Guest Carlos Posted October 14, 2008 Posted October 14, 2008 I'm having a problem which no ones seems to resolve. I've been in few forums and no luck. Thus, I hope this forum to be my last one... it is simple... I have a 2003 Ent. SP2 box (let's call it MYBOX) which is a member in a 2003 AD domain. I have a folder which I am sharing on this member server and I want users, coming from different subnets and with PCs not joined to the AD domain where MYBOX, to be able to get into the shares without being prompted for username and password. How can I accomplish this? These are the thing I've already tried: under Configuration >Windows Settings >Security Settings >Local Policies >Security Options: -enabled the share and allowed Everyone full permissions -under the share security, allowed ANONYMOUYS LOGON and Everyone full control -under the AD controllers of the domain where MYBOX sits, created an OU, placed MYBOX into this OU and created a GPO with the following: --Enabled Guest account --Enabled Network Access: Allow anonymous SID/Name translation --Disabled Network Access: Do not allow anonymous enumeration of SAM accounts --Disabled Network Access: Do not allow anonymous enumeration of SAM accounts and shares --Enabled Network Access: Let everyone permissions apply to anonymous users --Disabled Network Access: Restrict anonymous access to Named Pipes and Shares --added under Network Access: Shares that can be accessed anonymously, I added the name of the share --changed Network Access: Sharing and security model for local accounts to Guest only - local users authenticate as Guest Under Configuration >Windows Settings >Security Settings >Local Policies >User Rights Assignment, I modified the Access this computer from the network setting to add the ANONYMOUS LOGON This GPO has been successfully applied to the OU and MYBOX has successfully received it. I checked this by running rsop.msc on MYBOX But nothing I do seems to stop this prompting. Can you please help?
Guest Dave Patrick Posted October 14, 2008 Posted October 14, 2008 Re: How to stop share to prompt for credentials Not a good (secure) solution but enable the guest account and assign share permissions to the guest account. The other possible solution is to make the workgroup name match the domain name and then create accounts with identical usernames and passwords on both the server and workstation. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "Carlos" wrote: > I'm having a problem which no ones seems to resolve. I've been in few > forums > and no luck. Thus, I hope this forum to be my last one... > > it is simple... I have a 2003 Ent. SP2 box (let's call it MYBOX) which is > a > member in a 2003 AD domain. I have a folder which I am sharing on this > member > server and I want users, coming from different subnets and with PCs not > joined to the AD domain where MYBOX, to be able to get into the shares > without being prompted for username and password. > > How can I accomplish this? > > These are the thing I've already tried: > > under Configuration >Windows Settings >Security Settings >Local Policies >>Security Options: > > -enabled the share and allowed Everyone full permissions > -under the share security, allowed ANONYMOUYS LOGON and Everyone full > control > -under the AD controllers of the domain where MYBOX sits, created an OU, > placed MYBOX into this OU and created a GPO with the following: > --Enabled Guest account > --Enabled Network Access: Allow anonymous SID/Name translation > --Disabled Network Access: Do not allow anonymous enumeration of SAM > accounts > --Disabled Network Access: Do not allow anonymous enumeration of SAM > accounts and shares > --Enabled Network Access: Let everyone permissions apply to anonymous > users > --Disabled Network Access: Restrict anonymous access to Named Pipes and > Shares > --added under Network Access: Shares that can be accessed anonymously, I > added the name of the share > --changed Network Access: Sharing and security model for local accounts to > Guest only - local users authenticate as Guest > > Under Configuration >Windows Settings >Security Settings >Local Policies >>User Rights Assignment, > > I modified the Access this computer from the network setting to add the > ANONYMOUS LOGON > > > This GPO has been successfully applied to the OU and MYBOX has > successfully > received it. I checked this by running rsop.msc on MYBOX > > But nothing I do seems to stop this prompting. Can you please help?
Recommended Posts