Solved

How to connect to domain machine on a non domain PC

Posted on 2008-06-24
11
1,190 Views
Last Modified: 2012-06-21
Was wondering if there is a way to connect to a domain machine with a machine that is not connected to the domain without logging on with administrative access.   I need the file share on the domain computer to be accessible to non-domain users.  The Server on the domain is Windows 2003 SP1 without the firewall, and the non-domain machine is XP SP2, w/ Zone Alarm.  As of now, when I try to map the drive to "\\servername\foldershare", it prompts for a username/password.  We would like it to just go the folder w/o admin credentials.

Any help would be appreciated.

Thanks!!!

0
Comment
Question by:SGCAdmin
11 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 21859572
you can do that....if you want to provide full access to that folder for all the users connecting to it, go to security tab on the folder and add everyone group and assign permissions to them....else if you want to add specific set of users add them on the folder security tab
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21859591
Sure, just connect to it using the credentials of a user who has access to the resource:

e.g., for \\pluto\share the domain users administrator, rowan, and joe have access and the domain is camel

When I connect from a non domain member I use the username camel\rowan and the appropriate password.

Now there is a catch, if I also have a local user on my machine called rowan (and I am logged in as that user) then the passwords have to be the same or else I run into credential mismatch problems.

To get around this, I always create local users with -local on the end of them.  Domain users just use the username.

-Rowan
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21859707
Thanks for the quick replies.  However, what we need is for this to not prompt for any user authentication.  We have this in a batch file and it will stop because is is using authetication.  As of now, Im attempting to try to put the username and password in the batch file on the line where it connects to the shared folder however it is not working
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 11

Accepted Solution

by:
rowansmith earned 250 total points
ID: 21859771
In the batch file, put the username as [domain name]\[domain username]

0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21859882
Thanks Rowansmth :-)  I forgot the domain name in the username.

One more thing before I close this, is there anyway that we can hide the password in the batch file so that if someone opens it, they will not see it, or better yet, make it so they can run the batch file and not be able to view it.

0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21860204
No, not really.

You can apply permissions to the batch file so that only those authorised to run it can see it, but to run a batch file one needs to be able to read it.

If one can read the batch file then one can access the password, even if you were to encrypt the batch file someone would still need to ber able to unencrypt it to run the batch file... so really NTFS permissions are the same....

-Rowan
0
 
LVL 6

Expert Comment

by:aces4all2008
ID: 21860812
You can use vbscript instead then use the Microsoft Script Encoder (see: http://www.experts-exchange.com/Programming/Misc/Q_21517022.html) on it to hide the details
' MapDrive.vbs - Map Network Drive to P:
' -----------------------------------------------------------------'
 
Option Explicit
Dim DriveLetter, RemotePath, UpdateProfile, User, Password
Dim objNetwork
Set objNetwork = CreateObject("WScript.Network") 
 
DriveLetter = "P:"
RemotePath = "\\Server\Share"
UpdateProfile = FALSE
User = "Domain\User"
Password = "password"
 
objNetwork.MapNetworkDrive DriveLetter, RemotePath, UpdateProfile, User, Password
 
Wscript.Quit
 
' End of example VBScript 

Open in new window

0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21860994
While this is a valid approach and follows a defence-in-depth structure IMHO at the end of the day I do not really see the value in this.

It just deters the honest person, the dishonnest person can still extract the password from the script.  Even if it is encoded, ecrypted whatever, the reality is that if they get access to the script they can access the password.  If they want it bad enough they will get it.

The question is at the end of the day, what does the password give them - access to the remote machine.  The same as executing the script - they get access to the remote machine.  If the password can only be used to get access to the remote machine and the user has the right to execute the script then they have the right to access the remote machine.

Make sure you use a username/password pair that has restricted access and can only access the resources intended to be accessed.

Security is all about usuability, by encrypting/encoding your script are you really acheiving anything?  Sure I can not access the password in the script, but if the password in the script only gives me access to a given resource then all I need to do is execute the script, who cares about the password.

So you have to make a decision based on supportability and maintainability, also consider your password policy and how often you need to change the password.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21871700
first, you need to map by IP address and then put a set of credentials in the user account of the machine you are trying to access.

\\my.ip.address.xxx\sharename

Control pannel>>Users> add a set of credentials for the machine you are trying to provid acess to.
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
ID: 31470334
Thank You for the quick answer.  We've put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put te credentials in the batch file.
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21874365
We decided to put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put the credentials in the batch file of that local user so when the batch is run, it authenticates automatically and runs the file we need it to.

Thanks everyone!
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question