Using Temporary VPN with Windows Server 2003 File Permissions

gta2011
gta2011 used Ask the Experts™
on
Our VPN is down due to an AT&T issue.  Long story.

We can use LogMeIn Hamachi as a temporary easy VPN setup.  

Users can connect to the server and see the folders, but can not access them--they do not have access to them because they are not logged in via Active Directory/the server.

How can we temporary rectify this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
This recommendation is a huge security issue, but it sounds like you may need to bypass security for the moment:

You could give "Anonymous" access to all the files. "Everyone" contains all domain users, but "Anonymous" should give access without authentication. Make sure you give "Anonymous" access in both the Share permissions and the NTFS permissions.

Author

Commented:
mwheeler1982: I thought about that but only want to do that as a last result.  Can they authenicate/login after the connect to the VPN via Hamachi?
gta2011: Have you tried mapping the drives using alternate user credentials? (This would be using the "Connect using different credentials" checkbox in the map network drive dialog (on Windows 7 at least)).

I would expect that to work if the users specify their domain credentials in the "alternate credentials" box.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
mwheeler1982: They use XP, not Windows 7.
gta2011: Windows XP allows you to map a drive using different credentials as well, I'm just not sure what the dialog box is called as I do not have a XP machine around. It should be pretty apparent what the option is when the "map network drive" dialog is open.

You can (also insecure) map a network drive with "net use" on the command line and specify a password like this:
net use Z: \\fileserver\share PasswordGoesHere /user:domain\username

There are also solutions like CPAU (http://www.joeware.net/freetools/tools/cpau/) if you do not want them to see the password, but that's a bit more than you may need in an emergency.

Author

Commented:
mwheeler1982:

What do you mean "Make sure you give "Anonymous" access in both the Share permissions and the NTFS permissions."
When configuring a file share, there are permissions on the share itself as well as NTFS permissions. If you right click on a shared folder, you'll see two tabs: "Security" and "Sharing". Both allow you to control permissions.

Author

Commented:
mwheeler1982:

Under sharing tab, i click on permissions and it says this has been shared for administrative purposes.  The permissions cannont be set.

I have added anonymous under security but I still can not connect to the share via the Hamachi VPN.
It sounds like you're sharing the root of the drive? Are you accessing something like \\servername\D$ ? If that's the case, those shares are (as described) meant for administrative purposes only and you may not be able to fully configure the permissions.

Author

Commented:
It is a root share--the D drive.  How can I share them to a person over the Hamaci VPN without logging in?  Again this is just temporary.
At this point, I'm out of ideas. Root shares are not meant to be used for anything other than administrative purposes. Can you try sharing out a single folder with the Anonymous user having both Share and NTFS permissions to see if that works?

Author

Commented:
I did share the folder.  Thanks for all your help.   I wish I could award 10,000 points.
Glad I was able to help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial