ANonymous users connect to a share on a W2K3 file server?

I have a specific share I want to enable users to connect to on a Windows 2003 Standard edition fileserver/domain controller.

I only have one server at the office and network is fully secured but i need to allow users who dont have domain account to access a certain share without being prompted for a username/password and just given access to copy/write files to/from the share.

Thanks,
STEVEO3Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

imnajamCommented:
Hi STEVEO3,


<excerpt from http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch05n.mspx>

Network access: Restrict anonymous access to Named Pipes and Shares
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. This policy setting controls null session access to shares on your computers by adding RestrictNullSessAccess with the value 1 in the registry key HKLM\System\CurrentControlSet\Services\LanManServer\Parameters. This registry value toggles null session shares on or off to control whether the server service restricts unauthenticated clients' access to named resources.

The possible values for the Network access: Restrict anonymous access to Named Pipes and Shares setting are:

• Enabled
 
• Disabled
 
• Not Defined
 

Vulnerability
Null sessions are a weakness that can be exploited through shares (including the default shares) on computers in your environment.

Countermeasure
Configure the Network access: Restrict anonymous access to Named Pipes and Shares setting to Enabled.

Potential Impact
You can enable this policy setting to restrict null session access for unauthenticated users to all server pipes and shares except those that are listed in the NullSessionPipes and NullSessionShares entries.

Network access: Shares that can be accessed anonymously
This policy setting determines which network shares can be accessed by anonymous users.

The possible values for the Network access: Shares that can be accessed anonymously setting are:

• A user-defined list of shares
 
• Not Defined
 

Vulnerability
It is very dangerous to enable this setting. Any shares that are listed can be accessed by any network user, which could lead to the exposure or corruption of sensitive data.

Countermeasure
Configure the Network access: Shares that can be accessed anonymously setting to a null value.

Potential Impact
There should be little impact because this is the default configuration. Only authenticated users will have access to shared resources on the server.

</excerpt>

Cheers!
0
imnajamCommented:
below is the answer given by SystmProg in reply to PAQ [ http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21636950.html ]


MS has disabled Anonymous access in this version of Windows. Anonymous access was allowed in Windows NT and 2000. You need to set policy setting using gpedit.msc to enable thia access on server or domain controllers:

Go to gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, In right pane edit the following policy setting:

Network access: Let Everyone permissions apply to anonymous users, and then click Properties.

On domain controllers you need to use *Domain Controllers Security Policy* snap-in to enable this access as long as Domain Controller computer account is in "Domain Controllers" OU.

Microsoft has modified share permissions in this version of Windows. The default permissions has been changed to give users only *Read* permission. If users are still unable to access share then modify permissions:

Allow Everyone : Full Control in Share permission.

then change NTFS permissions accordingly or add Everyone Group on Security tab for NTFS permissions.



I hope if you follow these steps you would be able to give anonymous users access to certain shares
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
imnajamCommented:
STEVEO3,

another knowledge base article by Microsoft is
[ How to enable null session shares on a Windows 2000-based computer ]
[ http://support.microsoft.com/?kbid=289655 ]
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.