Non-Domain User access File Share on a Domain Computer


Recommended Posts

I have a Windows 2003 Server, Standard Edition (SP1) running Active Directory which is the only server in the network.

I also have a Windows XP Professional (SP2) client that is a Domain Member, which has a Local User ("Non-Domain User").

I need the Local User on the Windows XP client to have access a file share on the Windows 2003 server. When the Local User tried to connect to the server, they are prompted for a username/password of a Domain User to get access.

I have tried setting the Sharing permissions on the shared folder to allow access to Guests, Domain Guests, Domain Computers, Everyone and ANONYMOUS LOGON. I have also set those groups File System permissions to compliment the Share Permissions.

No luck. I think that the reason why that didn't work is because the Server is prompting for Authentication before it even lists the available File Shares, not after I try to access the Shared Folder that I'm trying to share, therefore the permissions of the individual file shares make no difference.

I would prefer to do this with a seemless method that doesn't not require the Local User to save a password in the Passwords List or have to Add new Domain Accounts to the server.

All help recieved will be appriciated.

Thanks,

Quick Reply

Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

  Quick Reply said:
Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

586019444[/snapback]

Lets say you have the following share: \\TESTSERVER\testshare1

Now create an AD user (for instance testshare1_user), and give it the necessary NTFS permissions on Testshare1.

Now if anyone wants to connect to this share, go to \\TESTSERVER\testshare1 and they will be prompted for username/password.

They will have to use as username domainname\testshare1_user and its correct password.

The trick is to add your domainname followed by a backslash before entering the username. That way, the computer who tries to access your testshare1 knows that the credentials for accessing this share are on the domain controller. Otherwise the computer tries to find these credentials on the local computer where they don't exist off course.

This way you create an AD user for each share you want to make accessible for non-domain PCs. And they always connect to \\TESTSERVER\sharename with username DOMAINNAME\USERNAME and it's correct password.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

This is not correct, you can connect to domain resources from any computer. You only need a domain username and password.

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

ChocIST

586020903[/snapback]

Well, that's what I said right? Just make sure that user has rights on the share. And take into account that you need to logon with domain\username and not just with username.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

  Komakino[BE] said:
The trick is to add your domainname followed by a backslash before entering the username.

586020611[/snapback]

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

586020903[/snapback]

The computer is already part of the domain, just not the user.

I have been using the backslash when entering usernames.

The problem is that the end users that I am dealing with can not cope with change and already struggle with their basic skills to do basic tasks.

What's mor eis that when I enter the username/password of the Domain User when connecting to a Domain Resource, The password isn't saved after being rebooted.

And also, I need to share a printer after I get the File Shares working. And a username/password for a file share hasn't been entered between logging on and trying to print something, the printing job will fail and NOT prompt for a username/password due to some bug in Windows XP that doesn't ask for it when it should. There is no way I can think of to get the users to deal with that when they just want to print a word document.

Thanks for the workarounds, but they don't work very well, I just want a server-side solution. :woot:

Dude - why exactly is this not a domain user? You state the machine is a member, you want to give access to some share's to this user, plus printer(s)..

Why would this user NOT be using a domain account?

All of your issues go way - just have the user log into the domain.. All your problems solved! The user does NOT have to be member of domain users, so they could be limited to only access specific shares, etc. They could be give whatever permissions they need on the local machine, etc.. etc..

For the life me I can not see why you would NOT have this user log in with domain account??

Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down? The Domain Server itself is still under testing and constant reconfiguration, if the server needs to have AD reinstalled, nobody would be able to log on until I set everything up again and rejoin each laptop to the domain. The test machine is only a member of the domain for testing, when I set the laptops up, they arn't going to be domain members.

Surely there is a Group Policy or Security Policy seting that I can make, simular to "Let Everyone permissions apply for ANONYMOUS LOGON" which doesn't seem to work.

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down?

586028525[/snapback]

So long as the user has logged into that machine while it was connected to the domain, they can log into that machine while it is not connected to the domain.

Basically that user just needs a profile folder in the Documents and Settings folder.

  Quick Reply said:
when I set the laptops up, they arn't going to be domain members.

