Search A-Z index Help
University of Cambridge Home Physics Dept Home Mike Roses' Home Page TCM Group Home

Security Options for Anonymous Acccess to File Share on Windows Server 2003 (e.g. print server)

The minimum (just about, but it may be possible to do better, but I got fed up changing Group Policy and rebooting the computer) security options for Anonymous Acccess to File Share on Windows Server 2003 (e.g. print server):

Enable and give the guest account a blank password:

Enable the guest account and give it a blank password (computer management: users and groups)
gpedit.msc -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options ->
Accounts: Guest account status: enabled

In the same bit of Group Policy (allowing network access for anonymous logins from NT4,2K and XP):
Network Access: allow anonymous SID/Name translation: disabled
Network Access: Do not allow anonymous enumeration of SAM accounts: enabled
Network Access: Do not allow anonymous enumeration of SAM accounts and shares: disabled
Network Access: let everyone permissions apply to anonymous users: enabled
Network Access: restrict remote access to named pipes and shares: disabled

gpedit.msc -> Computer Configuration -> Windows Settings -> Local Policies -> User Rights Assignment ->
Access this computer from the network: everyone, anonymous logon

The GPO stuff can be done in the AD domain policy or an OU GPO.

After that I was given access without a credential prompt to the printer shares.

I then limited access to the shares using the windows firewall and a custom IP/subnet list.

Reference discussion with most of the info in it