a
password. After that unimpeded access was allowed without a credential
prompt from a workgroup computer outside of the domain to a share where
everyone had permissions. Computer Management/shared folders - sessions did
show I was connected as guest. --- Steve
"Robert" <anonymous@anonymous.com> wrote in message
news:uJDO5FxGFHA.2156@TK2MSFTNGP09.phx.gbl...
> When a non-domain or machine from another domain attempts to access the
> share they get the credential manager UI (dialgoue asking for
> user/pasword).
>
> The user can log in using "guest" which of course requires no password.
>
> The reason this matters is that I have devices on the network that cannot
> be configured to log on, rather, they assume annonymous access works.
>
> All of this does work for XP shares.
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:uVvHTwuGFHA.3484@TK2MSFTNGP12.phx.gbl...
>>I have not tried it on Windows 2003. What happens when users try to access
>>the share? Can they logon with credentials? I am going to try to give this
>>a try on my network soon if I get a chance. --- Steve
>>
>>
>> "Robert" <anonymous@anonymous.com> wrote in message
>> news:OPQrYqXGFHA.560@TK2MSFTNGP15.phx.gbl...
>>>I checked that the share and NTFS permissions include Everyone (as well
>>>as Guest as well as ANONYMOUS LOGON).
>>>
>>> I checked the two local security options you mention below and made sure
>>> they are disabled.
>>>
>>> The "Access this computer from the network" has Everyone, ANONYMOUS
>>> LOGON, machine\Guest, domain\Guest, Guests, Users, and a host of others.
>>>
>>> Appreciate the help (I can't believe something so simple is causing such
>>> pain).
>>>
>>> Have you seen this actually work?
>>>
>>> Thanks,
>>> Robert
>>>
>>>
>>>
>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> news:uYKQgGUGFHA.1068@TK2MSFTNGP14.phx.gbl...
>>>> OK. Make sure that the share AND ntfs permissions for the folder are
>>>> set to allow everyone access and also the user right for acc this
>>>> computer from the network if it already is not an included group. The
>>>> other thing to check is the two security options - one for do not allow
>>>> anonymous to enumerate sam and another one for do not allow anonymous
>>>> from enumerating sam and shares. Set both of those to disabled for the
>>>> security policy for the server. --- Steve
>>>>
>>>>
>>>> "Robert" <anonymous@anonymous.com> wrote in message
>>>> news:OlQoQhLGFHA.3792@TK2MSFTNGP10.phx.gbl...
>>>>> Thanks for the reply.
>>>>>
>>>>> I posted this request also to microsoft.public.windows.server.general
>>>>> so probably best to consilidate the two threads in
>>>>> microsoft.public.windows.server.general.
>>>>>
>>>>> Both you and someone from MSFT gave the same guidance.
>>>>>
>>>>> As you can read in the other thread I enabled the guest account and
>>>>> checked anonymous in Everyone group was enabled.
>>>>>
>>>>> I am still getting the request for credentials for non-domain machines
>>>>> and machines from other domains.
>>>>>
>>>>> Any other ideas to check would be appreciated.
>>>>>
>>>>> Thanks,
>>>>> Robert
>>>>>
>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>> news:Og50ujJGFHA.1476@TK2MSFTNGP09.phx.gbl...
>>>>>> You can enable the guest account to allow users unauthenticated
>>>>>> access to shares on a computer. Then ANY user can access ANY share
>>>>>> that has permissions for the share and folder [ntfs] for the everyone
>>>>>> group as long as anonymous is configured to be part of the everyone
>>>>>> group. If it still does not work check the user right for access this
>>>>>> computer from the network in Local Security Policy [secpol.msc] to
>>>>>> make sure the everyone group is included. Of course make sure your
>>>>>> firewall protects your network from internet users gaining access to
>>>>>> that or any computer on you etwork. --- Steve
>>>>>>
>>>>>>
>>>>>> "Robert" <anonymous@anonymous.com> wrote in message
>>>>>> news:OivSjPDGFHA.1924@TK2MSFTNGP14.phx.gbl...
>>>>>>>I am trying to enable anonymous access to a file share on Windows
>>>>>>>Server
>>>>>>> 2003.
>>>>>>>
>>>>>>> I have added "ANONYMOUS LOGON" to both the share and NTFS security
>>>>>>> permissions.
>>>>>>>
>>>>>>> When this did not work I also added "EVERYONE" and enabled anonymous
>>>>>>> as part
>>>>>>> of EVERYONE group in local security policy.
>>>>>>>
>>>>>>> I added the share name to the "Shared that can be accessed
>>>>>>> anonymously"
>>>>>>> under local security policy.
>>>>>>>
>>>>>>> My non-domain machines still pop up the logon UI when I try and
>>>>>>> access the
>>>>>>> share.
>>>>>>>
>>>>>>> Any ideas?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Robert
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Next message: Steven L Umbach: "Re: What is more worse: Open ftp ports or open vpn port with pptp?"
- Previous message: Paul Adare: "Re: 2003 PKI Design Question"
- In reply to: Robert: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
