I have a Windows domain and a workstation in a workgroup on the same network. For security reasons, the workstation is locked down behind a firewall and unidirectional access is not possible, unless the firewall deems it to be, so it can't be on the domain.
There is a network share on the workstation that needs to be accessed. In Windows 2000, when accessing a network share not in the domain, it would prompt for user credentials. In Windows 2003, it always tries to authenticate with the currently logged on user.
Does anyone know of a way to force the Windows 2003 machine to use the Windows 2000 behaviour of prompting for a user name and password?
A trick I've employed in the past w/ occasional success (which may or may NOT work for you) is as follows:
instead of connecting to the share via \\server\sharename try \\serverip\sharename
I realize this doesn't answer your question; however, if you're unable to find a better one, I could offer some additional suggestions that may make this a viable "next best" solution.
This is a test: Go to a single client computer, using Internet Explorer7, and open your IE browser: Go to Tools->Internet Options->Security->Custom Level Scroll to the very botoom that says Netlogon, and select prompt for "username and password".
Even if the computer you want to reach is behind a firewall, you can add it to add it to the domain. To let the firewalled computer authenticate with AD, the following outgoing ports are involved:
Connecting with IP or server name brings the same result.
All computers use IE6. I tried your suggestion but it didn't work.
Adding the workstation to the domain is not possible. This machine is going to be reset on a regular basis and I can't really get into why it can't be on the domain.
I am looking to find out how or why this changed from Windows 2000 to Windows 2003/XP.
On the workstation, it should request user authentication, UNLESS you already have a set of credentials saved on the workstation that permits access. Let's say you log on as Domain administrator. If these sets of credentials are saved on the work station, then you can authenticate through without being prompted to. Also, if you have a mapped network drive to this workstation, and selected log on every time to this drive upon logging in, you have a set of credentials that are used for that share and are cached on your 2003 server.
Check the workstation's list of users and remove the domain credentials saved on the workstation computer. Then check the domain controller for "Managed Passwords". Managed passwords are what I call cached credentials. The can be found in Control pannel>>Users>>Advanced Tab>>Managed passwords. If you have a set of credentials for the workstation saved in managed passwords, your 2003 server will breeze right through the authentication process without being prompted.
Even though it is not requesting a username and password, it doesn't mean it's not authenticating.
If using IE6 on the domain controller, I don't know if this is the same as IE7:
This may seem odd, but give this a shot:
This is a test: Go to the domain controller, and open your IE browser: Go to Tools->Internet Options->Security->Custom Level Scroll to the very botoom that says Netlogon, and select prompt for "username and password".
