Jump to content

Site Offline

The community is currently offline and only accessible to those with permission.

Sadikhov IT Certification forums
Sign in to follow this  
Seb2

Anonymous Login - Can't Get It To Work

Recommended Posts

"xp-client" and "xp-client2" in same workgroup, where "xp-client2" has its "standard share", and another share (c:\testshare) shared.

 

Sharing permissions - Full access for everyone, AND Full access for Anonymous logon.

NTFS permissions - Read/write (and those other regular ones) access granted for Anonymous logon, Everyone, and then theres read and more for users and lots of more users/groups as default is.

 

Local security policy on xp-client2 (the machine sharing these folders) have been set to "Let Everyone permissions apply to anonymous users" - Enabled.

 

 

So, how come I cant access any of xp-client2's shares, without being prompted for user/pass and having to enter any of the xp-server2 accounts to access it?

 

Even tried from the CMD of xp-client, connecting to one of the shared folders like this.

C:\Documents and Settings\xp>net use \\xp-client2\Testshare
The password or user name is invalid for \\xp-client2\Testshare.

Enter the user name for 'xp-client2':
System error 1223 has occurred.

The operation was canceled by the user.


C:\Documents and Settings\xp>

 

 

Yeah yeah, anonymous access is no good and all of that. I just thought it could be fun to play with and see how it works in case you need it sometime....but obviously I'm missing something here :(

 

Thanks :)

Share this post


Link to post
Share on other sites

Even changing under User Rights Assignment on the sharing machine, so that "Anonymous logon" are added to "Access this computer from the network", doesn't help.

Doesn't seem to matter if the connecting pc uses its admin-account (which has a password) or if it uses one of its unprivileged users that has no password.

Edited by Seb2

Share this post


Link to post
Share on other sites

Hi,

 

Try this...

 

1) Grant Anonymous Logon, the desired rights on the share, and NTFS permissions.

2) In local security policy (Local Policies>Security Options) Add the share name to "Network access: Shares that can be accessed anonymously".

 

Also enable guest account.

 

Rgds,

Edited by amsin

Share this post


Link to post
Share on other sites
Hi,

 

Try this...

 

1) Grant Anonymous Logon, the desired rights on the share, and NTFS permissions.

2) In local security policy (Local Policies>Security Options) Add the share name to "Network access: Shares that can be accessed anonymously".

 

Also enable guest account.

 

Rgds,

You mean if I have a share called "Testshare", I just add "Testshare", without the "", to the "Shares that can be accessed anonymously"?

And guest account enabled on the sharing machine...not the client?

 

Well, it didn't work. Rebooted both of them, still nothing.

Now I cant even get a login-window when trying, it just says its not accessible or something. Net use, with proper user/pass, still works though.

I just get more and more confused the more I lab with workgroups and shares....its really all just a mess it seems :D

 

I know the easiest way to make it work is share what you want with simple filesharing enabled, THEN turn it off, and give access to Everyone on the shares that should be used anonymously.

Do like that on my physical network at home. Then for the important folders its just to disable Everyone.

Must be some other way though, than to first share with simple turned on, and then disable it :D

 

Now I'm reinstalling them both, feels like I've messed around with them too much. Have to concentrate on whats important instead I guess...anonymous access probably ain't such a big deal after all...maybe most who use it just use simple filesharing and dont even care of NTFS rights.

Edited by Seb2

Share this post


Link to post
Share on other sites

Well, it seems the very best solution is to start filesharing with simplified filesharing enabled.

Then you turn it off.

After that you can log in with any user from another pc, as long as "Everyone" has rights to do so.

Very nice. If you dont have used simplified filesharing earlier "Everyone" is not enough, as isn't "Anonymous login" or anything else I could find.

 

Its enough for me, it works at least and probably is more simple than the "correcter" method which I guess there are some....

Share this post


Link to post
Share on other sites

Hi there,

 

yes in Windows XP simple file sharing is enabled by default for non domain clients (when you join them to the domain it is automatically disabled) but it gives just too many problems... it should simplify sharing files among computers in workgroup but it just creates problems... It is the first thing I disable when I install a Windows Xp machine :P

 

L.

