Solved

Guest accessible share not working on Domain Joined Server 2012 R2

Posted on 2014-02-27
7
2,865 Views
Last Modified: 2014-04-12
Security concerns aside, we require a share that had Read access for non-domain joined uses that connect as guest.

Under Server 2008R2 we simply changed 'allow everyone permission to apply to anonymous users' in security policies, enabled the Guest account, set share to everyone, security to everyone on the folder.

I've tried many things in Server 2012 with no resolve, and found numerous postings of people having this issue but some stating they managed to get it working. Their solution didn't work for us.

Additional settings I've tried on local security policy (gpedit.msc)
Restrict anonymous access to named pipes disable
allow anonymous access to named pipes (added our share name to the list)
allow anonymous access to shares (added out share name to the list)

We've restarted the server after each security change.

I know the remote client is coming in as guest by watching the connection using the ShareWatch utility.  The client is either WindowsXP, Win7, or Win8, all of them can now connect to the server and see shares, but opening the share in question give an error that the client does not have permission.

Server: Server 2012 R2 Standard
Tested clients (all non-domain joined): Win7, Win8.1, Server 2003, Server 2012R2

It's strange as Server 2008R2 works and I can't find anything has been changed to 2012.  I even installed the File Services role that gives the Server manager wizard for creating shares and settings quotas etc. I went through it's steps and did everything for a guest share, same issue.
0
Comment
Question by:MemxIT
  • 4
7 Comments
 
LVL 43

Expert Comment

by:Jackie Man
ID: 39902146
Antivirus or third party firewall installed?
0
 

Author Comment

by:MemxIT
ID: 39902231
Currently no. Firewall is set to off, Antivirus has not been deployed yet.  Server and test client are in same subnet, client can browse to server and see list of shares.  When opening share the error persists.  No messages stand out in Event Viewer on Server or client.
0
 
LVL 2

Expert Comment

by:Rob Jurd (eenookami)
ID: 39947167
MemxIT,

A message has been sent to some additional experts asking them to review your question. We will check back again to see if you are getting the help you need.

Please do not respond to this comment; we will be monitoring your question for activity from the Experts.

Thank you for using Experts Exchange,
eenookami
Community Support Moderator
http://www.experts-exchange.com/R_28863.html
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:MemxIT
ID: 39947622
I have solved this problem 2 days ago and it was caused by a scenario i failed to mention in my initial post. I will post the solution later today when I have access to a computer.
0
 

Accepted Solution

by:
MemxIT earned 0 total points
ID: 39983338
The solution:
http://www.briantist.com/errors/server-2012-vmware-esxi-permissions-errors-removable-storage-auditing/

I failed to mention this was in an ESXi 5.5 Environment.  The issue is related to devices being reported to the OS as supporting hot plug. Server 2012 has a new 'feature' called Audit Object Access that blocked hot plug/removable devices from being accessed remotely.

Summary:
gpedit.msc
Enabled Guest Account
Allow everyone permissions to apply to anonymous

Share folder with permissions set for everyone

Run the following from an elevated command line:
auditpol /set /subcategory:"Removable Storage" /failure:disable
0
 

Author Closing Comment

by:MemxIT
ID: 39995819
I found the solution on my own.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question