Re: Anonymous Acccess to File Share on Windows Server 2003
From: JL (jamie_longmire_at_hotmail.com)
Date: 03/09/05
- Next message: Garry Lindsay: "Re: Windows Server 2003, SSL Certificate, Bad Request (Invalid Hostname)"
- Previous message: Damon Birrell: "EFS - Encryption and User Migration"
- Next in thread: Steven L Umbach: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Reply: Steven L Umbach: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Mar 2005 13:29:54 +1100
Hi Everyone,
I must say this issue is causing a fair bit of pain around the place.
When trying to access a share on a Windows 2000 Server (configured as a
standalone server) where "Everyone" (Full Control) Share permissions and
"Everyone" (Full Control) Security permissions are configured a Username and
Password authentication pop up box does not appear. This is because the
server does not care who is trying to access the share because everyone is
allowed to access it.
Trying to perform the same function in Windows 2003 Server as a standalone
server the user is prompted to authenticate.
How does one disable the authentication request in Windows 2003 Server in a
standalone environment?
I do not believe the root of this issue is permissions based. I think this
is just a policy. It seems that Microsoft's solution to security was to send
authentication pop ups in all circumstances regardless of the access
request.
Surely this policy should be a simple check box to configure so that Guest
accounts and Anonymous Logon changes are not required.
Jamie
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:OP3TWs7GFHA.2428@TK2MSFTNGP10.phx.gbl...
> First try giving the guest account a password. If that does not work in
> Local Security Policy [secpol.msc] configure the security option for limit
> local account use of blank password to console logon only to be disabled.
I
> did a quick test on my home domain and was able to logon to a W2003 server
> with the guest account enabled only after giving the guest account a
> password. After that unimpeded access was allowed without a credential
> prompt from a workgroup computer outside of the domain to a share where
> everyone had permissions. Computer Management/shared folders - sessions
did
> show I was connected as guest. --- Steve
>
>
>
> "Robert" <anonymous@anonymous.com> wrote in message
> news:uJDO5FxGFHA.2156@TK2MSFTNGP09.phx.gbl...
> > When a non-domain or machine from another domain attempts to access the
> > share they get the credential manager UI (dialgoue asking for
> > user/pasword).
> >
> > The user can log in using "guest" which of course requires no password.
> >
> > The reason this matters is that I have devices on the network that
cannot
> > be configured to log on, rather, they assume annonymous access works.
> >
> > All of this does work for XP shares.
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:uVvHTwuGFHA.3484@TK2MSFTNGP12.phx.gbl...
> >>I have not tried it on Windows 2003. What happens when users try to
access
> >>the share? Can they logon with credentials? I am going to try to give
this
> >>a try on my network soon if I get a chance. --- Steve
> >>
> >>
> >> "Robert" <anonymous@anonymous.com> wrote in message
> >> news:OPQrYqXGFHA.560@TK2MSFTNGP15.phx.gbl...
> >>>I checked that the share and NTFS permissions include Everyone (as well
> >>>as Guest as well as ANONYMOUS LOGON).
> >>>
> >>> I checked the two local security options you mention below and made
sure
> >>> they are disabled.
> >>>
> >>> The "Access this computer from the network" has Everyone, ANONYMOUS
> >>> LOGON, machine\Guest, domain\Guest, Guests, Users, and a host of
others.
> >>>
> >>> Appreciate the help (I can't believe something so simple is causing
such
> >>> pain).
> >>>
> >>> Have you seen this actually work?
> >>>
> >>> Thanks,
> >>> Robert
> >>>
> >>>
> >>>
> >>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> >>> news:uYKQgGUGFHA.1068@TK2MSFTNGP14.phx.gbl...
> >>>> OK. Make sure that the share AND ntfs permissions for the folder are
> >>>> set to allow everyone access and also the user right for acc this
> >>>> computer from the network if it already is not an included group. The
> >>>> other thing to check is the two security options - one for do not
allow
> >>>> anonymous to enumerate sam and another one for do not allow anonymous
> >>>> from enumerating sam and shares. Set both of those to disabled for
the
> >>>> security policy for the server. --- Steve
> >>>>
> >>>>
> >>>> "Robert" <anonymous@anonymous.com> wrote in message
> >>>> news:OlQoQhLGFHA.3792@TK2MSFTNGP10.phx.gbl...
> >>>>> Thanks for the reply.
> >>>>>
> >>>>> I posted this request also to
microsoft.public.windows.server.general
> >>>>> so probably best to consilidate the two threads in
> >>>>> microsoft.public.windows.server.general.
> >>>>>
> >>>>> Both you and someone from MSFT gave the same guidance.
> >>>>>
> >>>>> As you can read in the other thread I enabled the guest account and
> >>>>> checked anonymous in Everyone group was enabled.
> >>>>>
> >>>>> I am still getting the request for credentials for non-domain
machines
> >>>>> and machines from other domains.
> >>>>>
> >>>>> Any other ideas to check would be appreciated.
> >>>>>
> >>>>> Thanks,
> >>>>> Robert
> >>>>>
> >>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> >>>>> news:Og50ujJGFHA.1476@TK2MSFTNGP09.phx.gbl...
> >>>>>> You can enable the guest account to allow users unauthenticated
> >>>>>> access to shares on a computer. Then ANY user can access ANY share
> >>>>>> that has permissions for the share and folder [ntfs] for the
everyone
> >>>>>> group as long as anonymous is configured to be part of the everyone
> >>>>>> group. If it still does not work check the user right for access
this
> >>>>>> computer from the network in Local Security Policy [secpol.msc] to
> >>>>>> make sure the everyone group is included. Of course make sure your
> >>>>>> firewall protects your network from internet users gaining access
to
> >>>>>> that or any computer on you etwork. --- Steve
> >>>>>>
> >>>>>>
> >>>>>> "Robert" <anonymous@anonymous.com> wrote in message
> >>>>>> news:OivSjPDGFHA.1924@TK2MSFTNGP14.phx.gbl...
> >>>>>>>I am trying to enable anonymous access to a file share on Windows
> >>>>>>>Server
> >>>>>>> 2003.
> >>>>>>>
> >>>>>>> I have added "ANONYMOUS LOGON" to both the share and NTFS security
> >>>>>>> permissions.
> >>>>>>>
> >>>>>>> When this did not work I also added "EVERYONE" and enabled
anonymous
> >>>>>>> as part
> >>>>>>> of EVERYONE group in local security policy.
> >>>>>>>
> >>>>>>> I added the share name to the "Shared that can be accessed
> >>>>>>> anonymously"
> >>>>>>> under local security policy.
> >>>>>>>
> >>>>>>> My non-domain machines still pop up the logon UI when I try and
> >>>>>>> access the
> >>>>>>> share.
> >>>>>>>
> >>>>>>> Any ideas?
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> Robert
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>
- Next message: Garry Lindsay: "Re: Windows Server 2003, SSL Certificate, Bad Request (Invalid Hostname)"
- Previous message: Damon Birrell: "EFS - Encryption and User Migration"
- Next in thread: Steven L Umbach: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Reply: Steven L Umbach: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
