Accessing Shared Folders

Hello Everyone,

I have an evaluation version of Windows Server 2003 Enterprise Edition with SP1.  It is currently acting as an WSUS server for around thirty clients while sitting behind a NAT router.  On the local side of the router, the server provides DNS and WINS services to various Mac, Linux, and Windows  clients.  IIS 6 is configured with the URLScan utility to enhance security in addition to WS2003 SP1's firewall.

I would like to place a single file share on the server, and have that share be read-only.  The share is located on a different partition from the system volume and is configured.  Share permissions are configured to their default values of "Everyone - Read" and NTFS permissions are configured to their default levels, "SERVER\users - Read and Execute".  Active Directory is not a part of this equation in any manner.  There are two accounts on the server, the admin, and a standard user account.  The local PCs have a standard account that utilizes the same username and password and the server's local account.  

When I try to access the share via UNC path, \\SERVER, a prompt appears asking for a password.  I expected this, but the username is "guest" and is greyed-out.  The guest account is disabled on the server, and has no future of being enabled.  WS2003 is insecure as it is without the guest account turned on.  If I try to access the share via UNC from a Vista RC2 machine, I get a prompt but this time the username and password are blank.  Any combination of username and password will not work.  

What gives?  Is this one of WS2003's undocumented features?

LVL 27
Jason WatkinsIT Project LeaderAsked:
Who is Participating?
brice626Connect With a Mentor Commented:
Hrm, that is confusing. We run a domain configuration and once needed a non-domain computer to be able to access a share. It was so difficult we ended up just making it a null share, so the non-domain computer could access it (read only of course) without a username and password. It was easier and it worked. If you'd be interested in that (or perhaps part of these steps can help solve your problem)

1) In group policy:
Network access: Let Everyone permissions apply to anonymous users (Enabled)
Network access: Shares that can be accessed anonymously (yoursharename, IPC$, COMCFG, DFS$)
User rights assignment: Access this computer from the network (Everyone (and any others))

2) Share the folder, granting:

NTFS Permissions:
Everyone (read, read and execute, list folder contents)

and Share Permissions
Everyone (Read, Modify)

then we map the drive from the client:

3) net use driveletter: \\servername\sharename /u:"" ""

that last line is two double-quotes, space, two double-quotes.
Username syntax should be server\username as far as I know.  

Is the username and password the same on the server as it is for the workstations?
Have you tried mapping the share using "net use"? I've found oftentimes that using explorer to just try and access a share in a non-domain environment can be very difficult for a variety of reasons. There a bunch of settings I can think of, but before that, want to see if you can map it?

net use driveletter: \\servername\sharename /u:"user" "password"
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Jason WatkinsIT Project LeaderAuthor Commented:
Net use does not make a connection.  Results are:

System error 86 has occurred.

The specified network password is not correct.

The username and passwords are the same on each end.

Thanks for the replies.
Jason WatkinsIT Project LeaderAuthor Commented:
Windows XP produces this error (The above error was from Vista RC2)

System error 1326 has occurred.

Logon failure: unknown user name or bad password.

In group policy, under Security Settings, Local Policies, User Rights Assignment, is this user included in the "Access this computer from the network" setting?
Jason WatkinsIT Project LeaderAuthor Commented:
Yes, I checked this and everyone plus all groups are listed as able, the only ones that are denied are "ASPNET"

Weird, I have never seen this on WS2003, Win2k yes, but not 2003...
Jason WatkinsIT Project LeaderAuthor Commented:
Thanks, that did it...
No problem! Glad to hear it worked.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.