Click here to get back home

Anonymous Access to Shared Folder
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Anonymous Access to Shared Folder david carvalho 11-05-2007
Posted by david carvalho on November 5, 2007, 1:13 pm
Please log in for more thread options
 Hi !
I want users with accounts in a trusted domain to access a network shared
folder
in my domain. Of course, if they input their password, they can access.
But I want to enable the access without prompting the password.
I've read "Enable anonymous access on a domain controller" in following link
http://technet2.microsoft.com/windowsserver/en/library/883c10c4-450a-4d0d-bec3-66135f2617111033.mspx#BKMK_DC

I've set the policies in "domain security policy" and even "domain
controller security policy" none of them worked not even simultaneously. of
Course I've run "gpupdate" to.
Any ideas please ?
Thanks and regards
Dave

Posted by jwgoerlich on November 5, 2007, 5:13 pm
Please log in for more thread options
 On this folder, what are the share (CIFS) and file (NTFS) permissions?
Does the Everyone group have read and write access?

J Wolfgang Goerlich

On Nov 5, 1:13 pm, david carvalho
> Hi !
> I want users with accounts in a trusted domain to access a network shared
> folder
> in my domain. Of course, if they input their password, they can access.
> But I want to enable the access without prompting the password.
> I've read "Enable anonymous access on a domain controller" in following
linkhttp://technet2.microsoft.com/windowsserver/en/library/883c10c4-450a-...
>
> I've set the policies in "domain security policy" and even "domain
> controller security policy" none of them worked not even simultaneously. of
> Course I've run "gpupdate" to.
> Any ideas please ?
> Thanks and regards
> Dave



Posted by david carvalho on November 6, 2007, 5:34 am
Please log in for more thread options
Hi !
these are the permissions (output with xcacls), and yes, on the share, I
gave permissions to everyone
F:\numerica_ficheiros BUILTIN\Administrators:F
Everyone:(OI)(CI)R
BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)R
BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA
BUILTIN\Users:(CI)(special access:)
FILE_WRITE_DATA
I followed the procedure described in
"Enable anonymous access on a domain controller
but without result. Any ideas please ?
thanks !

"jwgoerlich@gmail.com" wrote:

> On this folder, what are the share (CIFS) and file (NTFS) permissions?
> Does the Everyone group have read and write access?
>
> J Wolfgang Goerlich
>
> On Nov 5, 1:13 pm, david carvalho
> > Hi !
> > I want users with accounts in a trusted domain to access a network shared
> > folder
> > in my domain. Of course, if they input their password, they can access.
> > But I want to enable the access without prompting the password.
> > I've read "Enable anonymous access on a domain controller" in following
linkhttp://technet2.microsoft.com/windowsserver/en/library/883c10c4-450a-...
> >
> > I've set the policies in "domain security policy" and even "domain
> > controller security policy" none of them worked not even simultaneously. of
> > Course I've run "gpupdate" to.
> > Any ideas please ?
> > Thanks and regards
> > Dave
>
>
>

Posted by Roger Abell [MVP] on November 6, 2007, 10:13 am
Please log in for more thread options
David,

I believe that the issue here is not how to enable anonymous access
but how to resolve the issue whereby people logged into the trusted
domain are not having their credentials recognized when they try to
access the folder.

The setting you indicate that adds Anonymous to Everyone is dangerous
to use, and is not in and of itself sufficient to let unauthenticated access
to the folder work. You later show that the NTFS is sufficient as it has
a grant to Everyone (of course, that is provided that it is a DC that shares
this, as you say you changed that setting for the DCs - double dangerous).
You did not mention whether the share level permissions allow access
to Everyone, which is needed also.

So, to the real problem. Is this a forest level trust (W2k3) so that it
supports Kerberos?

Roger

> Hi !
> I want users with accounts in a trusted domain to access a network shared
> folder
> in my domain. Of course, if they input their password, they can access.
> But I want to enable the access without prompting the password.
> I've read "Enable anonymous access on a domain controller" in following
> link
>
http://technet2.microsoft.com/windowsserver/en/library/883c10c4-450a-4d0d-bec3-66135f2617111033.mspx#BKMK_DC
>
> I've set the policies in "domain security policy" and even "domain
> controller security policy" none of them worked not even simultaneously.
> of
> Course I've run "gpupdate" to.
> Any ideas please ?
> Thanks and regards
> Dave



Posted by david carvalho on November 6, 2007, 10:40 am
Please log in for more thread options
Hi! thanks for the reply. I'm not sure I've explained this. If a user is
already authenticated, he can access \my.server.name , and it displays all
the shared folders. The idea is to be able to show this, even if the user
hasn't authenticated yet. This is usefull, because I have a local student
account in the workstations, and since they are quite slow, instead of
loading the user profile locally (and it takes longer if it's the first time
the user logs in in that machine), it logs with the local account. But then,
it asks for user/password when accessing \my.server.name.


"Roger Abell [MVP]" wrote:

> David,
>
> I believe that the issue here is not how to enable anonymous access
> but how to resolve the issue whereby people logged into the trusted
> domain are not having their credentials recognized when they try to
> access the folder.
>
> The setting you indicate that adds Anonymous to Everyone is dangerous
> to use, and is not in and of itself sufficient to let unauthenticated access
> to the folder work. You later show that the NTFS is sufficient as it has
> a grant to Everyone (of course, that is provided that it is a DC that shares
> this, as you say you changed that setting for the DCs - double dangerous).
> You did not mention whether the share level permissions allow access
> to Everyone, which is needed also.
>
> So, to the real problem. Is this a forest level trust (W2k3) so that it
> supports Kerberos?
>
> Roger
>
> > Hi !
> > I want users with accounts in a trusted domain to access a network shared
> > folder
> > in my domain. Of course, if they input their password, they can access.
> > But I want to enable the access without prompting the password.
> > I've read "Enable anonymous access on a domain controller" in following
> > link
> >
http://technet2.microsoft.com/windowsserver/en/library/883c10c4-450a-4d0d-bec3-66135f2617111033.mspx#BKMK_DC
> >
> > I've set the policies in "domain security policy" and even "domain
> > controller security policy" none of them worked not even simultaneously.
> > of
> > Course I've run "gpupdate" to.
> > Any ideas please ?
> > Thanks and regards
> > Dave
>
>
>

Similar ThreadsPosted
Anonymous folder access December 13, 2006, 9:14 pm
prevent access to shared folder when not on a domain computer July 11, 2005, 8:50 pm
Shared Folder Forensics November 14, 2005, 8:39 am
Shared folder permissions August 18, 2006, 3:20 pm
HOWTO: Creating a Drop-Only Shared Folder June 9, 2008, 3:05 pm
Enterprise Ca authority anonymous access January 16, 2007, 4:07 pm
Outlook Compatibility issue with Disabling Anonymous Access September 13, 2007, 2:22 pm
Shares, Named Pipes, and Registry for Anonymous Remote Access February 23, 2007, 2:24 am
"Network Service" account is UNABLE to write to a network shared folder April 18, 2007, 7:01 pm
Hide shared folders like 2003 Access Based Enumeration? July 8, 2005, 4:23 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap