Solved

How to connect to domain machine on a non domain PC

Posted on 2008-06-24
11
1,187 Views
Last Modified: 2012-06-21
Was wondering if there is a way to connect to a domain machine with a machine that is not connected to the domain without logging on with administrative access.   I need the file share on the domain computer to be accessible to non-domain users.  The Server on the domain is Windows 2003 SP1 without the firewall, and the non-domain machine is XP SP2, w/ Zone Alarm.  As of now, when I try to map the drive to "\\servername\foldershare", it prompts for a username/password.  We would like it to just go the folder w/o admin credentials.

Any help would be appreciated.

Thanks!!!

0
Comment
Question by:SGCAdmin
11 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
you can do that....if you want to provide full access to that folder for all the users connecting to it, go to security tab on the folder and add everyone group and assign permissions to them....else if you want to add specific set of users add them on the folder security tab
0
 
LVL 11

Expert Comment

by:rowansmith
Comment Utility
Sure, just connect to it using the credentials of a user who has access to the resource:

e.g., for \\pluto\share the domain users administrator, rowan, and joe have access and the domain is camel

When I connect from a non domain member I use the username camel\rowan and the appropriate password.

Now there is a catch, if I also have a local user on my machine called rowan (and I am logged in as that user) then the passwords have to be the same or else I run into credential mismatch problems.

To get around this, I always create local users with -local on the end of them.  Domain users just use the username.

-Rowan
0
 
LVL 1

Author Comment

by:SGCAdmin
Comment Utility
Thanks for the quick replies.  However, what we need is for this to not prompt for any user authentication.  We have this in a batch file and it will stop because is is using authetication.  As of now, Im attempting to try to put the username and password in the batch file on the line where it connects to the shared folder however it is not working
0
 
LVL 11

Accepted Solution

by:
rowansmith earned 250 total points
Comment Utility
In the batch file, put the username as [domain name]\[domain username]

0
 
LVL 1

Author Comment

by:SGCAdmin
Comment Utility
Thanks Rowansmth :-)  I forgot the domain name in the username.

One more thing before I close this, is there anyway that we can hide the password in the batch file so that if someone opens it, they will not see it, or better yet, make it so they can run the batch file and not be able to view it.

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 11

Expert Comment

by:rowansmith
Comment Utility
No, not really.

You can apply permissions to the batch file so that only those authorised to run it can see it, but to run a batch file one needs to be able to read it.

If one can read the batch file then one can access the password, even if you were to encrypt the batch file someone would still need to ber able to unencrypt it to run the batch file... so really NTFS permissions are the same....

-Rowan
0
 
LVL 6

Expert Comment

by:aces4all2008
Comment Utility
You can use vbscript instead then use the Microsoft Script Encoder (see: http://www.experts-exchange.com/Programming/Misc/Q_21517022.html) on it to hide the details
' MapDrive.vbs - Map Network Drive to P:

' -----------------------------------------------------------------'

 

Option Explicit

Dim DriveLetter, RemotePath, UpdateProfile, User, Password

Dim objNetwork

Set objNetwork = CreateObject("WScript.Network") 
 

DriveLetter = "P:"

RemotePath = "\\Server\Share"

UpdateProfile = FALSE

User = "Domain\User"

Password = "password"
 

objNetwork.MapNetworkDrive DriveLetter, RemotePath, UpdateProfile, User, Password
 

Wscript.Quit
 

' End of example VBScript 

Open in new window

0
 
LVL 11

Expert Comment

by:rowansmith
Comment Utility
While this is a valid approach and follows a defence-in-depth structure IMHO at the end of the day I do not really see the value in this.

It just deters the honest person, the dishonnest person can still extract the password from the script.  Even if it is encoded, ecrypted whatever, the reality is that if they get access to the script they can access the password.  If they want it bad enough they will get it.

The question is at the end of the day, what does the password give them - access to the remote machine.  The same as executing the script - they get access to the remote machine.  If the password can only be used to get access to the remote machine and the user has the right to execute the script then they have the right to access the remote machine.

Make sure you use a username/password pair that has restricted access and can only access the resources intended to be accessed.

Security is all about usuability, by encrypting/encoding your script are you really acheiving anything?  Sure I can not access the password in the script, but if the password in the script only gives me access to a given resource then all I need to do is execute the script, who cares about the password.

So you have to make a decision based on supportability and maintainability, also consider your password policy and how often you need to change the password.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
first, you need to map by IP address and then put a set of credentials in the user account of the machine you are trying to access.

\\my.ip.address.xxx\sharename

Control pannel>>Users> add a set of credentials for the machine you are trying to provid acess to.
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
Comment Utility
Thank You for the quick answer.  We've put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put te credentials in the batch file.
0
 
LVL 1

Author Comment

by:SGCAdmin
Comment Utility
We decided to put a local account on the machine we were trying to access that had no access to only the folder we wanted and then put the credentials in the batch file of that local user so when the batch is run, it authenticates automatically and runs the file we need it to.

Thanks everyone!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now