Anonymous Access to File Share in Windows Server 2003

Discussion in 'Windows Server' started by Robert, Feb 21, 2005.

  1. Robert

    Robert Guest

    I am trying to enable anonymous access to a file share on Windows Server
    2003.

    I have added "ANONYMOUS LOGON" to both the share and NTFS security
    permissions.

    When this did not work I also added "EVERYONE" and enabled anonymous as part
    of EVERYONE group in local security policy.

    I added the share name to the "Shared that can be accessed anonymously"
    under local security policy.

    My non-domain machines still pop up the logon UI when I try and access the
    share.

    Any ideas?

    Thanks,
    Robert
     
    Robert, Feb 21, 2005
    #1
    1. Advertisements

  2. Robert

    Todd J Heron Guest

    You might want to verify enable the security option for do not allow
    anonymous enumeration of sam accounts and shares in Domain Security Policy
    is enabled or not. Or a local policy restricting the same.
     
    Todd J Heron, Feb 21, 2005
    #2
    1. Advertisements

  3. Robert

    Jason Tan Guest

    Hi Robert,

    Thanks for posting!

    My understanding on the issue is: you want to let non-domain machines
    access shared file on Windows Server 2003 domain without prompting logon
    UI. If I have misunderstood your concerns, please feel free to let me know.

    Based on my research, I would like to provide you with the following
    information for your reference:

    You may attempt to enable Guest account on the shares which you are
    attempting to connect to.

    For more detailed information, please refer to the following article:

    139592 Prompted for Password When Connecting to Windows NT
    http://support.microsoft.com/?id=139592

    I hope my information helps. If there is anything that is unclear, please
    feel free to let me know.

    Thanks & Regards,

    Jason Tan

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jason Tan, Feb 22, 2005
    #3
  4. Robert

    Robert Guest

    Thanks for the reply.

    I enabled the Guest account - both local machine and domain.

    I even explicitly added both Guest accounts (local machine and domain) to
    both the share permissions and NTFS permissions.

    I verified that Anonymous is enabled for Everyone groups.

    I still get prompted for credentials for non-domain machines and machines
    from other domains.

    Any ideas?

    Thanks,
    Robert
     
    Robert, Feb 22, 2005
    #4
  5. Robert

    Jason Tan Guest

    Hi Robert,

    Thanks for your prompt reply!

    According to the article 139592,

    This behavior can occur when all of the following conditions exist:

    1. The Guest account is disabled on the Windows NT-based computer you are
    attempting to connect to.

    2. The user name and password you are using are not contained in the local
    user accounts database of the Windows NT-based computer you are attempting
    to connect to.

    3. If the computer you are attempting to connect to is a member of a
    domain, the user name and password you are using are not contained in that
    domain's user accounts database. For example, if the user has logged into
    an account on the local machine, that account is not in the domain user
    accounts database. Even if the username and password match, the user will
    not be granted access.

    Therefore, to meet the need of point 3, I would like to suggest you
    configure accounts for your Windows Server 2003 domain and also configure
    same accounts and passwords in non-domain client machine. You may attempt
    to access the shared file on Windows Server 2003 with the user account by
    the non-domain client machine.

    If there is anything that is unclear, please feel free to let me know.

    Thanks & Regards,

    Jason Tan

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jason Tan, Feb 24, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.