Non-Domain User access File Share on a Domain Computer


Recommended Posts

I have a Windows 2003 Server, Standard Edition (SP1) running Active Directory which is the only server in the network.

I also have a Windows XP Professional (SP2) client that is a Domain Member, which has a Local User ("Non-Domain User").

I need the Local User on the Windows XP client to have access a file share on the Windows 2003 server. When the Local User tried to connect to the server, they are prompted for a username/password of a Domain User to get access.

I have tried setting the Sharing permissions on the shared folder to allow access to Guests, Domain Guests, Domain Computers, Everyone and ANONYMOUS LOGON. I have also set those groups File System permissions to compliment the Share Permissions.

No luck. I think that the reason why that didn't work is because the Server is prompting for Authentication before it even lists the available File Shares, not after I try to access the Shared Folder that I'm trying to share, therefore the permissions of the individual file shares make no difference.

I would prefer to do this with a seemless method that doesn't not require the Local User to save a password in the Passwords List or have to Add new Domain Accounts to the server.

All help recieved will be appriciated.

Thanks,

Quick Reply

Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

  Quick Reply said:
Hmm sounds like a good workaround, I could set up a new Domain User that only has permissions to access the file share. I'll see how it goes.

If there are a way to configure the server permissions itself than I would prefer that... I'm only doing this on one Test Machine now, but soon I will roll out access to the file shares across the whole network, and I don't have access to all of the machines (Some workers have their own laptops). The users themselves would have to set this up which could be trouble.

586019444[/snapback]

Lets say you have the following share: \\TESTSERVER\testshare1

Now create an AD user (for instance testshare1_user), and give it the necessary NTFS permissions on Testshare1.

Now if anyone wants to connect to this share, go to \\TESTSERVER\testshare1 and they will be prompted for username/password.

They will have to use as username domainname\testshare1_user and its correct password.

The trick is to add your domainname followed by a backslash before entering the username. That way, the computer who tries to access your testshare1 knows that the credentials for accessing this share are on the domain controller. Otherwise the computer tries to find these credentials on the local computer where they don't exist off course.

This way you create an AD user for each share you want to make accessible for non-domain PCs. And they always connect to \\TESTSERVER\sharename with username DOMAINNAME\USERNAME and it's correct password.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

This is not correct, you can connect to domain resources from any computer. You only need a domain username and password.

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

ChocIST

586020903[/snapback]

Well, that's what I said right? Just make sure that user has rights on the share. And take into account that you need to logon with domain\username and not just with username.

  MazX_Napalm said:
Computer needs to be part of the domain, even though it doesn't log on to the domain.

586019644[/snapback]

  Komakino[BE] said:
The trick is to add your domainname followed by a backslash before entering the username.

586020611[/snapback]

  ChocIST said:
Why cant you just enter a valid UN and PW for the domain to access it?

586020903[/snapback]

The computer is already part of the domain, just not the user.

I have been using the backslash when entering usernames.

The problem is that the end users that I am dealing with can not cope with change and already struggle with their basic skills to do basic tasks.

What's mor eis that when I enter the username/password of the Domain User when connecting to a Domain Resource, The password isn't saved after being rebooted.

And also, I need to share a printer after I get the File Shares working. And a username/password for a file share hasn't been entered between logging on and trying to print something, the printing job will fail and NOT prompt for a username/password due to some bug in Windows XP that doesn't ask for it when it should. There is no way I can think of to get the users to deal with that when they just want to print a word document.

Thanks for the workarounds, but they don't work very well, I just want a server-side solution. :woot:

Dude - why exactly is this not a domain user? You state the machine is a member, you want to give access to some share's to this user, plus printer(s)..

Why would this user NOT be using a domain account?

All of your issues go way - just have the user log into the domain.. All your problems solved! The user does NOT have to be member of domain users, so they could be limited to only access specific shares, etc. They could be give whatever permissions they need on the local machine, etc.. etc..

For the life me I can not see why you would NOT have this user log in with domain account??

Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down? The Domain Server itself is still under testing and constant reconfiguration, if the server needs to have AD reinstalled, nobody would be able to log on until I set everything up again and rejoin each laptop to the domain. The test machine is only a member of the domain for testing, when I set the laptops up, they arn't going to be domain members.

