User authorisation

Discussion in 'Windows Server' started by Alex, Aug 20, 2004.

  1. Alex

    Alex Guest

    Hi All

    Is there a way or authorising users that do not logon to a
    DC, to be able to access folders on a member server? The
    reason for this is that I have just demoted a DC to a
    member server that holds the user areas, laptops that do
    not logon to the domain were able to access the shares
    because the server was a DC. Other than adding each user
    as a local user, setting up a trust for each Laptop or
    moving the user areas to a DC and remaping the drives.
    What else could I try?

    Hope I've explained the problem in a way someone can

    Thanks in advance

    Alex Hart
    Alex, Aug 20, 2004
    1. Advertisements

  2. Alex

    Miha Pihler Guest

    Hi Alex,

    Sure there is. Client's don't have to be members of domain to access
    resources on other domain members, but they will need appropriate
    permissions on drives or you will have to allow anonymous access (not
    recommended for security reasons)...

    When you e.g. go to shared folder e.g. \\file_server\share_data and you get
    prompted for access under username enter:


    and under password enter password for username. Replace "domain" part with
    NetBIOS name of domain. If you have any more questions, feel free to ask

    I hope this helps,

    Miha Pihler, Aug 20, 2004
    1. Advertisements

  3. Alex

    Alex Guest

    Hi Mike

    Thanks for the help but it doesnt seem to like that.
    It appears as if it can not authorise the user for some


    \\file_server\share_data and you get
    Alex, Aug 20, 2004
  4. Alex

    Miha Pihler Guest


    Do you get a windows asking for authentication? Do you use domain user to
    authenticate? Can you use some other user (e.g. administrator) just for
    testing, so that we know that it is not a permission issue?

    Can you check System and Application logs on client PC and logs on DC?

    Miha Pihler, Aug 20, 2004
  5. Alex

    Alex Guest

    Hi Mike
    Yes I do get a indows asking for authentication, after
    trying different usernames and passwords I've determind
    that the member server only accepts a local logon(on the
    member server).
    This is what appears in the workstation Application event
    log when it is un able to authorise.

    Event Type: Error
    Event Source: AutoEnrollment
    Event Category: None
    Event ID: 15
    Date: 20/08/2004
    Time: 12:41:27
    User: N/A
    Computer: Workstation1
    Automatic certificate enrollment for local system failed
    to contact the active directory (0x8007054b). The
    specified domain either does not exist or could not be
    Enrollment will not be performed.

    For more information, see Help and Support Center at

    When the member server's local admin account username and
    password is entered, access is granted.

    this could be a normal function of windows server 2003 but
    is ther a way to authenticate the user against the AD
    without having to attach the computer to the domain?

    Alex Hart
    Alex, Aug 20, 2004
  6. Alex

    Miha Pihler Guest


    Can you try and access another workstation that is member of domain -- from
    computer that is not part of domain. E.g.

    \\workstation\c$ and use domain administrator account to authenticate. Try
    also with domain\administrator . Any luck?

    Is there anything in the log of member server?

    Do you have CA server deployed in your domain? Is this PC from other domain
    or is it part of workgroup. Can you also try this from some other PC.

    Another thing would be to try and use local account that exist on member
    server. Instead of domain\administrator you could use
    server_name\administrator and enter password for local administrator.

    Miha Pihler, Aug 20, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.