Re: Anonymous Acccess to File Share on Windows Server 2003

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/09/05

  • Next message: Steven L Umbach: "Re: EFS - Encryption and User Migration" 
    Date: Tue, 8 Mar 2005 22:51:12 -0600

    If possible try to read the whole thread for this subject. I was able to get
    it to work. At minimum the security option for let everyone permissions
    apply to anonymous users must be enabled and the everyone group needs to
    have permissions to access this computer from the network as a user right.
    This can be configured in Local Security Policy via secpol.msc. The other
    thing I did was give the guest account a password. After that I was given
    access without a credential prompt. --- Steve

    "JL" <jamie_longmire@hotmail.com> wrote in message
    news:e6q6h$EJFHA.576@TK2MSFTNGP15.phx.gbl...
    > Hi Everyone,
    > I must say this issue is causing a fair bit of pain around the place.
    >
    > When trying to access a share on a Windows 2000 Server (configured as a
    > standalone server) where "Everyone" (Full Control) Share permissions and
    > "Everyone" (Full Control) Security permissions are configured a Username
    > and
    > Password authentication pop up box does not appear. This is because the
    > server does not care who is trying to access the share because everyone is
    > allowed to access it.
    >
    > Trying to perform the same function in Windows 2003 Server as a standalone
    > server the user is prompted to authenticate.
    >
    > How does one disable the authentication request in Windows 2003 Server in
    > a
    > standalone environment?
    >
    > I do not believe the root of this issue is permissions based. I think this
    > is just a policy. It seems that Microsoft's solution to security was to
    > send
    > authentication pop ups in all circumstances regardless of the access
    > request.
    >
    > Surely this policy should be a simple check box to configure so that Guest
    > accounts and Anonymous Logon changes are not required.
    >
    > Jamie
    >
    >
    > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    > news:OP3TWs7GFHA.2428@TK2MSFTNGP10.phx.gbl...
    >> First try giving the guest account a password. If that does not work in
    >> Local Security Policy [secpol.msc] configure the security option for
    >> limit
    >> local account use of blank password to console logon only to be disabled.
    > I
    >> did a quick test on my home domain and was able to logon to a W2003
    >> server
    >> with the guest account enabled only after giving the guest account a
    >> password. After that unimpeded access was allowed without a credential
    >> prompt from a workgroup computer outside of the domain to a share where
    >> everyone had permissions. Computer Management/shared folders - sessions
    > did
    >> show I was connected as guest. --- Steve
    >>
    >>
    >>
    >> "Robert" <anonymous@anonymous.com> wrote in message
    >> news:uJDO5FxGFHA.2156@TK2MSFTNGP09.phx.gbl...
    >> > When a non-domain or machine from another domain attempts to access the
    >> > share they get the credential manager UI (dialgoue asking for
    >> > user/pasword).
    >> >
    >> > The user can log in using "guest" which of course requires no password.
    >> >
    >> > The reason this matters is that I have devices on the network that
    > cannot
    >> > be configured to log on, rather, they assume annonymous access works.
    >> >
    >> > All of this does work for XP shares.
    >> >
    >> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    >> > news:uVvHTwuGFHA.3484@TK2MSFTNGP12.phx.gbl...
    >> >>I have not tried it on Windows 2003. What happens when users try to
    > access
    >> >>the share? Can they logon with credentials? I am going to try to give
    > this
    >> >>a try on my network soon if I get a chance. --- Steve
    >> >>
    >> >>
    >> >> "Robert" <anonymous@anonymous.com> wrote in message
    >> >> news:OPQrYqXGFHA.560@TK2MSFTNGP15.phx.gbl...
    >> >>>I checked that the share and NTFS permissions include Everyone (as
    >> >>>well
    >> >>>as Guest as well as ANONYMOUS LOGON).
    >> >>>
    >> >>> I checked the two local security options you mention below and made
