7,023 questions
we have solved the issue in the meantime, by removing the "$" in the path to the shared folder which was preventing access from outside the domain.
Connecting to a network share from non-domain device
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 68%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Jakub
46
Reputation points
Hi,
we are struggling with a specific task of accessing a shared network drive from a BYOD device that isn´t in our local domain (and won´t be in the mid-term future at least). The setup is prepared as follows:
- The laptops, although not conencted to our domain, have access to a local VLAN that enables visibility to to the domain controller for user authentication, using SMB2 etc.
- Essentially, while attempting to connect the drive, it asks for the username and password but then cannot map the drive (or when mapped already, returns the usual error "network path was not found")
- What we already know is, that for some reason, the laptop is pushing the local user account to the domain for authentication which obviously cannot work but we haven´t been able to figure out why. We tried modifying several policies, registry settings (Network, Security, NTLM etc.) but no luck.
- However, it does work over VPN
- While disconnecting the VPN, access to the drive is immediately lost.
- to specify, while connected to the local WLAN / VLAN only, it is possible to open the root of the fileserver using IP (DNS cannot work) but it´s not possilbe to go any deeper, that is to open the "CustomerName" folder as outlined: "\10.100.100.10\CustomerName\DriveName"
- While disconnecting the VPN, access to the drive is immediately lost.
- I had limited success using the "New-PSDrive" PS - the drive miraculously connected for a while but while testing after reboot, we haven´t been able to replicate it since, even after deleting all credentials and so on.
- the classic "net use" doesn´t work, no matter how we specify the credentials to be used (domain\name...), it always pushes the local account to the DC and fails to authenticate.
Of course we cannot enable the access to "Everyone" or something like that, it would be a ridiculous security breach so the authentication must stay active (nor can we demote the transfer protocol security...)
There are some topics to this online but none of them offers a solution, except for the VPN or domain connection... If all fails, we will most likely try to modify our user VPN client to dial in automatically but it might not be possible due to other compatibility and configuration issues that stem from what the customer devices already contain and cannot simply get rid off.
Summary: To enable the correct locally stored domain credendtials to be pushed to the DC over a company VLAN, bypassing the incorrect local non-domain credentials.
Thank you for any ideas
Jakub
Windows for business | Windows Client for IT Pros | Directory services | Active Directory