Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4478
  • Last Modified:

ANonymous users connect to a share on a W2K3 file server?

I have a specific share I want to enable users to connect to on a Windows 2003 Standard edition fileserver/domain controller.

I only have one server at the office and network is fully secured but i need to allow users who dont have domain account to access a certain share without being prompted for a username/password and just given access to copy/write files to/from the share.

Thanks,
0
STEVEO3
Asked:
STEVEO3
  • 3
1 Solution
 
imnajamCommented:
Hi STEVEO3,


<excerpt from http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch05n.mspx>

Network access: Restrict anonymous access to Named Pipes and Shares
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. This policy setting controls null session access to shares on your computers by adding RestrictNullSessAccess with the value 1 in the registry key HKLM\System\CurrentControlSet\Services\LanManServer\Parameters. This registry value toggles null session shares on or off to control whether the server service restricts unauthenticated clients' access to named resources.

The possible values for the Network access: Restrict anonymous access to Named Pipes and Shares setting are:

• Enabled
 
• Disabled
 
• Not Defined
 

Vulnerability
Null sessions are a weakness that can be exploited through shares (including the default shares) on computers in your environment.

Countermeasure
Configure the Network access: Restrict anonymous access to Named Pipes and Shares setting to Enabled.

Potential Impact
You can enable this policy setting to restrict null session access for unauthenticated users to all server pipes and shares except those that are listed in the NullSessionPipes and NullSessionShares entries.

Network access: Shares that can be accessed anonymously
This policy setting determines which network shares can be accessed by anonymous users.

The possible values for the Network access: Shares that can be accessed anonymously setting are:

• A user-defined list of shares
 
• Not Defined
 

Vulnerability
It is very dangerous to enable this setting. Any shares that are listed can be accessed by any network user, which could lead to the exposure or corruption of sensitive data.

Countermeasure
Configure the Network access: Shares that can be accessed anonymously setting to a null value.

Potential Impact
There should be little impact because this is the default configuration. Only authenticated users will have access to shared resources on the server.

</excerpt>

Cheers!
0
 
imnajamCommented:
below is the answer given by SystmProg in reply to PAQ [ http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21636950.html ]


MS has disabled Anonymous access in this version of Windows. Anonymous access was allowed in Windows NT and 2000. You need to set policy setting using gpedit.msc to enable thia access on server or domain controllers:

Go to gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, In right pane edit the following policy setting:

Network access: Let Everyone permissions apply to anonymous users, and then click Properties.

On domain controllers you need to use *Domain Controllers Security Policy* snap-in to enable this access as long as Domain Controller computer account is in "Domain Controllers" OU.

Microsoft has modified share permissions in this version of Windows. The default permissions has been changed to give users only *Read* permission. If users are still unable to access share then modify permissions:

Allow Everyone : Full Control in Share permission.

then change NTFS permissions accordingly or add Everyone Group on Security tab for NTFS permissions.



I hope if you follow these steps you would be able to give anonymous users access to certain shares
0
 
imnajamCommented:
STEVEO3,

another knowledge base article by Microsoft is
[ How to enable null session shares on a Windows 2000-based computer ]
[ http://support.microsoft.com/?kbid=289655 ]
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now