Solved

Accessing Shared Folders

Posted on 2006-11-03
9
1,000 Views
Last Modified: 2008-02-20
Hello Everyone,

I have an evaluation version of Windows Server 2003 Enterprise Edition with SP1.  It is currently acting as an WSUS server for around thirty clients while sitting behind a NAT router.  On the local side of the router, the server provides DNS and WINS services to various Mac, Linux, and Windows  clients.  IIS 6 is configured with the URLScan utility to enhance security in addition to WS2003 SP1's firewall.

I would like to place a single file share on the server, and have that share be read-only.  The share is located on a different partition from the system volume and is configured.  Share permissions are configured to their default values of "Everyone - Read" and NTFS permissions are configured to their default levels, "SERVER\users - Read and Execute".  Active Directory is not a part of this equation in any manner.  There are two accounts on the server, the admin, and a standard user account.  The local PCs have a standard account that utilizes the same username and password and the server's local account.  

When I try to access the share via UNC path, \\SERVER, a prompt appears asking for a password.  I expected this, but the username is "guest" and is greyed-out.  The guest account is disabled on the server, and has no future of being enabled.  WS2003 is insecure as it is without the guest account turned on.  If I try to access the share via UNC from a Vista RC2 machine, I get a prompt but this time the username and password are blank.  Any combination of username and password will not work.  

What gives?  Is this one of WS2003's undocumented features?

Thanks
0
Comment
Question by:Jason Watkins
  • 4
  • 4
9 Comments
 
LVL 7

Expert Comment

by:krakken
Comment Utility
Username syntax should be server\username as far as I know.  

Is the username and password the same on the server as it is for the workstations?
0
 
LVL 1

Expert Comment

by:brice626
Comment Utility
Have you tried mapping the share using "net use"? I've found oftentimes that using explorer to just try and access a share in a non-domain environment can be very difficult for a variety of reasons. There a bunch of settings I can think of, but before that, want to see if you can map it?

net use driveletter: \\servername\sharename /u:"user" "password"
0
 
LVL 27

Author Comment

by:Jason Watkins
Comment Utility
Net use does not make a connection.  Results are:

System error 86 has occurred.

The specified network password is not correct.

The username and passwords are the same on each end.

Thanks for the replies.
0
 
LVL 27

Author Comment

by:Jason Watkins
Comment Utility
Windows XP produces this error (The above error was from Vista RC2)

System error 1326 has occurred.

Logon failure: unknown user name or bad password.

Thx
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Expert Comment

by:brice626
Comment Utility
In group policy, under Security Settings, Local Policies, User Rights Assignment, is this user included in the "Access this computer from the network" setting?
0
 
LVL 27

Author Comment

by:Jason Watkins
Comment Utility
Yes, I checked this and everyone plus all groups are listed as able, the only ones that are denied are "ASPNET"

Weird, I have never seen this on WS2003, Win2k yes, but not 2003...
0
 
LVL 1

Accepted Solution

by:
brice626 earned 500 total points
Comment Utility
Hrm, that is confusing. We run a domain configuration and once needed a non-domain computer to be able to access a share. It was so difficult we ended up just making it a null share, so the non-domain computer could access it (read only of course) without a username and password. It was easier and it worked. If you'd be interested in that (or perhaps part of these steps can help solve your problem)

1) In group policy:
Network access: Let Everyone permissions apply to anonymous users (Enabled)
Network access: Shares that can be accessed anonymously (yoursharename, IPC$, COMCFG, DFS$)
User rights assignment: Access this computer from the network (Everyone (and any others))

2) Share the folder, granting:

NTFS Permissions:
Everyone (read, read and execute, list folder contents)

and Share Permissions
Everyone (Read, Modify)

then we map the drive from the client:

3) net use driveletter: \\servername\sharename /u:"" ""

that last line is two double-quotes, space, two double-quotes.
0
 
LVL 27

Author Comment

by:Jason Watkins
Comment Utility
Thanks, that did it...
0
 
LVL 1

Expert Comment

by:brice626
Comment Utility
No problem! Glad to hear it worked.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now