586028525[/snapback]

Why? What is the point of your domain then?? If your not going to have any members?

Your laptops will login from cache, if they are not on the network - or DC is not available.. So will every other machince - unless you have turned disabled login from cache..

As to access to ANON or ANYONE - as already stated, turn on the guest account.. This is its purpose..

Another method to map a drive without the user having to do anything.. since your saying /savecred is not working, would be to create a simple batch file.. put it on the computer to run when they login

NET USE *\\computername\sharename /user:domainname\username password

Or give them an shortcut to it on their desktop.. click and they have access to whatever share they need with whatever account they need to use, etc..

But if your going to have all your laptops as local accounts - what exactly is the POINT of your domain? Peer to Peer network with a 2k3 box in the middle is what you have ;)

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about

586028525[/snapback]

Uh, every laptop user that I have in the domain works 4 days or more away from the office. Not one of them has complained that they can't log on to their laptop using their domain accounts.

To solve your problem, create a user called user1 and give it a password of password.

Give this user full access to the share.

Instruct the users to Start, Run, \\server\share. They will be be asked for a username and password.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • No mention of the new Apple TV 8K?
    • I really hate it that I can't access the historical changes in my notes and if I accidentally delete large portions of the text which happens more often than not, sometimes, there's no recovering. There should always be a way to go backwards in time, simply because we have iCloud. And why is there no normal export capability? There should be a historical-change-back up and export capability.
    • SeaMonkey 2.53.21 by Razvan Serea The SeaMonkey project is a community effort to develop the SeaMonkey all-in-one internet application suite. Such a software suite was previously made popular by Netscape and Mozilla, and the SeaMonkey project continues to develop and deliver high-quality updates to this concept. Containing an Internet browser, email & newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools, SeaMonkey is sure to appeal to advanced users, web developers and corporate users. Under the hood, SeaMonkey uses much of the same Mozilla source code which powers such successful siblings as Firefox, Thunderbird, Camino, Sunbird and Miro. Legal backing is provided by the Mozilla Foundation. SeaMonkey 2.53.21 changelog: Unable to load JSON Bookmarks file, Open/Cancel do the same thing bug 1940204. Move replaceVars helper into menu-manager.js for cZ bug 1937379. Remove dumpObject helper from utils.js in cZ bug 1937380. Remove toOpenWindowByType helper from utils.js in cZ bug 1937382. Fix makeLogName helper to not encode twice in prefs.js in cZ bug 1937387. Remove use of escapeFileName helper and tidy up pref_mungeName helper in cZ bug 1937395. Add helper to file-utils.js for ensuring an nsIFile is returned in cZ bug 1937397. Remove unused http.js file from cZ bug 1937890. Remove unused IRC tests from static.js in cZ bug 1937896. Switch from deprecated escape/unescape in cZ bug 1938933. Tidy up use of prefBranch outside of pref-manager in cZ bug 1938935. Make use of pref fallbacks in pref-manager in cZ bug 1938937. Remove unused edit context menu from cZ bug 1939929. Use XPCOMUtils.generateQI in connection-xpcom in cZ bug 1939930. Merge menus.xul, popups.xul and scripts.xul into chatzilla.xul bug 1939958. Make use of toSOutputStream and toSInputStream helpers in DCC code in cZ bug 1939965. Stop hard-coding commandkey for reloadui in cZ bug 1939968. Use suite's FillInHTMLTooltip helper instead of having own version in cZ bug 1939969. Split custom-away from other away/back commands in cZ bug 1942655. Remove ChatZilla Homepage link from Help menu and about command in cZ bug 1942916. Re-arrange toolbar menus in cZ bug 1943783. Remove ChatZilla Homepage link from about and prefs dialogs in cZ bug 1943844. Use custom controller for userlist and tidy up some controller use in cZ bug 1945325. Make use of observes for show/hide elements in cZ bug 1945378. Don't dynamically create focus-input key element in cZ bug 1947028. Remove