Share via

access DFS root from workgroup client

Walter Wodzien 1 Reputation point
2021-05-05T20:28:25.53+00:00

are there any tricks to access domain DFS root from a workgroup computer (ie use case being AAD joined machine talking to domain DFS), using \domain\dfsroot path? the issue is with dfsroot component (i can trick the DNS resolution but not sure how to get the client to "resolve" dfsroot)

Windows for business | Windows Server | User experience | Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Leon Laude 86,026 Reputation points
    2021-05-05T20:44:39.54+00:00

    Hi @Walter Wodzien ,

    In order to access a DFS namespace your server will have to be either part of the domain or in a domain that has a trust relationship with the domain the DFS namespace is in.

    Here's a similar thread:
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/c3214a4c-8088-446c-ba4d-643d5baf87cc/how-to-access-dfs-namespace-from-a-standalone-windows-2003-server?forum=winservergen

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Best regards,
    Leon

    0 comments
  2. Anonymous
    2021-05-06T08:24:50.687+00:00

    Hi,

    Thanks for posting in Q&A platform.

    I have tested in my lab and workgroup client can access the DFS Root successfully.

    As a workaround, you can access DFS Root from non-domain joined computer via the following detailed steps.

    From target server side:

    A. Enable guest account in the control panel – user accounts. Please do not setup a guest password.

    B. Locate to the registry [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA], please configure the value of restrictanonymous is 0 and forceguest is 1, and then reboot the server.

    94343-image.png

    C. Open Local Group Policy Editor and locate to the following policies:

    Computer Configuration->Windows Settings->Security Settings->Local Policies->User Right Assignment->Access this computer from the network, please ensure Everyone group was listed here

    94335-image.png

    Computer Configuration->Windows Settings->Security Settings->Local Policies->User Right Assignment->Deny access to this computer from the network, please ensure “Guests ” and “Anonymous Logon” group were not listed here

    94351-image.png

    Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options->Network access: Let Everyone permissions apply to anonymous users->Enable

    94337-image.png

    D. Configure the NTFS permission and share permission in the properties of shared folder on target server for Everyone group:

    94249-image.png 94308-image.png 94391-image.png

    From the non-domain joined computer side, add the DNS suffix for this client with the specific domain name.

    94299-image.png

    And now we can access the DFS root from the non-domain joined computer:

    94269-image.png

    And here is a similar thread discussed before, you could also try the method in this thread:

    Access to DFS Namespace Target from Non-Domain Member Client Computer

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Walter Wodzien 1 Reputation point
    2021-05-06T13:41:41.11+00:00

    @Anonymous , thank you kindly for your extended response. However, how does a Windows computer in a workgroup get to "resolve" the dfsroot part of the namespace (ie \domain\dfsroot\folder1)?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.