Share via

Network access: Sharing and security model for local accounts

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Network access: Sharing and security model for local accounts


This security setting determines how network logons using local accounts are authenticated. If this setting is set to Classic, network logons that use local account credentials authenticate by using those credentials. If this setting is set to Guest only, network logons that use local accounts are automatically mapped to the Guest account. The Classic model allows fine control over access to resources. By using the Classic model, you can grant different types of access to different users for the same resource. By using the Guest only model, you can have all users treated equally. All users authenticate as Guest, and they all receive the same level of access to a given resource, which can be either Read Only or Modify.

There are two models available:

  • Classic: Local users authenticate as themselves.

  • Guest only: Local users authenticate as Guest.

Default: Guest only on Windows XP Professional. Classic on the Windows Server 2003 family and Windows XP Professional computers joined to a domain.


  • With the Guest only model, any user who can access your computer over the network (including anonymous Internet users) can access your shared resources. You must use the Internet Connection Firewall (ICF), Windows Firewall, or other similar device to protect your computer from unauthorized access. Similarly, with the Classic model, local accounts must be password protected; otherwise, those user accounts can be used by anyone to access shared system resources.

  • This setting only affects computers running Windows XP Professional which are not joined to a domain.

  • This policy will have no impact on computers running Windows 2000.

  • Windows Firewall is not included in the original release of Windows Server 2003. Internet Connection Firewall is included only in the original release of Windows Server 2003, Standard Edition and the original release of the 32-bit version of Windows Server 2003, Enterprise Edition.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.


  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

  • This setting does not affect interactive logons that are performed remotely by using such services as Telnet or Terminal Services.

  • When the computer is not joined to a domain, this setting also modifies the Sharing and Security tabs in the Windows Explorer to correspond to the sharing and security model that is being used.

For more information, see: