none
2008R2 domain users want to access a share on a 2008R2 workgroup server.

    Question

  • Hi,

    I have a 2008R2 domain. I have one non domain 2008R2 server (workgroup).

    On this workgroup server I want to make a share available for my domain users. Users have to access this share without a username and password prompt. How do I configure this?

    Thx!

    Saturday, May 14, 2011 6:25 PM

Answers

  • Hi,

     

    Please enable Guest account, assign Everyone group the permission to access the sharing folder and then add the Anonymous SID to the Everyone access token.

     

    To enable anonymous access on a local workstation or server computer

     

    1.Open Local Security Settings. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

    2.In the console tree, double-click Local Policies, and then click Security Options.

    3.In the details pane, right-click Network access: Let Everyone permissions apply to anonymous users, and then click Properties.

    4.On the Local Security Settings tab, click Enabled, and then click OK.

     

    For more information, please refer to the following Microsoft TechNet article:

     

    Anonymous user cannot access a shared folder

    http://technet.microsoft.com/en-us/library/cc755781(WS.10).aspx

     

    Regards,

     

    Arthur Li

     TechNet Subscriber Support  in forum

    If you have any feedback on our support, please contact  tngfb@microsoft.com . 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Dirk10 Thursday, May 19, 2011 4:01 PM
    Thursday, May 19, 2011 7:56 AM

All replies

  • Why can’t you join this server to the domain?  Anyway, you can share folder with Everone permission.  But keep in mind that anybody should be able to access this folder.

    My recommendation is to join this server to the domain and configure the share and folder permission using proper domain user or group permission.


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    • Proposed as answer by Meinolf WeberMVP Sunday, May 15, 2011 9:57 AM
    • Unproposed as answer by Dirk10 Sunday, May 15, 2011 3:58 PM
    Saturday, May 14, 2011 6:46 PM
  • Follow http://support.microsoft.com/kb/323420 

    Keep in mind that effectively open shares to (not surprisingly) everyone.

    Make sure to disable firewall - or open ports relevant for file sharing...

    hth
    Marcin

    Sunday, May 15, 2011 12:06 AM
  • For better control & security providing access to share with authentication control, you can make the server member of domain, if you don't wish to be the 2008 R2 server to be part of domain as a file server, take a look at steps to share folder in windows 2008 R2 in workgroup.

    http://www.techotopia.com/index.php/Configuring_Windows_Server_2008_File_Sharing

    Take a look at below article too, if you get stuck with issue.

    http://support.microsoft.com/kb/954387

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, May 15, 2011 5:09 AM
  • Thanks for the reply's.

    Sharing folders on my workgroup server and giving permissions to Everyone doesn't work. Everyone permissions only works when users have a local account. My domain users don't have local accounts on the workgroup server.

    What about "anonymous logon"? Things are changed in W2008R2 to make this work (group policys,...). So far I didn't manage this to work.

    Thanks in advance!

    Sunday, May 15, 2011 4:07 PM
  • Why can’t join this server to the domain? 


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    Sunday, May 15, 2011 4:30 PM
  • Take a look at the article i posted to create a share on windows 2008 R2.

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, May 15, 2011 4:32 PM
  • I'm in the process of doing something similar and haven't yet found a full answer other than to join domains and stuff but in my case I don't want to have any relationship between teh two domains and then there's concern over forest functional level and so on.  I also don't want to mess with federating two forests.

    So one partial solution that goes back to basic authentication is that you need to somehow supply a user/pass for the local workgroup.  One option I've tested is to set your domain users up with a login script that maps drives, using the "net use" command.  with that command, you can specify a user and password, and can specifiy the host of the account database whether it be a domain or a local machine account database.  "net use R: \\servername\sharename /user: bob password for example, though the syntax varies  by whether your authenticating against a domain or whatever (ie:  /DOMAIN:username password).  I've messed around with this a bit and when i say it's only had partial success, it's because I can only get one share to map that way.  If your batch has 2 "net use" commands, the second one fails with error 1219 about how you can't connect to a server or share using the same user at the same time or some such - I forget the exact text.  It seems nobody on the Internet can solve that one - hours of Googling the error results in 90% of the time you get people who are experiencing "ghost maps" that haven' tdisconnected - not once have I seen anything related directly to what I'm trying to do.

