ANonymous users connect to a share on a W2K3 file server?

Posted on 2006-03-20
Last Modified: 2013-12-04
I have a specific share I want to enable users to connect to on a Windows 2003 Standard edition fileserver/domain controller.

I only have one server at the office and network is fully secured but i need to allow users who dont have domain account to access a certain share without being prompted for a username/password and just given access to copy/write files to/from the share.

Question by:STEVEO3
    LVL 9

    Expert Comment

    Hi STEVEO3,

    <excerpt from>

    Network access: Restrict anonymous access to Named Pipes and Shares
    When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. This policy setting controls null session access to shares on your computers by adding RestrictNullSessAccess with the value 1 in the registry key HKLM\System\CurrentControlSet\Services\LanManServer\Parameters. This registry value toggles null session shares on or off to control whether the server service restricts unauthenticated clients' access to named resources.

    The possible values for the Network access: Restrict anonymous access to Named Pipes and Shares setting are:

    • Enabled
    • Disabled
    • Not Defined

    Null sessions are a weakness that can be exploited through shares (including the default shares) on computers in your environment.

    Configure the Network access: Restrict anonymous access to Named Pipes and Shares setting to Enabled.

    Potential Impact
    You can enable this policy setting to restrict null session access for unauthenticated users to all server pipes and shares except those that are listed in the NullSessionPipes and NullSessionShares entries.

    Network access: Shares that can be accessed anonymously
    This policy setting determines which network shares can be accessed by anonymous users.

    The possible values for the Network access: Shares that can be accessed anonymously setting are:

    • A user-defined list of shares
    • Not Defined

    It is very dangerous to enable this setting. Any shares that are listed can be accessed by any network user, which could lead to the exposure or corruption of sensitive data.

    Configure the Network access: Shares that can be accessed anonymously setting to a null value.

    Potential Impact
    There should be little impact because this is the default configuration. Only authenticated users will have access to shared resources on the server.


    LVL 9

    Accepted Solution

    below is the answer given by SystmProg in reply to PAQ [ ]

    MS has disabled Anonymous access in this version of Windows. Anonymous access was allowed in Windows NT and 2000. You need to set policy setting using gpedit.msc to enable thia access on server or domain controllers:

    Go to gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, In right pane edit the following policy setting:

    Network access: Let Everyone permissions apply to anonymous users, and then click Properties.

    On domain controllers you need to use *Domain Controllers Security Policy* snap-in to enable this access as long as Domain Controller computer account is in "Domain Controllers" OU.

    Microsoft has modified share permissions in this version of Windows. The default permissions has been changed to give users only *Read* permission. If users are still unable to access share then modify permissions:

    Allow Everyone : Full Control in Share permission.

    then change NTFS permissions accordingly or add Everyone Group on Security tab for NTFS permissions.

    I hope if you follow these steps you would be able to give anonymous users access to certain shares
    LVL 9

    Expert Comment


    another knowledge base article by Microsoft is
    [ How to enable null session shares on a Windows 2000-based computer ]
    [ ]

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now