Hi,
II'd like to know if there is any truly working solution for establishing an anonymously accessible file share on Windows 2008 R2 (SP1) server running Active Directory (domain controller) and File Services.
I've been crunching through all google hits on that issue and seems nobody has gotten it to work unless the Guest Account was enabled (not an option for production domain controllers).
So far I tried all this to no avail, server keeps prompting me for username/password when I try to access such share from non-domain Windows computer:
1) created a folder, e.g. ASHARE and shared it under the name ASHARE$ ($ so it stays hidden from public)
2) assigned both share and ntfs permissions allowing full access to EVERYONE, GUESTS and ANONYMOUS LOGON
3) edit Default Domain Controller GPO to make following changes (under Local Policies Security Options and User Rights Assignment):
-enabled policy "Network access: Shares that can be accessed anonymously" and put "ashare$" on the list
-enabled policy "Network access: Let Everyone permissions apply to anonymous users"
-disabled policy "Network access: Restrict anonymous access to Named Pipes and Shares"
-changed policy "Access this computer from network" and added ANONYMOUS LOGON account to the list
-made sure the policy "Deny access to this computer from network" does NOT include any of: Everyone, Guests and Anonymous Logon accounts
-checked policy "Do not allow anonymous enumeration of SAM accounts" and this is disabled by default, but it doesn't have impact on Domain Controllers anyways.
-checked policy "Do not allow anonymous enumeration of SAM accounts and shares" and it is currently disabled (and should be unless I am reading it backwards?)
what else left?
The server still keeps prompting me for password when I try accessing \\server\ashare$ from any non-domain computer/user account. why is that so, what am I missing here? it should be a simple thing! I just need public dropbox folder on this File Server...