none
shared folders vanished

    Question

  • Hello

    I have a win server 2012 and i was sharing some folders with people in the local network.

    The folders could be seen by anyone.

    2 days ago i promoted the server into a domain forest and suddenly people said that the folders could not be seen by anyone (the other people were not part of any domain).

    So my question is: what happend and how can people who arent part of my domain can view the folders?

    On that note.

    I cant turn on network discovery

    Thank you for your time.


    • Edited by Viperpanos Saturday, September 14, 2013 8:51 AM new info
    Saturday, September 14, 2013 8:44 AM

Answers

  • Hello,

    After you promoted your server to DC, your folders became inaccessible, to non-domain users, because they cannnot authenticate against that domain. You have the following options:

    • Join the non-domain users to domain
    • Change the map on these computers to use alternate credentials (ex. net use z: \\servername\share /user:domainname\user /persistent:yes) 

    Since non-domain computers will use NTLM authentication instead of kerberos, appropriate local security policies must be set to allow NTLM authentication pass-through (this is the default). 

    -------------------------
    Lefteris Karafilis
    MCSE, MCTS, SEC+
    LinkedIn: http://www.linkedin.com/in/lkarafilis 
    Mail: lefteris@karafilis.net 
    Blog: http://www.karafilis.net 


    Saturday, September 14, 2013 11:24 AM
  • Hello,

    As I stated to my previous comment you have to set the DNS server's IP settings to a DNS Server that hosts your Domain zone. As I can see from your screenshots you have set the DNS server IP settings to your DSL router which is not aware of the domain structure resulting in a test failure. 

    You should:

    • Make sure that your Domain Controllers' DNS IP settings point to a domain aware DNS Server
    • Make sure that your Domain Computers' DNS IP settings point to a domain aware DNS Server

    In short, as I can see from your screenshots I can assume that your domain aware DNS server probably is 192.168.1.80.

    -------------------------
    Lefteris Karafilis
    MCSE, MCTS, SEC+
    LinkedIn: http://www.linkedin.com/in/lkarafilis 
    Mail: lefteris@karafilis.net 
    Blog: http://www.karafilis.net 

    Friday, October 04, 2013 11:11 AM

All replies

  • Hello,

    After you promoted your server to DC, your folders became inaccessible, to non-domain users, because they cannnot authenticate against that domain. You have the following options:

    • Join the non-domain users to domain
    • Change the map on these computers to use alternate credentials (ex. net use z: \\servername\share /user:domainname\user /persistent:yes) 

    Since non-domain computers will use NTLM authentication instead of kerberos, appropriate local security policies must be set to allow NTLM authentication pass-through (this is the default). 

    -------------------------
    Lefteris Karafilis
    MCSE, MCTS, SEC+
    LinkedIn: http://www.linkedin.com/in/lkarafilis 
    Mail: lefteris@karafilis.net 
    Blog: http://www.karafilis.net 


    Saturday, September 14, 2013 11:24 AM
  • i am trying to join non domain user into the domain but i receive the following error

    [IMG]http://i.imgur.com/uAp9uBI.png[/IMG]

    also 

    is network discovery affected by the security policies? 

    thank you

    Saturday, September 14, 2013 2:06 PM
  • Hi,

    i am trying to join non domain user into the domain but i receive the following error, this is dns error, can you post unedited ipconfig /all on client and dc machine.

    Regards

    Saturday, September 14, 2013 2:22 PM
  • Your desktop machines must be able to successfully resolve the Domain Controller's name, meaning that their IP settings must have a DNS server that is aware of the domain structure.

    If I assume that your infrastructure is a basic one with the default settings, I can safely assume that your DC is also the DNS server.

    -------------------------
    Lefteris Karafilis
    MCSE, MCTS, SEC+
    LinkedIn: http://www.linkedin.com/in/lkarafilis 
    Mail: lefteris@karafilis.net 
    Blog: http://www.karafilis.net 

    Saturday, September 14, 2013 8:30 PM
  • Hello again

    this is the screenshot you requested

    [IMG]http://i.imgur.com/IyJqksu.png[/IMG]

    Thank you

    Saturday, September 21, 2013 3:09 PM
  • hello again

    i am doing some test and i have the following results

    http://imgur.com/DSJkmMW

    http://imgur.com/Ww1vPkG

    my question is 

    could the conflict be because i have, on the lan controller, the preffered dns setting the same as the ISP router?

    thank you 

    Friday, October 04, 2013 10:44 AM
  • Hello,

    As I stated to my previous comment you have to set the DNS server's IP settings to a DNS Server that hosts your Domain zone. As I can see from your screenshots you have set the DNS server IP settings to your DSL router which is not aware of the domain structure resulting in a test failure. 

    You should:

    • Make sure that your Domain Controllers' DNS IP settings point to a domain aware DNS Server
    • Make sure that your Domain Computers' DNS IP settings point to a domain aware DNS Server

    In short, as I can see from your screenshots I can assume that your domain aware DNS server probably is 192.168.1.80.

    -------------------------
    Lefteris Karafilis
    MCSE, MCTS, SEC+
    LinkedIn: http://www.linkedin.com/in/lkarafilis 
    Mail: lefteris@karafilis.net 
    Blog: http://www.karafilis.net 

    Friday, October 04, 2013 11:11 AM