Non-Domain User access File Share on a Domain Computer


Recommended Posts

I have a Windows 2003 Server, Standard Edition (SP1) running Active Directory which is the only server in the network.

I also have a Windows XP Professional (SP2) client that is a Domain Member, which has a Local User ("Non-Domain User").

I need the Local User on the Windows XP client to have access a file share on the Windows 2003 server. When the Local User tried to connect to the server, they are prompted for a username/password of a Domain User to get access.

I have tried setting the Sharing permissions on the shared folder to allow access to Guests, Domain Guests, Domain Computers, Everyone and ANONYMOUS LOGON. I have also set those groups File System permissions to compliment the Share Permissions.

No luck. I think that the reason why that didn't work is because the Server is prompting for Authentication before it even lists the available File Shares, not after I try to access the Shared Folder that I'm trying to share, therefore the permissions of the individual file shares make no difference.

I would prefer to do this with a seemless method that doesn't not require the Local User to save a password in the Passwords List or have to Add new Domain Accounts to the server.

All help recieved will be appriciated.

Thanks,

Quick Reply

Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

  Quick Reply said:
Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

586019444[/snapback]

Lets say you have the following share: \\TESTSERVER\testshare1

Now create an AD user (for instance testshare1_user), and give it the necessary NTFS permissions on Testshare1.

Now if anyone wants to connect to this share, go to \\TESTSERVER\testshare1 and they will be prompted for username/password.

They will have to use as username domainname\testshare1_user and its correct password.

The trick is to add your domainname followed by a backslash before entering the username. That way, the computer who tries to access your testshare1 knows that the credentials for accessing this share are on the domain controller. Otherwise the computer tries to find these credentials on the local computer where they don't exist off course.

This way you create an AD user for each share you want to make accessible for non-domain PCs. And they always connect to \\TESTSERVER\sharename with username DOMAINNAME\USERNAME and it's correct password.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

This is not correct, you can connect to domain resources from any computer. You only need a domain username and password.

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

ChocIST

586020903[/snapback]

Well, that's what I said right? Just make sure that user has rights on the share. And take into account that you need to logon with domain\username and not just with username.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

  Komakino[BE] said:
The trick is to add your domainname followed by a backslash before entering the username.

586020611[/snapback]

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

586020903[/snapback]

The computer is already part of the domain, just not the user.

I have been using the backslash when entering usernames.

The problem is that the end users that I am dealing with can not cope with change and already struggle with their basic skills to do basic tasks.

What's mor eis that when I enter the username/password of the Domain User when connecting to a Domain Resource, The password isn't saved after being rebooted.

And also, I need to share a printer after I get the File Shares working. And a username/password for a file share hasn't been entered between logging on and trying to print something, the printing job will fail and NOT prompt for a username/password due to some bug in Windows XP that doesn't ask for it when it should. There is no way I can think of to get the users to deal with that when they just want to print a word document.

Thanks for the workarounds, but they don't work very well, I just want a server-side solution. :woot:

Dude - why exactly is this not a domain user? You state the machine is a member, you want to give access to some share's to this user, plus printer(s)..

Why would this user NOT be using a domain account?

All of your issues go way - just have the user log into the domain.. All your problems solved! The user does NOT have to be member of domain users, so they could be limited to only access specific shares, etc. They could be give whatever permissions they need on the local machine, etc.. etc..

For the life me I can not see why you would NOT have this user log in with domain account??

Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down? The Domain Server itself is still under testing and constant reconfiguration, if the server needs to have AD reinstalled, nobody would be able to log on until I set everything up again and rejoin each laptop to the domain. The test machine is only a member of the domain for testing, when I set the laptops up, they arn't going to be domain members.

Surely there is a Group Policy or Security Policy seting that I can make, simular to "Let Everyone permissions apply for ANONYMOUS LOGON" which doesn't seem to work.

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down?

586028525[/snapback]

So long as the user has logged into that machine while it was connected to the domain, they can log into that machine while it is not connected to the domain.

Basically that user just needs a profile folder in the Documents and Settings folder.

  Quick Reply said:
when I set the laptops up, they arn't going to be domain members.

586028525[/snapback]

Why? What is the point of your domain then?? If your not going to have any members?

Your laptops will login from cache, if they are not on the network - or DC is not available.. So will every other machince - unless you have turned disabled login from cache..

As to access to ANON or ANYONE - as already stated, turn on the guest account.. This is its purpose..

Another method to map a drive without the user having to do anything.. since your saying /savecred is not working, would be to create a simple batch file.. put it on the computer to run when they login

NET USE *\\computername\sharename /user:domainname\username password

Or give them an shortcut to it on their desktop.. click and they have access to whatever share they need with whatever account they need to use, etc..

But if your going to have all your laptops as local accounts - what exactly is the POINT of your domain? Peer to Peer network with a 2k3 box in the middle is what you have ;)

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about

586028525[/snapback]

Uh, every laptop user that I have in the domain works 4 days or more away from the office. Not one of them has complained that they can't log on to their laptop using their domain accounts.

To solve your problem, create a user called user1 and give it a password of password.

