Non-Domain User access File Share on a Domain Computer


Recommended Posts

I have a Windows 2003 Server, Standard Edition (SP1) running Active Directory which is the only server in the network.

I also have a Windows XP Professional (SP2) client that is a Domain Member, which has a Local User ("Non-Domain User").

I need the Local User on the Windows XP client to have access a file share on the Windows 2003 server. When the Local User tried to connect to the server, they are prompted for a username/password of a Domain User to get access.

I have tried setting the Sharing permissions on the shared folder to allow access to Guests, Domain Guests, Domain Computers, Everyone and ANONYMOUS LOGON. I have also set those groups File System permissions to compliment the Share Permissions.

No luck. I think that the reason why that didn't work is because the Server is prompting for Authentication before it even lists the available File Shares, not after I try to access the Shared Folder that I'm trying to share, therefore the permissions of the individual file shares make no difference.

I would prefer to do this with a seemless method that doesn't not require the Local User to save a password in the Passwords List or have to Add new Domain Accounts to the server.

All help recieved will be appriciated.

Thanks,

Quick Reply

Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

  Quick Reply said:
Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

586019444[/snapback]

Lets say you have the following share: \\TESTSERVER\testshare1

Now create an AD user (for instance testshare1_user), and give it the necessary NTFS permissions on Testshare1.

Now if anyone wants to connect to this share, go to \\TESTSERVER\testshare1 and they will be prompted for username/password.

They will have to use as username domainname\testshare1_user and its correct password.

The trick is to add your domainname followed by a backslash before entering the username. That way, the computer who tries to access your testshare1 knows that the credentials for accessing this share are on the domain controller. Otherwise the computer tries to find these credentials on the local computer where they don't exist off course.

This way you create an AD user for each share you want to make accessible for non-domain PCs. And they always connect to \\TESTSERVER\sharename with username DOMAINNAME\USERNAME and it's correct password.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

This is not correct, you can connect to domain resources from any computer. You only need a domain username and password.

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

ChocIST

586020903[/snapback]

Well, that's what I said right? Just make sure that user has rights on the share. And take into account that you need to logon with domain\username and not just with username.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

  Komakino[BE] said:
The trick is to add your domainname followed by a backslash before entering the username.

586020611[/snapback]

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

586020903[/snapback]

The computer is already part of the domain, just not the user.

I have been using the backslash when entering usernames.

The problem is that the end users that I am dealing with can not cope with change and already struggle with their basic skills to do basic tasks.

What's mor eis that when I enter the username/password of the Domain User when connecting to a Domain Resource, The password isn't saved after being rebooted.

And also, I need to share a printer after I get the File Shares working. And a username/password for a file share hasn't been entered between logging on and trying to print something, the printing job will fail and NOT prompt for a username/password due to some bug in Windows XP that doesn't ask for it when it should. There is no way I can think of to get the users to deal with that when they just want to print a word document.

Thanks for the workarounds, but they don't work very well, I just want a server-side solution. :woot:

Dude - why exactly is this not a domain user? You state the machine is a member, you want to give access to some share's to this user, plus printer(s)..

Why would this user NOT be using a domain account?

All of your issues go way - just have the user log into the domain.. All your problems solved! The user does NOT have to be member of domain users, so they could be limited to only access specific shares, etc. They could be give whatever permissions they need on the local machine, etc.. etc..

For the life me I can not see why you would NOT have this user log in with domain account??

Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down? The Domain Server itself is still under testing and constant reconfiguration, if the server needs to have AD reinstalled, nobody would be able to log on until I set everything up again and rejoin each laptop to the domain. The test machine is only a member of the domain for testing, when I set the laptops up, they arn't going to be domain members.

Surely there is a Group Policy or Security Policy seting that I can make, simular to "Let Everyone permissions apply for ANONYMOUS LOGON" which doesn't seem to work.

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down?

586028525[/snapback]

So long as the user has logged into that machine while it was connected to the domain, they can log into that machine while it is not connected to the domain.

Basically that user just needs a profile folder in the Documents and Settings folder.

  Quick Reply said:
when I set the laptops up, they arn't going to be domain members.

586028525[/snapback]

Why? What is the point of your domain then?? If your not going to have any members?

Your laptops will login from cache, if they are not on the network - or DC is not available.. So will every other machince - unless you have turned disabled login from cache..

As to access to ANON or ANYONE - as already stated, turn on the guest account.. This is its purpose..

Another method to map a drive without the user having to do anything.. since your saying /savecred is not working, would be to create a simple batch file.. put it on the computer to run when they login

NET USE *\\computername\sharename /user:domainname\username password

Or give them an shortcut to it on their desktop.. click and they have access to whatever share they need with whatever account they need to use, etc..

But if your going to have all your laptops as local accounts - what exactly is the POINT of your domain? Peer to Peer network with a 2k3 box in the middle is what you have ;)

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about

586028525[/snapback]

Uh, every laptop user that I have in the domain works 4 days or more away from the office. Not one of them has complained that they can't log on to their laptop using their domain accounts.

To solve your problem, create a user called user1 and give it a password of password.

Give this user full access to the share.

