Does Windows 2016 Server block non-domain computers accessing shared folders?

Gavin75
Gavin75 used Ask the Experts™
on
Does Windows 2016 Server block non-domain computers from accessing shared folders by default or is additional configuration required?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
Neither a domain nor domain joined clients are required.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Yes they are blocked by default. it doesn't matter if they are domains joined or not. you must be granted permissions to access shared folders.

Author

Commented:
Hi, there seems to be a bit of a misunderstanding: I understand that access to files and folders can be controlled at a User level but what I don't want are Users connecting computers to the network, which are not joined to the domain and being able to access shared folders using their Domain login credentials. I realise there are various ways to control access to the network at a layer 2 level using switches etc. but I am interested in how Windows 2016 Server reacts to non-domain computers trying to access domain resources, in particular, shared folders. Thanks for your input.
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Hi, there seems to be a bit of a misunderstanding: I understand that access to files and folders can be controlled at a User level but what I don't want are Users connecting computers to the network, which are not joined to the domain and being able to access shared folders using their Domain login credentials.

Wow, yeah I'll bet there is a bit of a misunderstanding because you've asked a completely different question :) If you're looking after a Windows server solution I would try looking at Dynamic Access Control (DAC) and setting up an access rule that requires a user and device claim for access. This will require a client OS of Windows 8 or higher to support device claims. Otherwise you're going to need to look at a network solution.

Author

Commented:
It was definitely the same question, just elaborated on but I appreciate your input. I’ll have a closer look at your suggestion and the related GPO settings. Thanks
Seth SimmonsSr. Systems Administrator

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Cliff Galiher (https:#a42473474)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial