How to stop share to prompt for credentials

[Guest Carlos]

I'm having a problem which no ones seems to resolve. I've been in few forums

and no luck. Thus, I hope this forum to be my last one...

 

it is simple... I have a 2003 Ent. SP2 box (let's call it MYBOX) which is a

member in a 2003 AD domain. I have a folder which I am sharing on this member

server and I want users, coming from different subnets and with PCs not

joined to the AD domain where MYBOX, to be able to get into the shares

without being prompted for username and password.

 

How can I accomplish this?

 

These are the thing I've already tried:

 

under Configuration >Windows Settings >Security Settings >Local Policies

>Security Options:

 

-enabled the share and allowed Everyone full permissions

-under the share security, allowed ANONYMOUYS LOGON and Everyone full control

-under the AD controllers of the domain where MYBOX sits, created an OU,

placed MYBOX into this OU and created a GPO with the following:

--Enabled Guest account

--Enabled Network Access: Allow anonymous SID/Name translation

--Disabled Network Access: Do not allow anonymous enumeration of SAM accounts

--Disabled Network Access: Do not allow anonymous enumeration of SAM

accounts and shares

--Enabled Network Access: Let everyone permissions apply to anonymous users

--Disabled Network Access: Restrict anonymous access to Named Pipes and Shares

--added under Network Access: Shares that can be accessed anonymously, I

added the name of the share

--changed Network Access: Sharing and security model for local accounts to

Guest only - local users authenticate as Guest

 

Under Configuration >Windows Settings >Security Settings >Local Policies

>User Rights Assignment,

 

I modified the Access this computer from the network setting to add the

ANONYMOUS LOGON

 

 

This GPO has been successfully applied to the OU and MYBOX has successfully

received it. I checked this by running rsop.msc on MYBOX

 

But nothing I do seems to stop this prompting. Can you please help?

[Guest Dave Patrick]

Re: How to stop share to prompt for credentials

 

Not a good (secure) solution but enable the guest account and assign share

permissions to the guest account. The other possible solution is to make the

workgroup name match the domain name and then create accounts with identical

usernames and passwords on both the server and workstation.

 

 

--

 

Regards,

 

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

 

 

"Carlos" wrote:

> I'm having a problem which no ones seems to resolve. I've been in few

> forums

> and no luck. Thus, I hope this forum to be my last one...

>

> it is simple... I have a 2003 Ent. SP2 box (let's call it MYBOX) which is

> a

> member in a 2003 AD domain. I have a folder which I am sharing on this

> member

> server and I want users, coming from different subnets and with PCs not

> joined to the AD domain where MYBOX, to be able to get into the shares

> without being prompted for username and password.

>

> How can I accomplish this?

>

> These are the thing I've already tried:

>

> under Configuration >Windows Settings >Security Settings >Local Policies

>>Security Options:

>

> -enabled the share and allowed Everyone full permissions

> -under the share security, allowed ANONYMOUYS LOGON and Everyone full

> control

> -under the AD controllers of the domain where MYBOX sits, created an OU,

> placed MYBOX into this OU and created a GPO with the following:

> --Enabled Guest account

> --Enabled Network Access: Allow anonymous SID/Name translation

> --Disabled Network Access: Do not allow anonymous enumeration of SAM

> accounts

> --Disabled Network Access: Do not allow anonymous enumeration of SAM

> accounts and shares

> --Enabled Network Access: Let everyone permissions apply to anonymous

> users

> --Disabled Network Access: Restrict anonymous access to Named Pipes and

> Shares

> --added under Network Access: Shares that can be accessed anonymously, I

> added the name of the share

> --changed Network Access: Sharing and security model for local accounts to

> Guest only - local users authenticate as Guest

>

> Under Configuration >Windows Settings >Security Settings >Local Policies

>>User Rights Assignment,

>

> I modified the Access this computer from the network setting to add the

> ANONYMOUS LOGON

>

>

> This GPO has been successfully applied to the OU and MYBOX has

> successfully

> received it. I checked this by running rsop.msc on MYBOX

>

> But nothing I do seems to stop this prompting. Can you please help?