    I gave up on it because I was fortunate in that I only have one share I really need domain users to have cross-domain access to thus my script will work. 

    But perhaps you'd have more luck researching this avenue than I did, I just ran out of time to spend on it is all. 

    Sunday, May 15, 2011 8:27 PM
  • Hi,

     

    To workaround this behavior, you need to create a local user account on the workgroup computer with the same user name and password as the domain user. In this way, the authentication can be successful on the background automatically.

     

    Regards,

     

    Arthur Li

     TechNet Subscriber Support  in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com . 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, May 16, 2011 4:31 AM
  • Thanks for the update. "create a local user account on the workgroup computer with the same user name and password as the domain user" -> this would be difficult to manage because i have around 100 domain users. They all need access to this share.

    Any other ideas?

    Thx!!

    Tuesday, May 17, 2011 2:22 PM
  • Which is the reason you would want to add this server to the domain.

    If you are not willing to do this, then effectively you have two options:

    - open the share to everyone
    - manage it on per user basis - by creating local accounts and maintaining their passwords

    hth
    Marcin

    Tuesday, May 17, 2011 2:29 PM
  • Sharing folders on my workgroup server and giving permissions to Everyone doesn't work. Everyone permissions only works when users have a local account. My domain users don't have local accounts on the workgroup server.

    What about "anonymous logon"? Things are changed in W2008R2 to make this work (group policys,...). So far I didn't manage this to work.

    Any idea's how to make a share accessable to anonymous users?

    Tuesday, May 17, 2011 2:57 PM
  • Correct - this involves two steps:

    - granting permissions on the share to Anonymous Logon
    - including the share in the list of those accessible via Anonymous logon - either via registry (http://technet.microsoft.com/en-us/library/cc728059(WS.10).aspx) or group policy (http://technet.microsoft.com/en-us/library/cc776860(WS.10).aspx)

    hth
    Marcin

    Tuesday, May 17, 2011 3:35 PM
  • Still you didn’t answer the question J  why can’t you join this computer to the domain? Any business or technical reasons?

    If you can’t join the computer to the domain, you need to provide Anonymous Login permission. 


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    Tuesday, May 17, 2011 4:04 PM
  • Hi,

     

    Please enable Guest account, assign Everyone group the permission to access the sharing folder and then add the Anonymous SID to the Everyone access token.

     

    To enable anonymous access on a local workstation or server computer

     

    1.Open Local Security Settings. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

    2.In the console tree, double-click Local Policies, and then click Security Options.

    3.In the details pane, right-click Network access: Let Everyone permissions apply to anonymous users, and then click Properties.

    4.On the Local Security Settings tab, click Enabled, and then click OK.

     

    For more information, please refer to the following Microsoft TechNet article:

     

    Anonymous user cannot access a shared folder

    http://technet.microsoft.com/en-us/library/cc755781(WS.10).aspx

     

    Regards,

     

    Arthur Li

     TechNet Subscriber Support  in forum

    If you have any feedback on our support, please contact  tngfb@microsoft.com . 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Dirk10 Thursday, May 19, 2011 4:01 PM
    Thursday, May 19, 2011 7:56 AM
  • Hi,

    Reason why I can't join server to the domain is because of an difficult business app...I enable the share for deployment and then I disable the share again. I know it's not best practice.

    The steps Arthur Li suggested worked fine:

    Please enable Guest account, assign Everyone group the permission to access the sharing folder and then add the Anonymous SID to the Everyone access token.

     

    To enable anonymous access on a local workstation or server computer

     

    1.Open Local Security Settings. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

    2.In the console tree, double-click Local Policies, and then click Security Options.

    3.In the details pane, right-click Network access: Let Everyone permissions apply to anonymous users, and then click Properties.

    4.On the Local Security Settings tab, click Enabled, and then click OK.

    Thx everyone for helping me out!!!!

    Thursday, May 19, 2011 4:01 PM