Surely there is a Group Policy or Security Policy seting that I can make, simular to "Let Everyone permissions apply for ANONYMOUS LOGON" which doesn't seem to work.

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about, not connected to the network, or the domain server were to go down?

586028525[/snapback]

So long as the user has logged into that machine while it was connected to the domain, they can log into that machine while it is not connected to the domain.

Basically that user just needs a profile folder in the Documents and Settings folder.

  Quick Reply said:
when I set the laptops up, they arn't going to be domain members.

586028525[/snapback]

Why? What is the point of your domain then?? If your not going to have any members?

Your laptops will login from cache, if they are not on the network - or DC is not available.. So will every other machince - unless you have turned disabled login from cache..

As to access to ANON or ANYONE - as already stated, turn on the guest account.. This is its purpose..

Another method to map a drive without the user having to do anything.. since your saying /savecred is not working, would be to create a simple batch file.. put it on the computer to run when they login

NET USE *\\computername\sharename /user:domainname\username password

Or give them an shortcut to it on their desktop.. click and they have access to whatever share they need with whatever account they need to use, etc..

But if your going to have all your laptops as local accounts - what exactly is the POINT of your domain? Peer to Peer network with a 2k3 box in the middle is what you have ;)

  Quick Reply said:
Most of the computers I want to allow shares to are laptops, How are the users supposed to log in if they are out and about

586028525[/snapback]

Uh, every laptop user that I have in the domain works 4 days or more away from the office. Not one of them has complained that they can't log on to their laptop using their domain accounts.

To solve your problem, create a user called user1 and give it a password of password.

Give this user full access to the share.

