Re: Allowing file share browsing for un-authenticated users

Thanks for the prompt reply, James!

Your pointer to the Local Policies >> Security Settings node in local
security policy opened up some new possibilities for me.

Let me restate my goal. What I really need is to create a public
folder or two on the file server (much like the public folder on XP or
Vista). That way anyone can access files in those folders without
being prompted for username and password. Other shares can, and
probably should stay access restricted.

At first I thought "Network access: Named pipes that can be accessed
anonymously" and "Network access: Shares that can be accessed
anonymously" would be the way to go, but after messing with it I now
think otherwise. When a Windows client tries to access shares on
another computer in a workgroup, it seems to send the credentials of
the local machine and user, so in effect it's not try to access it
anonymously. Unless I'm missing something anonymous shares are not the
way to go. Neither is allowing the ANONYMOUS_LOGON access to the share
because again the logon attempt isn't really anonymous. Argh.

What befuddles me is that this behaviour is default in XP and Vista.
If you share something, everyone can access it on the network without
username and password. I've just taken that behaviour for granted. I
can't help but thinking to myself that this should be alot simpler
than I'm making it.

I know I'm missing something obvious. Back to Googling...

jameshanley39@xxxxxxxxxxx wrote:
On 27 May, 00:25, Nonapept...@xxxxxxxxx wrote:
I have a Windows Server 2003 file server in a workgroup environment
that needs to allow anyone who plugs into the network to browse its
file shares without being prompted for a username and password.
Ideally it would behave just like a Windows XP machine that has a file
share. A simple UNC path like this: \\ServerName\ should reply with
the available file shares to anyone who asks.

What is the option to get this behaviour? I can't seem to find the
local policy to get this to work.

Thanks bunches,

In Win XP, there are 3 crucial options with file sharing.
Within ctrl panel..administrative tools....Local Security
Settings...Local policies
2 interesting options are in one subcategory, 1 is in the other.


Whether you check or uncheck SFS.. i.e. choose SFS or AFS.
It changes an option here.. And vice versa.
The place where the option is is
Local Security Settings...local policies...Security Options
Now see there are a bunch of items called "Network Access........."
The last one is "Sharing and security model for local accounts"

If you change that to Guest. then it does SFS.
If you change it to Authenticate as themselves, then it does AFS.

And vice versa.

Now.. regarding SFS
It does require the Guest account to be enabled,
And the other 2 interesting options are very important
"User rights assignments"
Allow - Everyone
Deny - <-- remove Guest from that list if it is there.

If you do those things, then any user can access. Because they
authenticate as Guest, and Guest can access.

I haven't used AFS as much, but

In Win XP..
if using AFS
and I mentioned how to set that option.. Your post suggests that
perhaps that classic tools..folder options..view..SFS/AFS option is
hard to find. So you can set AFS with that other option too. From
Local Security Settings.
Maybe it is in windows server too.

I think with AFS, users authenticate as themselves, and if that fails,
then it prompts them for a username/password. The username/password on
the remote machine.. (perhaps any user/pass on the remote machine)

So, if the account you are currently logged on as, exists on the
remote machine, then it will log in without a prompt.. i.e. identical
user account .
I don't know if it requires identical username, full name, and
password. Or just identical username and password.
.

Relevant Pages
Loading