unused toolbar creation code in cZ bug 1947030. Remove unused updateMenus code from cZ bug 1947031. Clean up whitespaces in cZ package manifest bug 1947040. Remove unused uninstallKeys code from cZ bug 1950002. Use node.remove(), especially instead of node.parentNode.removeChild(node) in cZ bug 1951250. Remove __cz_condition from cZ bug 1951253. Remove outputWindowURL pref from cZ bug 1951256. Remove unused JS tests in cZ bug 1951297. Use includes, startsWith and endsWith instead of indexOf and substr in cZ bug 1951302. Use {} and [] instead of new Object() and new Array() in cZ bug 1951303. Fixup function naming for lint in cZ bug 1955141. Fixup method naming for lint in cZ bug 1955767. Remove old Mozilla 1.0 code from updateAppMotif in cZ bug 1955771. Use throw Components.Exception in cZ bug 1955774. Migrate output-window from HTML to XHTML to make localisation more standard in cZ bug 1955825. Merge munger.js into mungers.js in cZ bug 1956373. Remove unused tagName from mungers.js in cZ bug 1956374. Flatten directory structure in cZ bug 1956375. Tidy up about dialog page in cZ bug 1956376. Add helper to commands.js for sending CTCP commands in cZ bug 1956377. Migrate to standard menus for menu toolbar in cZ bug 1957763. Install plugin dialog broken in cZ bug 1961599. cZ change nick menu not working bug 1962112. Away status isn't reflected correctly in all channels in cZ bug 1962234. Fix dark motif userlist in cZ bug 1967072. SeaMonkey Composer adds moz-do-not-send attribute for links and images bug 1827146. Use menu_Toolbars overlay for navigatorOverlay and console bug 1945335. Remove defunct 2.53 prerelease builds from debugQA extension bug 1947043. Handling of MOZ_LANGPACK_CONTRIBUTORS in defines.inc files should be less custom bug 1951101. Control + U shortcut for underlined text is not working bug 1872514. Context menu search (with default search engine) does not work in the content area of a message compose or SM-Composer window bug 1062092. The following bugs were fixed in our branch of the Gecko source code only: on FreeBSD sqlite3 fails to link for missing math functions bug 1944954. Expand init.configure to use version_package.txt to set MOZ_PKG_VERSION bug 1952757. Change supported msvc Compilers for SeaMonkey 2.53 bug 1954176. SeaMonkey 2.53.21 contains (among other changes) the following major changes relative to SeaMonkey 2.49.5: The Bookmarks Manager has switched its name to Library, and now also includes the History list. When History is invoked, the Library will be shown with the History list selected. The extensive modifications were needed because of Mozilla Gecko platform API changes. Download Manager has been migrated to a new API. Although it looks pretty much the same as before, the search option is missing and some other minor details work differently. The previous downloads history is removed during the upgrade. The layout panel was added to the CSS Grid tools. TLS 1.3 is the default SSL version now. Support for all NPAPI plugins like Flash, Java and Silverlight has been removed. For displaying pdf files in the browser you can use pdf.js-seamonkey from Isaac Schemm. SeaMonkey now uses a new api for formatting regional data like time and date. Default is to use the application locale of the current SeaMonkey build. If you use a language pack or a different OS formatting this is usually not desired. You can change the formatting from the application locale to the regional settings locale (OS) in the preferences dialog under "Appearance". SeaMonkey 2.53.21 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. Download: SeaMonkey 64-bit | Portable SeaMonkey 64-bit ~60.0 MB (Freeware) Download: SeaMonkey 32-bit | Portable SeaMonkey 32-bit View: SeaMonkey Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • It doesn't work for the view, but the music gets me every time:  
  • Recent Achievements

    • First Post
      Uranus_enjoyer earned a badge
      First Post
    • Week One Done
      Uranus_enjoyer earned a badge
      Week One Done
    • Week One Done
      jfam earned a badge
      Week One Done
    • First Post
      survivor303 earned a badge
      First Post
    • Week One Done
      CHUNWEI earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      428
    2. 2
      +FloatingFatMan
      207
    3. 3
      snowy owl
      194
    4. 4
      ATLien_0
      191
    5. 5
      Xenon
      141
  • Tell a friend

    Love Neowin? Tell a friend!