Windows 2003 Anonymous Access to Shared Folders

May 28th 2006 Windows

Due to tightened default security in Windows 2003 the file shares cannot be accessed without logon in a domainless environment even if both shares and folders are set up to allow access to Everyone.

A bit of googling returns many different suggestions for solving the problem, none of which really seems to work for sure. I'm just adding my two cents to this confusion, hoping that this posting will help me the next time I'll be solving the same problem.

It's all about configuring the Security options in Local Security policy. The logical path of enabling the Network Access: Let Everyone permissions apply to anonymous users policy and disabling the Network access: Restrict anonymous access to Named Pipes and Shares policy didn't help. On the other hand enabling the Accounts: Guest account status policy and setting the Network access: Sharing and security model for local accounts policy to Guest only - local users authenticate as Guest did the trick. Don't forget to call gpupdate after changing the policy to enforce it immediately.

I'm not asserting that this is THE solution but it worked for me. However, you should be aware of the implications of enabling the guest account before doing it to solve your immediate problem.

A few additional words on the last mentioned policy change: It proves useful when the file server and the client have the same usernames defined but the passwords don't match because it forces the client to login as guest. By default the client tries to login to the server with wrong password which once again causes the login prompt to appear. It is useful to keep the default setting when the password is the same because the auto login allows for granularity in security settings if more than equal permissions for everyone are needed.

Copyright
Creative Commons License