SGCAdmin
asked on
How to connect to domain machine on a non domain PC
Was wondering if there is a way to connect to a domain machine with a machine that is not connected to the domain without logging on with administrative access. I need the file share on the domain computer to be accessible to non-domain users. The Server on the domain is Windows 2003 SP1 without the firewall, and the non-domain machine is XP SP2, w/ Zone Alarm. As of now, when I try to map the drive to "\\servername\foldershare"
Any help would be appreciated.
Thanks!!!
Any help would be appreciated.
Thanks!!!
you can do that....if you want to provide full access to that folder for all the users connecting to it, go to security tab on the folder and add everyone group and assign permissions to them....else if you want to add specific set of users add them on the folder security tab
Sure, just connect to it using the credentials of a user who has access to the resource:
e.g., for \\pluto\share the domain users administrator, rowan, and joe have access and the domain is camel
When I connect from a non domain member I use the username camel\rowan and the appropriate password.
Now there is a catch, if I also have a local user on my machine called rowan (and I am logged in as that user) then the passwords have to be the same or else I run into credential mismatch problems.
To get around this, I always create local users with -local on the end of them. Domain users just use the username.
-Rowan
e.g., for \\pluto\share the domain users administrator, rowan, and joe have access and the domain is camel
When I connect from a non domain member I use the username camel\rowan and the appropriate password.
Now there is a catch, if I also have a local user on my machine called rowan (and I am logged in as that user) then the passwords have to be the same or else I run into credential mismatch problems.
To get around this, I always create local users with -local on the end of them. Domain users just use the username.
-Rowan
ASKER
Thanks for the quick replies. However, what we need is for this to not prompt for any user authentication. We have this in a batch file and it will stop because is is using authetication. As of now, Im attempting to try to put the username and password in the batch file on the line where it connects to the shared folder however it is not working
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Rowansmth :-) I forgot the domain name in the username.
One more thing before I close this, is there anyway that we can hide the password in the batch file so that if someone opens it, they will not see it, or better yet, make it so they can run the batch file and not be able to view it.
One more thing before I close this, is there anyway that we can hide the password in the batch file so that if someone opens it, they will not see it, or better yet, make it so they can run the batch file and not be able to view it.
No, not really.
You can apply permissions to the batch file so that only those authorised to run it can see it, but to run a batch file one needs to be able to read it.
If one can read the batch file then one can access the password, even if you were to encrypt the batch file someone would still need to ber able to unencrypt it to run the batch file... so really NTFS permissions are the same....
-Rowan
You can apply permissions to the batch file so that only those authorised to run it can see it, but to run a batch file one needs to be able to read it.
If one can read the batch file then one can access the password, even if you were to encrypt the batch file someone would still need to ber able to unencrypt it to run the batch file... so really NTFS permissions are the same....
-Rowan
You can use vbscript instead then use the Microsoft Script Encoder (see: https://www.experts-exchange.com/questions/21517022/Encrypt-VBS-files-like-ASP-can-be-encrypted.html) on it to hide the details
' MapDrive.vbs - Map Network Drive to P:
' -----------------------------------------------------------------'
Option Explicit
Dim DriveLetter, RemotePath, UpdateProfile, User, Password
Dim objNetwork
Set objNetwork = CreateObject("WScript.Network")
DriveLetter = "P:"
RemotePath = "\\Server\Share"
UpdateProfile = FALSE
User = "Domain\User"
Password = "password"
objNetwork.MapNetworkDrive DriveLetter, RemotePath, UpdateProfile, User, Password
Wscript.Quit
' End of example VBScript
While this is a valid approach and follows a defence-in-depth structure IMHO at the end of the day I do not really see the value in this.
It just deters the honest person, the dishonnest person can still extract the password from the script. Even if it is encoded, ecrypted whatever, the reality is that if they get access to the script they can access the password. If they want it bad enough they will get it.
The question is at the end of the day, what does the password give them - access to the remote machine. The same as executing the script - they get access to the remote machine. If the password can only be used to get access to the remote machine and the user has the right to execute the script then they have the right to access the remote machine.
Make sure you use a username/password pair that has restricted access and can only access the resources intended to be accessed.
Security is all about usuability, by encrypting/encoding your script are you really acheiving anything? Sure I can not access the password in the script, but if the password in the script only gives me access to a given resource then all I need to do is execute the script, who cares about the password.
So you have to make a decision based on supportability and maintainability, also consider your password policy and how often you need to change the password.
It just deters the honest person, the dishonnest person can still extract the password from the script. Even if it is encoded, ecrypted whatever, the reality is that if they get access to the script they can access the password. If they want it bad enough they will get it.
The question is at the end of the day, what does the password give them - access to the remote machine. The same as executing the script - they get access to the remote machine. If the password can only be used to get access to the remote machine and the user has the right to execute the script then they have the right to access the remote machine.
Make sure you use a username/password pair that has restricted access and can only access the resources intended to be accessed.
Security is all about usuability, by encrypting/encoding your script are you really acheiving anything? Sure I can not access the password in the script, but if the password in the script only gives me access to a given resource then all I need to do is execute the script, who cares about the password.
So you have to make a decision based on supportability and maintainability, also consider your password policy and how often you need to change the password.
first, you need to map by IP address and then put a set of credentials in the user account of the machine you are trying to access.
\\my.ip.address.xxx\sharen
Control pannel>>Users> add a set of credentials for the machine you are trying to provid acess to.
\\my.ip.address.xxx\sharen
Control pannel>>Users> add a set of credentials for the machine you are trying to provid acess to.
ASKER
Thank You for the quick answer. We've put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put te credentials in the batch file.
ASKER
We decided to put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put the credentials in the batch file of that local user so when the batch is run, it authenticates automatically and runs the file we need it to.
Thanks everyone!
Thanks everyone!