STEVEO3
asked on
ANonymous users connect to a share on a W2K3 file server?
I have a specific share I want to enable users to connect to on a Windows 2003 Standard edition fileserver/domain controller.
I only have one server at the office and network is fully secured but i need to allow users who dont have domain account to access a certain share without being prompted for a username/password and just given access to copy/write files to/from the share.
Thanks,
I only have one server at the office and network is fully secured but i need to allow users who dont have domain account to access a certain share without being prompted for a username/password and just given access to copy/write files to/from the share.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
STEVEO3,
another knowledge base article by Microsoft is
[ How to enable null session shares on a Windows 2000-based computer ]
[ http://support.microsoft.com/?kbid=289655 ]
another knowledge base article by Microsoft is
[ How to enable null session shares on a Windows 2000-based computer ]
[ http://support.microsoft.com/?kbid=289655 ]
<excerpt from http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch05n.mspx>
Network access: Restrict anonymous access to Named Pipes and Shares
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. This policy setting controls null session access to shares on your computers by adding RestrictNullSessAccess with the value 1 in the registry key HKLM\System\CurrentControl
The possible values for the Network access: Restrict anonymous access to Named Pipes and Shares setting are:
• Enabled
• Disabled
• Not Defined
Vulnerability
Null sessions are a weakness that can be exploited through shares (including the default shares) on computers in your environment.
Countermeasure
Configure the Network access: Restrict anonymous access to Named Pipes and Shares setting to Enabled.
Potential Impact
You can enable this policy setting to restrict null session access for unauthenticated users to all server pipes and shares except those that are listed in the NullSessionPipes and NullSessionShares entries.
Network access: Shares that can be accessed anonymously
This policy setting determines which network shares can be accessed by anonymous users.
The possible values for the Network access: Shares that can be accessed anonymously setting are:
• A user-defined list of shares
• Not Defined
Vulnerability
It is very dangerous to enable this setting. Any shares that are listed can be accessed by any network user, which could lead to the exposure or corruption of sensitive data.
Countermeasure
Configure the Network access: Shares that can be accessed anonymously setting to a null value.
Potential Impact
There should be little impact because this is the default configuration. Only authenticated users will have access to shared resources on the server.
</excerpt>
Cheers!