Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Server 2008r2 - Share to Everyone


 Share

Recommended Posts

I have two Servers, one is 2008r2 Enterprise, the other is 2008r2 HPC. The HPC server acts as a Domain Controller, while the other has been setup specifically to deploy WIM images.

I want to setup a network share on both computers that will have read access by the everyone group. The DC share will be hosting some media files while the other will be hosting a script and a few updates that will run on the image before joining the domain. The problem I run into is that I have both NTFS and share permissions on both systems set up to allow read access by the "Everyone" group, but neither server's open share can be accessed from a non-domain computer without entering credentials. Is there a policy or some other setting that is preventing the non-domain systems from being allowed access as part of the "Everyone" group?

Link to comment
Share on other sites


Yes, but not recommended!

People who do not have an actual account in the domain can use the Guest account. A user whose account is disabled (but not deleted) can also use the Guest account. The Guest account does not require a password.

You can set rights and permissions for the Guest account just like any user account. By default, the Guest account is a member of the built-in Guests group and the Domain Guests global group, which allows a user to log on to a domain. The Guest account is disabled by default, and we recommend that it stay disabled.

Emphasis mine.

http://technet.microsoft.com/en-us/library/cc755130.aspx

Link to comment
Share on other sites

I have been playing with this for a few days, so far I have tried:

Local and Domain Group Policies:

Network access: Do not allow anonymous enumeration of SAM accounts and shares - Disabled

Network access: Let Everyone permissions apply to anonymous users - Enabled

Network access: Restrict anonymous access to Named Pipes and Shares - Disabled

Network access: Shares that can be accessed anonymously - Media

Accounts:

Guest - Enabled

Share permissions:

Everyone - Full Control

Guest - Full Control

Domain Admins - Full Control

Domain Guests - Full Control

Administrator - Full Control

Guests - Full control

NTFS Permissions:

Everyone - Read&execute, List folder contents, Read

SYSTEM - Full control

administrator - Full control

Guest - Read&execute, List folder contents, Read

Domain Admins - Full control

Domain Guests - Read&execute, List folder contents, Read

Administrators - Full control

Guests - Read&execute, List folder contents, Read

ANONYMOUS LOGON - Read&execute, List folder contents, Read

With everything done I am still not able to access \\10.1.1.10\ without being prompted for credentials.

Edit: For now I am working exclusively with the domain controller as it is a replacement that is currently in a test environment.

Edited by setthecat
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...