Instruct the users to Start, Run, \\server\share. They will be be asked for a username and password.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Amazon lays off more staff across Goodreads and Kindle divisions by Hamid Ganji Dozens of Amazon employees working on the retailer's book divisions have been laid off. As reported by Reuters, Amazon confirmed that it's cutting jobs across the Goodreads review site and Kindle units, which impacts fewer than 100 workers. Amazon says the recent layoffs across Goodreads and Kindle divisions are meant to improve efficiency and streamline operations. The giant retailer has constantly reduced staff across various divisions over the past few years. According to CEO Andy Jassy, reducing headcounts helps the company to eliminate bureaucracy. "As part of our ongoing work to make our teams and programs operate more efficiently and to better align with our business roadmap, we've made the difficult decision to eliminate a small number of roles within the Books organization," an Amazon spokesperson said. Layoffs recently impacted employees in Amazon's Wondery podcast division, devices and services units, communications, and in-store staff. However, Amazon's Q1 results show the retailer has added about 4,000 jobs compared to Q4 2024. After the Covid pandemic settled down, many companies began laying off thousands of staff they hired during the pandemic to respond to growing demands. The layoff trend among tech firms still exists today, and AI has amplified it. The latest data shows that in 2025, about 62,832 tech employees were laid off across 141 tech companies. Also, 152,922 tech employees across 551 companies were laid off in 2024. More layoffs are expected to occur due to declining economic growth, tariffs, and the expansion of AI across companies. Amazon is also gearing up to double down in AI investments and robotics. The company has recently announced the forming of a new agentic AI team to develop an agentic AI framework for use in robotics. Also, a new report by The Information indicates that Amazon has begun testing humanoid robots for package delivery.
    • Major Privacy 0.98.1.1 Beta by Razvan Serea MajorPrivacy is a cutting-edge privacy and security tool for Windows, offering unparalleled control over process behavior, file access, and network communication. It is a continuation of the PrivateWin10 project. By leveraging advanced kernel-level protections, MajorPrivacy creates a secure environment where user data and system integrity are fully safeguarded. Unlike traditional tools, MajorPrivacy introduces innovative protection methods that ensure mounted encrypted volumes are only accessible by authorized applications, making it the first and only encryption solution of its kind. MajorPrivacy – Ultimate Privacy & Security for Windows key features Process Protection – Isolate processes to block interference from unauthorized apps, even with admin privileges. Software Restriction – Block unwanted apps and DLLs to ensure only trusted software runs. Revolutionary Encrypted Volumes Secure Storage – Create encrypted disk images for sensitive data. Exclusive Access – Unlike traditional tools, only authorized apps can access mounted volumes—blocking all unauthorized processes. File & Folder Protection – Lock down sensitive files and prevent unauthorized access or modifications. Advanced Network Firewall – Control which apps can send or receive data online. DNS Monitoring & Filtering – Track domain access and block unwanted sites (Pi-hole compatible filtering coming soon). Tweak Engine – Disable telemetry, cloud integration, and invasive Windows features for better privacy. Why MajorPrivacy? Kernel-Level Security – Protects at the deepest system level. Unmatched Encryption Protection – Keeps mounted volumes safe from all unauthorized access. Full System Control – Block, isolate, or restrict processes as needed. Enhanced Privacy – Stops Windows & apps from collecting unnecessary data. Perfect for privacy-conscious users, IT pros, and anyone who wants total system control. Major Privacy 0.98.1.1 Beta changelog: The 0.98.1 release of MajorPrivacy introduces significant enhancements and a number of critical fixes aimed at improving usability, localization, and system integration. A major new feature is the introduction of full translation support, allowing the application interface and tweaks to be localized into multiple languages. Initial translations include AI-assisted German and Polish versions, a community-contributed Turkish translation, and Simplified Chinese. Users interested in contributing translations or adding new languages are encouraged to participate via the forum. This version also improves compatibility and deployment by bundling the Microsoft Visual C++ Redistributable with the installer, which is required for the ImDisk user interface. Several important bugs have been resolved. The installer now correctly removes the driver during uninstallation. Tweak definitions have been cleaned up for better consistency. A number of networking issues were addressed, including failures related to network shares and incorrect handling of mapped drive letters. It is now required to use full UNC paths for defining rules involving shared resources. Additionally, configuration persistence issues on system shutdown have been fixed, as well as problems affecting protected folder visibility and rule precedence involving enclave conditions. Finally, the underlying driver code has been refactored, laying the groundwork for better maintainability and future enhancements. MajorPrivacy-v0.98.1.1.exe (0.98.1a) hotfix for #71 Download: Major Privacy 0.98.1.1 Beta | 47.4 MB (Open Source) View: MajorPrivacy Home Page | Github Project page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • OpenAI responds to The New York Times' ChatGPT data demands by Pradeep Viswanathan The New York Times has sued OpenAI for the unauthorized use of its news articles to train large language models. As part of the ongoing lawsuit, the NYT recently asked the court to require OpenAI to retain all ChatGPT user content indefinitely. The NYT's argument is that they may find something in the data that supports their case. Brad Lightcap, COO of OpenAI, wrote the following regarding the NYT's sweeping demand: OpenAI has already filed a motion asking the Magistrate Judge to reconsider the preservation order, since indefinite retention of user data breaches industry norms and its own policies. Additionally, OpenAI has also appealed this order with the District Court Judge. Until OpenAI wins its appeal, it will be complying with the court order. The content defined by the court order will be stored separately in a secure system and will be accessed or used only for meeting legal obligations. Only a small, audited OpenAI legal and security team will be able to access this data as necessary to comply with our legal obligations. As of early 2025, ChatGPT has over 400 million weekly active users, and this data retention order will affect a significant number of them. OpenAI confirmed that ChatGPT Free, Plus, Pro, and Teams subscription users, and developers who use the OpenAI API (without a Zero Data Retention agreement) will be affected by this order. ChatGPT Enterprise, ChatGPT Edu, and API customers who are using Zero Data Retention endpoints will not be affected by this court change.
  • Recent Achievements

    • First Post
      Uranus_enjoyer earned a badge
      First Post
    • Week One Done
      Uranus_enjoyer earned a badge
      Week One Done
    • Week One Done
      jfam earned a badge
      Week One Done
    • First Post
      survivor303 earned a badge
      First Post
    • Week One Done
      CHUNWEI earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      428
    2. 2
      +FloatingFatMan
      239
    3. 3
      ATLien_0
      212
    4. 4
      snowy owl
      211
    5. 5
      Xenon
      157
  • Tell a friend

    Love Neowin? Tell a friend!