Jump to content



Photo

Administrative Shares on Server 2008 R2

Answered Go to the full post windows server 2008 r2 administrative shares folder secuirty

  • Please log in to reply
6 replies to this topic

#1 bguy_1986

bguy_1986

    Neowinian

  • Joined: 28-April 05

Posted 12 September 2013 - 18:56

I swear I've done this before...

 

First of all a hidden share and administrative share is the same thing isn't it?

I want to create an administrative share on a server for all of my apps.  I've created a share with the name of apps$.  Right now I've got security on it so that IT can change it, and Authenticated users Read access.

 

I want to change it if possible.  I'd like to have IT to be able to get to it and change it no problem, and on other computers other users are logged into, prompt for a username and password.

 

I can't seem to figure out how to get it to prompt for username and password at all no matter what I set it at.  What am I doing wrong if anything?  Maybe it's not possible and I'm just loosing my mind (which is very possible)



Best Answer +BudMan , 12 September 2013 - 19:07

So do you allow anonymous access to the servers - any shares?

I you auth to a server with guest/anon to access say a public share - your never going to be able to get to a share that you have to auth too.. Since your already authed as guest, and can not have 2 different users connected from the same source to the server.

You would have to remove the anon/guest access now when you try and connect to server you will always get prompted for auth.

Or you will have to auth specifically to that share or server before any anon/guest session has been created.

for example net use \\servers\apps$ /u:domain\user password Go to the full post



#2 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 12 September 2013 - 19:07   Best Answer

So do you allow anonymous access to the servers - any shares?

I you auth to a server with guest/anon to access say a public share - your never going to be able to get to a share that you have to auth too.. Since your already authed as guest, and can not have 2 different users connected from the same source to the server.

You would have to remove the anon/guest access now when you try and connect to server you will always get prompted for auth.

Or you will have to auth specifically to that share or server before any anon/guest session has been created.

for example net use \\servers\apps$ /u:domain\user password

#3 OP bguy_1986

bguy_1986

    Neowinian

  • Joined: 28-April 05

Posted 12 September 2013 - 19:33

BudMan, on 12 Sept 2013 - 15:07, said:

So do you allow anonymous access to the servers - any shares?

I you auth to a server with guest/anon to access say a public share - your never going to be able to get to a share that you have to auth too.. Since your already authed as guest, and can not have 2 different users connected from the same source to the server.

You would have to remove the anon/guest access now when you try and connect to server you will always get prompted for auth.

Or you will have to auth specifically to that share or server before any anon/guest session has been created.

for example net use \\servers\apps$ /u:domain\user password

That's what I've kind of been finding out with my research, but I swear I've done it in the past.  I'm going to leave this open for a little while and then mark it as the answer just in case somebody else has anything to add.

 

Thanks



#4 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 36
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 12 September 2013 - 19:37

 

I can't seem to figure out how to get it to prompt for username and password at all no matter what I set it at.  What am I doing wrong if anything?  Maybe it's not possible and I'm just loosing my mind (which is very possible)

With active directory it will never prompt unless the user is currently not logged into that server.  ie. server1 has all of my data (user data, public data, special share that you just created), I want users to connect to a share on server1 but prompted to access...this will not happen at all, ever as they are already connected to server1 as the user to access other files. 

 

The way it would work is if they connected to another server/workstation that only had this share on it, then they would be prompted for a username and password, if they didn't have access to it to begin with.  ie, you try to connect to a hidden share on a random computer, \\computername\c$ for instance by default a standard user does not have access to this share, it will then prompt them for credentials to gain access. 



#5 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 12 September 2013 - 19:58

"\\computername\c$ for instance by default a standard user does not have access to this share, it will then prompt them for credentials to gain access. "

Unless as mentioned your already authed with some account, say anon/guest or your user name that does have say access to IPC$ through being a domain user, etc.

The only way you will get prompted is if the accounts your machine automatically tries to auth with denied. guest/logged in user account. If they get denied then you will get prompted. If you guest or your username allows you to connect - even if your not really allowed access to anything other than say public folder your not going to get prompted again.

#6 OP bguy_1986

bguy_1986

    Neowinian

  • Joined: 28-April 05

Posted 13 September 2013 - 13:13

Thanks for the reply's, I think we could do the same thing if we had two different domain as well.  Maybe that's how they did it at my past jobs.



#7 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 36
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 13 September 2013 - 13:44

basically any computer that you do not have access to and connect to the share, whether it be on a different domain or the same domain, it will prompt for credentials.  If you are currently connected to a computer through a logon script or by browsing to it, it will not prompt you for credentials as it will use the current logged on credentials to access that computer and all shares on that computer.