setthecat Posted August 1, 2011 Share Posted August 1, 2011 I have two Servers, one is 2008r2 Enterprise, the other is 2008r2 HPC. The HPC server acts as a Domain Controller, while the other has been setup specifically to deploy WIM images.I want to setup a network share on both computers that will have read access by the everyone group. The DC share will be hosting some media files while the other will be hosting a script and a few updates that will run on the image before joining the domain. The problem I run into is that I have both NTFS and share permissions on both systems set up to allow read access by the "Everyone" group, but neither server's open share can be accessed from a non-domain computer without entering credentials. Is there a policy or some other setting that is preventing the non-domain systems from being allowed access as part of the "Everyone" group? Link to comment Share on other sites More sharing options...
Tripredacus Posted August 2, 2011 Share Posted August 2, 2011 Yes, but not recommended!People who do not have an actual account in the domain can use the Guest account. A user whose account is disabled (but not deleted) can also use the Guest account. The Guest account does not require a password.You can set rights and permissions for the Guest account just like any user account. By default, the Guest account is a member of the built-in Guests group and the Domain Guests global group, which allows a user to log on to a domain. The Guest account is disabled by default, and we recommend that it stay disabled.Emphasis mine.http://technet.microsoft.com/en-us/library/cc755130.aspx Link to comment Share on other sites More sharing options...
setthecat Posted August 7, 2011 Author Share Posted August 7, 2011 (edited) I have been playing with this for a few days, so far I have tried:Local and Domain Group Policies:Network access: Do not allow anonymous enumeration of SAM accounts and shares - DisabledNetwork access: Let Everyone permissions apply to anonymous users - EnabledNetwork access: Restrict anonymous access to Named Pipes and Shares - DisabledNetwork access: Shares that can be accessed anonymously - MediaAccounts:Guest - EnabledShare permissions:Everyone - Full ControlGuest - Full ControlDomain Admins - Full ControlDomain Guests - Full ControlAdministrator - Full ControlGuests - Full controlNTFS Permissions:Everyone - Read&execute, List folder contents, ReadSYSTEM - Full controladministrator - Full controlGuest - Read&execute, List folder contents, ReadDomain Admins - Full controlDomain Guests - Read&execute, List folder contents, ReadAdministrators - Full controlGuests - Read&execute, List folder contents, ReadANONYMOUS LOGON - Read&execute, List folder contents, ReadWith everything done I am still not able to access \\10.1.1.10\ without being prompted for credentials.Edit: For now I am working exclusively with the domain controller as it is a replacement that is currently in a test environment. Edited August 7, 2011 by setthecat Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now