Instruct the users to Start, Run, \\server\share. They will be be asked for a username and password.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Last chance to claim VideoProc Converter AI v7.5 ($78.90 Value) for free by Steven Parker Claim your free license (worth $78.90) today, before the offer expires today, June 18. Equipped with AI tools for video and image enhancement, smoothness, and stabilization. Remaster low-quality videos and photos, convert, edit, compress, download, and record with GPU acceleration! Key Features of VideoProc Converter AI V7.5: AI Video Upscaling: Upscale low-res, old, grainy videos/DVDs/recordings by 400% to HD/4K for stunning visuals on larger screens. AI Image Enhancement: Upscale images and AI art to 8K/10K for better cropping, editing, printing, and sharing. AI Stabilization: Intelligently stabilize shaky GoPro/drone/camera footage with controllable cropping ratios. AI Frame Interpolation: Boost FPS from 30/60 to silky-smooth 120/240/480, or create epic slow-motion effects. 5-in-1 Video Toolkit: Convert, edit, compress, download, and record with the highest possible quality. GPU Acceleration: Expedite video processing, even on older computers. How to get it Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last! Download VideoProc Converter AI V7.5 ($78.90 Value, now FREE) Offered by Digiarty, view other free resources The below offers are also available for free in exchange for your (work) email: Continuous Testing, Quality, Security, and Feedback ($27.99 Value) FREE – Expires 6/18 VideoProc Converter AI v7.5 for FREE (worth $78.90) – Expires 6/18 Macxvideo AI ($39.95 Value) Free for a Limited Time – Expires 6/22 Microsoft 365 Copilot At Work ($60 Value) FREE – Expires 6/25 Natural Language Processing with Python ($39.99 Value) FREE – Expires 6/25 Excel Quick and Easy ($12 Value) FREE – Expires 6/24 The Inclusion Equation: Leveraging Data & AI ($21 Value) FREE – Expires 6/24 The Ultimate Linux Newbie Guide – Featured Free content Python Notes for Professionals – Featured Free content Learn Linux in 5 Days – Featured Free content Quick Reference Guide for Cybersecurity – Featured Free content We post these because we earn commission on each lead so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. Other ways to support Neowin The above deal not doing it for you, but still want to help? Check out the links below. Check out our partner software in the Neowin Store Buy a T-shirt at Neowin's Threadsquad Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: An account at Neowin Deals is required to participate in any deals powered by our affiliate, StackCommerce. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through the branded deals site.
    • They pulled this same crap with Google Workspace. "hey you get AI now so we are raising your prices". I disabled it for my org but we still have to pay. F this stupid 1984 tiny hat spy crap.
    • Samsung could unveil its Galaxy XR headset ‘Project Moohan' in September by Sagar Naresh Bhavsar Next month, Samsung is expected to unveil the Galaxy Z Fold7, the Galaxy Z Flip7, and an affordable Galaxy Z Flip7 FE, along with the Galaxy Watch8 series. However, the launches don't end there. A fresh report out of South Korea hints that Samsung could launch its much-awaited Galaxy XR augmented reality headset in September. The company has codenamed its first XR headset as "Project Moohan," which translates to "Project Infinite." Samsung has already showcased the Galaxy XR headset a few times in the past. In fact, popular tech YouTuber Marques Brownlee - also known as MKBHD -, got his hands on the Galaxy XR and revealed interesting details about the upcoming device. The Galaxy XR is rumored to come with a sharper display compared to the Apple Vision Pro and run on Google's new operating system for AR and VR headsets, the Android XR. Fast forward to now, Korean publication Newspim reports that Samsung is ready to launch the Galaxy XR headset on September 29 in its home country. Notably, the headset will be unveiled at an Unpacked event and later will go on sale on October 13. Globally, the Galaxy XR headset is expected to launch soon afterwards, though any specific date isn't mentioned. Additionally, the report suggests that fans can expect more teaser videos and prototypes of the headset at the upcoming Unpacked event for the Galaxy Z Fold7 and Flip7. The report also spills some details about the specifications of the Galaxy XR headset. Under the hood, it could run on Qualcomm's new XR2+ Gen 2 chip, made using Samsung's 4nm process. Samsung is also expected to introduce tight integration with its Galaxy ecosystem to offer a connected experience. It will be interesting to see how Samsung holds up against the likes of Meta, which already dominates the XR market, while Apple struggles with high Vision Pro prices.
    • I've put it behind a login for the time being.  I had something like 600,000 requests from just from Alibaba IP addresses that didn't clarify they were bots or scrapers, and so not easy to block using user agent filtering.  I didn't have any issues with bandwidth or accessibility, but that's 600,000 requests just from one cloud provider made to my spinning rust hard drives, that I have to personally pay for when they die, by bots being ran by corrupt mega corporations ignoring my polite requests that they not scrape me and that the information only be accessed by real humans. If any of y'all here were actually using my Kiwix mirror, I have no issue whatsoever creating a username and password for you, just hit me up using one of the methods listed on my personal site and I'll make one for you. https://marcusadams.me
  • Recent Achievements

    • Week One Done
      vivetool earned a badge
      Week One Done
    • Reacting Well
      pnajbar earned a badge
      Reacting Well
    • Week One Done
      TBithoney earned a badge
      Week One Done
    • First Post
      xuxlix earned a badge
      First Post
    • First Post
      Tomek Święcicki earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      672
    2. 2
      ATLien_0
      287
    3. 3
      Michael Scrip
      223
    4. 4
      +FloatingFatMan
      195
    5. 5
      Steven P.
      143
  • Tell a friend

    Love Neowin? Tell a friend!