Improve company productivity with a Business Account.Sign Up

x
?
Solved

How to connect to domain machine on a non domain PC

Posted on 2008-06-24
11
Medium Priority
?
1,201 Views
Last Modified: 2012-06-21
Was wondering if there is a way to connect to a domain machine with a machine that is not connected to the domain without logging on with administrative access.   I need the file share on the domain computer to be accessible to non-domain users.  The Server on the domain is Windows 2003 SP1 without the firewall, and the non-domain machine is XP SP2, w/ Zone Alarm.  As of now, when I try to map the drive to "\\servername\foldershare", it prompts for a username/password.  We would like it to just go the folder w/o admin credentials.

Any help would be appreciated.

Thanks!!!

0
Comment
Question by:SGCAdmin
11 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 21859572
you can do that....if you want to provide full access to that folder for all the users connecting to it, go to security tab on the folder and add everyone group and assign permissions to them....else if you want to add specific set of users add them on the folder security tab
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21859591
Sure, just connect to it using the credentials of a user who has access to the resource:

e.g., for \\pluto\share the domain users administrator, rowan, and joe have access and the domain is camel

When I connect from a non domain member I use the username camel\rowan and the appropriate password.

Now there is a catch, if I also have a local user on my machine called rowan (and I am logged in as that user) then the passwords have to be the same or else I run into credential mismatch problems.

To get around this, I always create local users with -local on the end of them.  Domain users just use the username.

-Rowan
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21859707
Thanks for the quick replies.  However, what we need is for this to not prompt for any user authentication.  We have this in a batch file and it will stop because is is using authetication.  As of now, Im attempting to try to put the username and password in the batch file on the line where it connects to the shared folder however it is not working
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 11

Accepted Solution

by:
rowansmith earned 1000 total points
ID: 21859771
In the batch file, put the username as [domain name]\[domain username]

0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21859882
Thanks Rowansmth :-)  I forgot the domain name in the username.

One more thing before I close this, is there anyway that we can hide the password in the batch file so that if someone opens it, they will not see it, or better yet, make it so they can run the batch file and not be able to view it.

0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21860204
No, not really.

You can apply permissions to the batch file so that only those authorised to run it can see it, but to run a batch file one needs to be able to read it.

If one can read the batch file then one can access the password, even if you were to encrypt the batch file someone would still need to ber able to unencrypt it to run the batch file... so really NTFS permissions are the same....

-Rowan
0
 
LVL 6

Expert Comment

by:aces4all2008
ID: 21860812
You can use vbscript instead then use the Microsoft Script Encoder (see: http://www.experts-exchange.com/Programming/Misc/Q_21517022.html) on it to hide the details
' MapDrive.vbs - Map Network Drive to P:
' -----------------------------------------------------------------'
 
Option Explicit
Dim DriveLetter, RemotePath, UpdateProfile, User, Password
Dim objNetwork
Set objNetwork = CreateObject("WScript.Network") 
 
DriveLetter = "P:"
RemotePath = "\\Server\Share"
UpdateProfile = FALSE
User = "Domain\User"
Password = "password"
 
objNetwork.MapNetworkDrive DriveLetter, RemotePath, UpdateProfile, User, Password
 
Wscript.Quit
 
' End of example VBScript 

Open in new window

0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21860994
While this is a valid approach and follows a defence-in-depth structure IMHO at the end of the day I do not really see the value in this.

It just deters the honest person, the dishonnest person can still extract the password from the script.  Even if it is encoded, ecrypted whatever, the reality is that if they get access to the script they can access the password.  If they want it bad enough they will get it.

The question is at the end of the day, what does the password give them - access to the remote machine.  The same as executing the script - they get access to the remote machine.  If the password can only be used to get access to the remote machine and the user has the right to execute the script then they have the right to access the remote machine.

Make sure you use a username/password pair that has restricted access and can only access the resources intended to be accessed.

Security is all about usuability, by encrypting/encoding your script are you really acheiving anything?  Sure I can not access the password in the script, but if the password in the script only gives me access to a given resource then all I need to do is execute the script, who cares about the password.

So you have to make a decision based on supportability and maintainability, also consider your password policy and how often you need to change the password.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21871700
first, you need to map by IP address and then put a set of credentials in the user account of the machine you are trying to access.

\\my.ip.address.xxx\sharename

Control pannel>>Users> add a set of credentials for the machine you are trying to provid acess to.
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
ID: 31470334
Thank You for the quick answer.  We've put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put te credentials in the batch file.
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21874365
We decided to put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put the credentials in the batch file of that local user so when the batch is run, it authenticates automatically and runs the file we need it to.

Thanks everyone!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question