Solved

How to connect to domain machine on a non domain PC

Posted on 2008-06-24
11
1,192 Views
Last Modified: 2012-06-21
Was wondering if there is a way to connect to a domain machine with a machine that is not connected to the domain without logging on with administrative access.   I need the file share on the domain computer to be accessible to non-domain users.  The Server on the domain is Windows 2003 SP1 without the firewall, and the non-domain machine is XP SP2, w/ Zone Alarm.  As of now, when I try to map the drive to "\\servername\foldershare", it prompts for a username/password.  We would like it to just go the folder w/o admin credentials.

Any help would be appreciated.

Thanks!!!

0
Comment
Question by:SGCAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 21859572
you can do that....if you want to provide full access to that folder for all the users connecting to it, go to security tab on the folder and add everyone group and assign permissions to them....else if you want to add specific set of users add them on the folder security tab
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21859591
Sure, just connect to it using the credentials of a user who has access to the resource:

e.g., for \\pluto\share the domain users administrator, rowan, and joe have access and the domain is camel

When I connect from a non domain member I use the username camel\rowan and the appropriate password.

Now there is a catch, if I also have a local user on my machine called rowan (and I am logged in as that user) then the passwords have to be the same or else I run into credential mismatch problems.

To get around this, I always create local users with -local on the end of them.  Domain users just use the username.

-Rowan
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21859707
Thanks for the quick replies.  However, what we need is for this to not prompt for any user authentication.  We have this in a batch file and it will stop because is is using authetication.  As of now, Im attempting to try to put the username and password in the batch file on the line where it connects to the shared folder however it is not working
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Accepted Solution

by:
rowansmith earned 250 total points
ID: 21859771
In the batch file, put the username as [domain name]\[domain username]

0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21859882
Thanks Rowansmth :-)  I forgot the domain name in the username.

One more thing before I close this, is there anyway that we can hide the password in the batch file so that if someone opens it, they will not see it, or better yet, make it so they can run the batch file and not be able to view it.

0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21860204
No, not really.

You can apply permissions to the batch file so that only those authorised to run it can see it, but to run a batch file one needs to be able to read it.

If one can read the batch file then one can access the password, even if you were to encrypt the batch file someone would still need to ber able to unencrypt it to run the batch file... so really NTFS permissions are the same....

-Rowan
0
 
LVL 6

Expert Comment

by:aces4all2008
ID: 21860812
You can use vbscript instead then use the Microsoft Script Encoder (see: http://www.experts-exchange.com/Programming/Misc/Q_21517022.html) on it to hide the details
' MapDrive.vbs - Map Network Drive to P:
' -----------------------------------------------------------------'
 
Option Explicit
Dim DriveLetter, RemotePath, UpdateProfile, User, Password
Dim objNetwork
Set objNetwork = CreateObject("WScript.Network") 
 
DriveLetter = "P:"
RemotePath = "\\Server\Share"
UpdateProfile = FALSE
User = "Domain\User"
Password = "password"
 
objNetwork.MapNetworkDrive DriveLetter, RemotePath, UpdateProfile, User, Password
 
Wscript.Quit
 
' End of example VBScript 

Open in new window

0
 
LVL 11

Expert Comment

by:rowansmith
ID: 21860994
While this is a valid approach and follows a defence-in-depth structure IMHO at the end of the day I do not really see the value in this.

It just deters the honest person, the dishonnest person can still extract the password from the script.  Even if it is encoded, ecrypted whatever, the reality is that if they get access to the script they can access the password.  If they want it bad enough they will get it.

The question is at the end of the day, what does the password give them - access to the remote machine.  The same as executing the script - they get access to the remote machine.  If the password can only be used to get access to the remote machine and the user has the right to execute the script then they have the right to access the remote machine.

Make sure you use a username/password pair that has restricted access and can only access the resources intended to be accessed.

Security is all about usuability, by encrypting/encoding your script are you really acheiving anything?  Sure I can not access the password in the script, but if the password in the script only gives me access to a given resource then all I need to do is execute the script, who cares about the password.

So you have to make a decision based on supportability and maintainability, also consider your password policy and how often you need to change the password.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21871700
first, you need to map by IP address and then put a set of credentials in the user account of the machine you are trying to access.

\\my.ip.address.xxx\sharename

Control pannel>>Users> add a set of credentials for the machine you are trying to provid acess to.
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
ID: 31470334
Thank You for the quick answer.  We've put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put te credentials in the batch file.
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 21874365
We decided to put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put the credentials in the batch file of that local user so when the batch is run, it authenticates automatically and runs the file we need it to.

Thanks everyone!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question