How to share a local folder on a stand-alone server with domain users

I need to share a folder on my Windows Server 2012 (stand-alone non-member) with a few select domain member users. Their client machines are WinXP and Win7.

Is this possible without installing any third party software?
vvajjhalaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

vvajjhalaAuthor Commented:
I forgot to mention that I would like the domain users to be able to access this folder without the need to submit credentials
0
JonathanSpitfireSenior Solutions EngineerCommented:
Yes, this is certainly possible natively without any third party applications. You either need to set the access up on the folder for anonymous or you need to provide appropriate local credentials (that exist on the stand alone server) to the end users. don't forget that you need to assign the appropriate permissions on the share as well as at the NTFS level.

Hope this is helpful,

Jonathan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JonathanSpitfireSenior Solutions EngineerCommented:
Ah - then you will definitely need to allow everyone/anonymous access.

Jonathan
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

vvajjhalaAuthor Commented:
Thanks for the quick reply Jonathan.

I have a AD group with the select users that should have access. I just want those users to be able to access this share without being prompted for credentials.
0
Cliff GaliherCommented:
There is no secure automated way to do what you want. The whole point of a domain (or domain trusts) is to pass authentication requests. By choosing a fully stand-alone server, you've chosen to shut that door. And by saying you don't want 3rd party software, you've closed off any federated options such as ADFS, SAML, OATH, etc.
0
vvajjhalaAuthor Commented:
Suppose I am open now to 3rd party...what can you tell me about those options you just mentioned?
0
Cliff GaliherCommented:
You'll need to set up some sort of directory sync to get local accounts that match the domain accounts. Then choose which auth method you'll support and somehow associate the two accounts. And for true SSO, a federated token, so something like ADFS. The infrastructure for such an endeavor is massive. It has taken even large companies (Salesforce, etc) years to get it right. So if it were easy or a few point and click wizards, it wouldn't be so hard for them. That's the 10,000ft view.
0
JonathanSpitfireSenior Solutions EngineerCommented:
Cliff is correct. If you want the files secure, you either have to join the domain, or you have to have users login.
0
JonathanSpitfireSenior Solutions EngineerCommented:
as for ADFS being an overwhelming task.....I agree that it isn't a cake walk, but it is a lot easier than it used to be - at least with Server 2012 R2.

That being said, I would NOT go to that kind of trouble for this particular use case. I would join the server to the domain, or I would tel end users that they have to login, and that's the end of it.

Can't have your cake and eat it too, in this instance, I'm afraid.
0
vvajjhalaAuthor Commented:
Yup...i guess you're right...Thanks so much for your help gentlemen.
0
Will SzymkowskiSenior Solution ArchitectCommented:
As stated you either need to open access to Everyone or provide a local username/password to the people that require access.

Another thing you could do (if you only want a few users to have access to this) is create the Share and make it Hidden using the "$" example MyShare$.

This will still be accessible to all users but you will have some level of security because they need to know the servername and also share name is hidden. I think that might be your best approach.

Will.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Ahhhhh. i was too late. creating a hidden share does provide a little more security as they will not know the Share.

Will.
0
Cliff GaliherCommented:
@Johnathanspitfire:  I agree that ADFS has become easier. However Microsoft has architected ADFS to integrate with third parties and still expects them to provide some infrastructure. As the proposed use case here is a standalone server, the OP would *be* that 3rd-party in this case. ADFS alone wouldn't solve the issue. It'd just provide the medium from the domain side of things. As such, my comment that it is exceedingly complex still stands. To extrapolate, imagine re-inventing Azure AD and dirsync (or WAAD, or AADSync, depending on which acronym you prefer and which version is shipping this month) ...which is how Office 365 leverages ADFS.   ADFS alone doesn't cover O365, but requires all of that infrastructure that Microsoft has built.  To offer access from a standalone server, a similar architecture is required.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.