How to stop share to prompt for credentials

  • Thread starter Thread starter Carlos
  • Start date Start date
C

Carlos

I'm having a problem which no ones seems to resolve. I've been in few forums
and no luck. Thus, I hope this forum to be my last one...

it is simple... I have a 2003 Ent. SP2 box (let's call it MYBOX) which is a
member in a 2003 AD domain. I have a folder which I am sharing on this member
server and I want users, coming from different subnets and with PCs not
joined to the AD domain where MYBOX, to be able to get into the shares
without being prompted for username and password.

How can I accomplish this?

These are the thing I've already tried:

under Configuration >Windows Settings >Security Settings >Local Policies
>Security Options:


-enabled the share and allowed Everyone full permissions
-under the share security, allowed ANONYMOUYS LOGON and Everyone full control
-under the AD controllers of the domain where MYBOX sits, created an OU,
placed MYBOX into this OU and created a GPO with the following:
--Enabled Guest account
--Enabled Network Access: Allow anonymous SID/Name translation
--Disabled Network Access: Do not allow anonymous enumeration of SAM accounts
--Disabled Network Access: Do not allow anonymous enumeration of SAM
accounts and shares
--Enabled Network Access: Let everyone permissions apply to anonymous users
--Disabled Network Access: Restrict anonymous access to Named Pipes and Shares
--added under Network Access: Shares that can be accessed anonymously, I
added the name of the share
--changed Network Access: Sharing and security model for local accounts to
Guest only - local users authenticate as Guest

Under Configuration >Windows Settings >Security Settings >Local Policies
>User Rights Assignment,


I modified the Access this computer from the network setting to add the
ANONYMOUS LOGON


This GPO has been successfully applied to the OU and MYBOX has successfully
received it. I checked this by running rsop.msc on MYBOX

But nothing I do seems to stop this prompting. Can you please help?
 
Not a good (secure) solution but enable the guest account and assign share
permissions to the guest account. The other possible solution is to make the
workgroup name match the domain name and then create accounts with identical
usernames and passwords on both the server and workstation.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


"Carlos" wrote:
> I'm having a problem which no ones seems to resolve. I've been in few
> forums
> and no luck. Thus, I hope this forum to be my last one...
>
> it is simple... I have a 2003 Ent. SP2 box (let's call it MYBOX) which is
> a
> member in a 2003 AD domain. I have a folder which I am sharing on this
> member
> server and I want users, coming from different subnets and with PCs not
> joined to the AD domain where MYBOX, to be able to get into the shares
> without being prompted for username and password.
>
> How can I accomplish this?
>
> These are the thing I've already tried:
>
> under Configuration >Windows Settings >Security Settings >Local Policies
>>Security Options:

>
> -enabled the share and allowed Everyone full permissions
> -under the share security, allowed ANONYMOUYS LOGON and Everyone full
> control
> -under the AD controllers of the domain where MYBOX sits, created an OU,
> placed MYBOX into this OU and created a GPO with the following:
> --Enabled Guest account
> --Enabled Network Access: Allow anonymous SID/Name translation
> --Disabled Network Access: Do not allow anonymous enumeration of SAM
> accounts
> --Disabled Network Access: Do not allow anonymous enumeration of SAM
> accounts and shares
> --Enabled Network Access: Let everyone permissions apply to anonymous
> users
> --Disabled Network Access: Restrict anonymous access to Named Pipes and
> Shares
> --added under Network Access: Shares that can be accessed anonymously, I
> added the name of the share
> --changed Network Access: Sharing and security model for local accounts to
> Guest only - local users authenticate as Guest
>
> Under Configuration >Windows Settings >Security Settings >Local Policies
>>User Rights Assignment,

>
> I modified the Access this computer from the network setting to add the
> ANONYMOUS LOGON
>
>
> This GPO has been successfully applied to the OU and MYBOX has
> successfully
> received it. I checked this by running rsop.msc on MYBOX
>
> But nothing I do seems to stop this prompting. Can you please help?
 
Back
Top