Share via

Domain file share with anonymous access

Michael Kibbe 16 Reputation points
2021-06-23T07:59:40.57+00:00

I'm trying to make an anonymous share on a domain joined server (NOT the DC). But I need the share on that domain to allow anonymous access. This is a home / lab environment and it will NOT be exposed to the internet.

I've tried the following:
https://social.msdn.microsoft.com/Forums/en-US/4b5e4b6c-da4e-440a-8286-4f2315684a35/share-permissions?forum=winservergen
but had no luck.

Anyone got any ideas?

Windows for business Windows Server User experience Other
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-06-24T01:59:57.047+00:00

    Hi,
    I did a test in my lab, after configured the following settings, the folder can be accessed by the anonymous access.

    1,On the shared folder, configure the share permission and NTFS permission with everyone has the read permission.
    108802-image.png

    2,Also make sure that network folder sharing is enabled in Windows ( Settings -> Network & Internet -> Ethernet -> Change advanced sharing options). In All Networks section, select the options Turn on sharing so anyone with network access can read and write files in the Public folders and Turn off password protected sharing if you trust all devices in your network
    108749-image.png

    3,Group policy,configure the following policies:
    Open the Local Group Policy Editor (gpedit.msc) on a server/computer, which you want to enable anonymous access to.

    Go to the following GPO section: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Configure the following policies:

    Accounts: Guest Account Status: Enabled
    Network access: Let Everyone permissions apply to anonymous users: Enabled
    Network access: Do not allow anonymous enumeration of SAM accounts and shares: Disabled
    Network access: Shares that can be accessed anonymous. Specify the shared folder names you want to enable anonymous access to.
    108774-image.png
    108803-image.png

    4,Computer Configuration -> Windows Settings -> Security Settings> Local Policies -> User Rights Assignment.
    Deny log on locally policy: Make sure that the Guest account is specified in the Deny log on locally policy .
    Deny access to this computer from the network policy should not have Guest as the value.
    108750-image.png

    Best Regards,

    1 person found this answer helpful.
    0 comments
  2. Michael Kibbe 16 Reputation points
    2021-06-24T16:35:50.623+00:00

    Thank you FanFan-MSFT for the very detailed answer.

    But I'm still getting asked for authentication creditials.

  3. Michael Kibbe 16 Reputation points
    2021-06-25T18:42:43.86+00:00

    The policies were applied (after shut down and turn on, went back in to check and they were still there).
    Tried to connect from a non-domain attached computer while logged in with a local userid.

    0 comments
  4. Michael Kibbe 16 Reputation points
    2021-06-25T19:38:23+00:00

    I tried this on a non-domain attached server (just in workgroup) and it worked flawlessly.

  5. Stijn Callebaut 0 Reputation points
    2024-06-24T14:02:51.9066667+00:00

    Did you ever get this working?

    Have the same issue with a domain-joined server 2022 and non-domain-joined clients.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.