    > sure
    >> >>> they are disabled.
    >> >>>
    >> >>> The "Access this computer from the network" has Everyone, ANONYMOUS
    >> >>> LOGON, machine\Guest, domain\Guest, Guests, Users, and a host of
    > others.
    >> >>>
    >> >>> Appreciate the help (I can't believe something so simple is causing
    > such
    >> >>> pain).
    >> >>>
    >> >>> Have you seen this actually work?
    >> >>>
    >> >>> Thanks,
    >> >>> Robert
    >> >>>
    >> >>>
    >> >>>
    >> >>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    >> >>> news:uYKQgGUGFHA.1068@TK2MSFTNGP14.phx.gbl...
    >> >>>> OK. Make sure that the share AND ntfs permissions for the folder are
    >> >>>> set to allow everyone access and also the user right for acc this
    >> >>>> computer from the network if it already is not an included group.
    >> >>>> The
    >> >>>> other thing to check is the two security options - one for do not
    > allow
    >> >>>> anonymous to enumerate sam and another one for do not allow
    >> >>>> anonymous
    >> >>>> from enumerating sam and shares. Set both of those to disabled for
    > the
    >> >>>> security policy for the server. --- Steve
    >> >>>>
    >> >>>>
    >> >>>> "Robert" <anonymous@anonymous.com> wrote in message
    >> >>>> news:OlQoQhLGFHA.3792@TK2MSFTNGP10.phx.gbl...
    >> >>>>> Thanks for the reply.
    >> >>>>>
    >> >>>>> I posted this request also to
    > microsoft.public.windows.server.general
    >> >>>>> so probably best to consilidate the two threads in
    >> >>>>> microsoft.public.windows.server.general.
    >> >>>>>
    >> >>>>> Both you and someone from MSFT gave the same guidance.
    >> >>>>>
    >> >>>>> As you can read in the other thread I enabled the guest account and
    >> >>>>> checked anonymous in Everyone group was enabled.
    >> >>>>>
    >> >>>>> I am still getting the request for credentials for non-domain
    > machines
    >> >>>>> and machines from other domains.
    >> >>>>>
    >> >>>>> Any other ideas to check would be appreciated.
    >> >>>>>
    >> >>>>> Thanks,
    >> >>>>> Robert
    >> >>>>>
    >> >>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    >> >>>>> news:Og50ujJGFHA.1476@TK2MSFTNGP09.phx.gbl...
    >> >>>>>> You can enable the guest account to allow users unauthenticated
    >> >>>>>> access to shares on a computer. Then ANY user can access ANY share
    >> >>>>>> that has permissions for the share and folder [ntfs] for the
    > everyone
    >> >>>>>> group as long as anonymous is configured to be part of the
    >> >>>>>> everyone
    >> >>>>>> group. If it still does not work check the user right for access
    > this
    >> >>>>>> computer from the network in Local Security Policy [secpol.msc] to
    >> >>>>>> make sure the everyone group is included. Of course make sure your
    >> >>>>>> firewall protects your network from internet users gaining access
    > to
    >> >>>>>> that or any computer on you etwork. --- Steve
    >> >>>>>>
    >> >>>>>>
    >> >>>>>> "Robert" <anonymous@anonymous.com> wrote in message
    >> >>>>>> news:OivSjPDGFHA.1924@TK2MSFTNGP14.phx.gbl...
    >> >>>>>>>I am trying to enable anonymous access to a file share on Windows
    >> >>>>>>>Server
    >> >>>>>>> 2003.
    >> >>>>>>>
    >> >>>>>>> I have added "ANONYMOUS LOGON" to both the share and NTFS
    >> >>>>>>> security
    >> >>>>>>> permissions.
    >> >>>>>>>
    >> >>>>>>> When this did not work I also added "EVERYONE" and enabled
    > anonymous
    >> >>>>>>> as part
    >> >>>>>>> of EVERYONE group in local security policy.
    >> >>>>>>>
    >> >>>>>>> I added the share name to the "Shared that can be accessed
    >> >>>>>>> anonymously"
    >> >>>>>>> under local security policy.
    >> >>>>>>>
    >> >>>>>>> My non-domain machines still pop up the logon UI when I try and
    >> >>>>>>> access the
    >> >>>>>>> share.
    >> >>>>>>>
    >> >>>>>>> Any ideas?
    >> >>>>>>>
    >> >>>>>>> Thanks,
    >> >>>>>>> Robert
    >> >>>>>>>
    >> >>>>>>>
    >> >>>>>>>
    >> >>>>>>
    >> >>>>>>
    >> >>>>>
    >> >>>>>
    >> >>>>
    >> >>>>
    >> >>>
    >> >>>
    >> >>
    >> >>
    >> >
    >> >
    >>
    >>
    >
    >

  • Next message: Steven L Umbach: "Re: EFS - Encryption and User Migration"

    Relevant Pages