Give this user full access to the share.

Instruct the users to Start, Run, \\server\share. They will be be asked for a username and password.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Markdown's creator weighs in on rumored Apple Notes export feature by David Uzondu The rumor mill is churning as we draw closer to WWDC2025, and one of the interesting developments being discussed is a report from 9To5Mac that claimed Apple Notes in iOS 19 iOS 26, will finally get Markdown export capabilities. This caught the attention of many, including the person who actually invented Markdown. John Gruber, the creator of Markdown, shared his thoughts on this potential new feature on his weblog. For those who don't know, Markdown, which Gruber developed back in 2004 with significant input from Aaron Swartz (RIP!), is a lightweight markup language designed for creating formatted text using a plain text editor. Its main advantage is that it is easy to read and easy to write. When the news first broke, some interpretations suggested Apple Notes would gain full Markdown support, transforming it into an application where users could directly type and see Markdown syntax, much like how specialized editors like Obsidian operate. These tools are intended for users to work directly within the Markdown framework for all their note-taking. Gruber himself indicated that he does not believe Apple Notes should become a full-fledged "Markdown editor," even as an option. He stated that such a change would be a "huge mistake." His reasoning is rooted in his original vision for Markdown and his view of Apple Notes' purpose. He reiterated that he initially designed Markdown as a "text-to-HTML conversion tool for web writers" and for contexts requiring plain text file storage. He feels Apple Notes serves a different, valuable role with its current WYSIWYG (What You See Is What You Get) rich text editing. This interface, he argues, is excellent for quickly capturing thoughts, particularly on an iPhone, and aligns with the Macintosh philosophy of user-friendliness. He pointed out that creating a syntactically incorrect markdown is trivial, whereas a malformed note should not be possible with Apple Notes. Despite his reservations about a complete Markdown overhaul for the editing experience, Gruber finds the prospect of exporting notes in Markdown format very appealing. He wrote that this specific capability "sounds awesome." He pointed out, quite rightly, that Apple Notes' current export functions are rather limited, primarily offering PDF and Pages document formats. Adding Markdown export would provide a much more flexible way for users, especially those in the "niche" he identifies with, to move their content out of Notes and into other applications. Gruber did express curiosity about how Apple might handle images embedded in notes during a Markdown export, as image handling can be a tricky aspect of Markdown.
    • What? Every single app I've installed from the Microsoft Store comes from its intended developer and works perfectly fine. What apps do you install?
    • Microsoft Store is such a weird place filled with so much absolute garbage and with reputable apps that somehow come from questionable sources. Like, the app name is known, the images back it up but the publisher is just some weird name that's not mentioned for the apps we know.
    • NTLite 2025.06.10459 is out.
    • Wireshark 4.4.7 by Razvan Serea  Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today. Deep inspection of hundreds of protocols, with more being added all the time Live capture and offline analysis Standard three-pane packet browser Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility The most powerful display filters in the industry Rich VoIP analysis Read/write many different capture file formats Capture files compressed with gzip can be decompressed on the fly Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom) Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2 Coloring rules can be applied to the packet list for quick, intuitive analysis Output can be exported to XML, PostScript®, CSV, or plain text Wireshark 4.4.7 changelog: The following vulnerabilities have been fixed wnpa-sec-2025-02 Dissection engine crash. Issue 20509. CVE-2025-5601. The following bugs have been fixed Wireshark does not correctly decode LIN "go to sleep" in TECMP and CMP. Issue 20463. Dissector bug, Protocol CIGI. Issue 20496. Green power packets are not dissected when proto_version == ZBEE_VERSION_GREEN_POWER. Issue 20497. Packet diagrams misalign or drop bitfields. Issue 20507. Corruption when setting heuristic dissector table UI name from Lua. Issue 20523. LDAP dissector incorrectly displays filters with singleton "&" Issue 20527. WebSocket per-message compression extentions: fail to decompress server messages (from the 2nd) due to parameter handling. Issue 20531. The LL_PERIODIC_SYNC_WR_IND packet is not properly dissected (packet-btle.c) Issue 20554. Updated Protocol Support AT, BT LE LL, CIGI, genl, LDAP, LIN, Logcat Text, net_dm, netfilter, nvme, SSH, TCPCL, TLS, WebSocket, ZigBee, and ZigBee ZCL Download: Wireshark 4.4.7 | 83.2 MB (Open Source) Download: Portable Wireshark 4.4.7 | ARM64 Installer View: Wireshark Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Week One Done
      CHUNWEI earned a badge
      Week One Done
    • One Year In
      survivor303 earned a badge
      One Year In
    • Week One Done
      jbatch earned a badge
      Week One Done
    • First Post
      Yianis earned a badge
      First Post
    • Rookie
      GTRoberts went up a rank
      Rookie
  • Popular Contributors

    1. 1
      +primortal
      419
    2. 2
      snowy owl
      183
    3. 3
      +FloatingFatMan
      182
    4. 4
      ATLien_0
      176
    5. 5
      Xenon
      139
  • Tell a friend

    Love Neowin? Tell a friend!