Share this post


Link to post
Share on other sites
Hi there,

 

yes in Windows XP simple file sharing is enabled by default for non domain clients (when you join them to the domain it is automatically disabled) but it gives just too many problems... it should simplify sharing files among computers in workgroup but it just creates problems... It is the first thing I disable when I install a Windows Xp machine :P

 

L.

Yeah, but before doing so its good to run the filesharing wizard and let the pc's connect to each other.

THEN disable it :)

That way a user can log in without needing a account with same user/pass on the other pc....if "Everyone" permissions on the share allow.

Good option to have...doesn't hurt anyway.

Share this post


Link to post
Share on other sites

Hi there,

 

Since Anonymous logon is a leakage for security in a network, it is better not to use it in my opinion.

One solution is using the same username and password on each client of workgroup. It means that the problem is in SAM files of the clients.

Meaning that if you are using user name "User1" with the password "123" it is better to creat it this username and password on other clients as well.

then you can access the printer from each client without requesting the user name and password and you can view the sharing folders of each client.

I hope this helps.

 

Regards,

mip104

Edited by mip104

Share this post


Link to post
Share on other sites
Hi there,

 

Since Anonymous logon is a leakage for security in a network, it is better not to use it in my opinion.

One solution is using the same username and password on each client of workgroup. It means that the problem is in SAM files of the clients.

Meaning that if you are using user name "User1" with the password "123" it is better to creat it this username and password on other clients as well.

then you can access the printer from each client without requesting the user name and password and you can view the sharing folders of each client.

I hope this helps.

 

Regards,

mip104

Yeah, I just have a hard time believing thats how it actually works in smaller companys that dont use AD.

Lets say one user happens to loose his password...typing it somewhere else so someone sees it, or drops a note with it written on....well, lets say he feels uncomfortable and changes it as soon as possible.

Then what?

Yeah, right, he cant log in anywhere anymore...cant access fileshare, cant access printer, cant do anything in the workgroup.

So, need to go talk to the admin, the admin has to go around all servers and change the password....also meaning the admin has to know every users password.

 

Well, I guess this is the big downside to workgroups, but maybe this is how its used in very small companys, maybe mostly places where everyone trusts each other farily well.

 

Oh well, it feels to me like having the option to use "Everyone" to give other users access to shares that aren't top secret could be a nice thing...dont think "Everyone" is the same thing as "Anonymous" either...."Everyone" is probably like every user that has a real username, and maybe has to have a password too, its just that it doesn't have to exist locally on the sharing pc.

Share this post


Link to post
Share on other sites

I have exactly the same problem, everything I've tried doesn't work.

Normally all I do is add "Anonymous Logon" to "Access this computer from the network" in security policy and it works, but it doesn't.

Share this post


Link to post
Share on other sites
Yeah, I just have a hard time believing thats how it actually works in smaller companys that dont use AD.

Lets say one user happens to loose his password...typing it somewhere else so someone sees it, or drops a note with it written on....well, lets say he feels uncomfortable and changes it as soon as possible.

Then what?

Yeah, right, he cant log in anywhere anymore...cant access fileshare, cant access printer, cant do anything in the workgroup.

So, need to go talk to the admin, the admin has to go around all servers and change the password....also meaning the admin has to know every users password.

 

Well, I guess this is the big downside to workgroups, but maybe this is how its used in very small companys, maybe mostly places where everyone trusts each other farily well.

 

Oh well, it feels to me like having the option to use "Everyone" to give other users access to shares that aren't top secret could be a nice thing...dont think "Everyone" is the same thing as "Anonymous" either...."Everyone" is probably like every user that has a real username, and maybe has to have a password too, its just that it doesn't have to exist locally on the sharing pc.

 

In a workgroup scenario the user would need to change his password on all the machines that he uses within the workgroup, also if you use sinmple filesharing you grant full control to everyone you cannot be granular with your permissions (e.g allow 1 user read/write and allow another full control)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×