Hey All,
Any help in resolving this issue would be greatly appreciated.
Environment Details:
Windows Server 2012 R2 (Non-domain)
Two shares:
\\server2012\anon_share
\\server2012\private_share
Intended Solution:
I have two shares \\ server2012\anon_share and \\ server2012\private_share. For the anon_share would like to allow
users to connect to it anonymously and without a login prompt (e.g. as a symbol server), for the private_share would like it so that you are always presented with a login prompt (e.g. user folder shares) and anonymous users are blocked.
For \\ server2012\anon_share would like the following functionality:
- Anonymous Logon without Login Prompt
For \\ server2012\private_share would like the following functionality:
- User Login Prompt when attempting to connect
- Anonymous Logon is not allowed
- Restricted to list of Authenticated Users (existing as local user accounts on the server)
Actual Results:
Have tried a number of combinations of Sharing Permissions, Local FS Permissions, and Local/Group Policy settings to no avail.
\\ server2012\anon_share (Public) Settings:
Sharing
People to Share with:
Read/Write Everyone
Read/Write Anonymous Logon
Read/Write Guest
Owner LocalAdminUser
Advanced Share Permissions:
Allow – Full Control Everyone
Allow – Full Control LocalAdminUser
Allow – Full Control Guest (server2012\Guest)
Allow – Full Control Administrators (server2012\Administrators)
Allow – Full Control ANONYMOUS LOGON
Security
Permissions:
Allow – Full Control Everyone
Allow – Full Control SYSTEM
Allow – Full Control LocalAdminUser
Allow – Full Control GuestAllow – Full Control ANONYMOUS LOGON
\\ server2012\private_share(Private) Settings:
Sharing
People to Share with:
Read/Write AuthUser1
Read/Write AuthUser2
Read/Write Everyone
Owner LocalAdminUser
Advanced Share Permissions:
Allow – Full Control Everyone
Allow – Full Control LocalAdminUser
Allow – Full Control Authenticated Users
Allow – Full Control AuthUser1
Allow – Full Control AuthUser2
Allow – Full Control Administrators (server2012\Administrators)
Deny – Full Control ANONYMOUS LOGON
Security
Permissions:
Allow – Full Control Everyone
Allow – Full Control Authenticated Users
Allow – Full Control SYSTEM
Allow – Full Control LocalAdminUser
Allow – Full Control AuthUser1
Allow – Full Control AuthUser2
Allow – Full Control Administrators (server2012\Administrators)Deny – Full Control ANONYMOUS LOGON
Policy Settings (current settings):
Enabled Accounts: Guest account status
Disabled Network access: Allow anonymous SID/Name translation
Enabled Network access: Do not allow anonymous enumeration of SAM accounts
Enabled Network access: Do not allow anonymous enumeration of SAM accounts and shares
Enabled Network access: Let Everyone permissions apply to anonymous users
Enabled Network access: Restrict anonymous access to Named Pipes and Shares
Enabled (\\server2012\anon_share) Network access: Named Pipes that can be accessed anonymously
Enabled (\\server2012\anon_share) Network access: Shares that can be accessed anonymously
Guest only – local users authenticate as Guest Network access: Sharing and security model for local accounts
Send LM & NTLM – use NTLMv2 session security if negotiated Network security: LAN Manager authentication level
I have observed one of the two following results:
- an anon_share that doesn't have a login prompt, however the private_share returns a permission denied error (no login prompt appears)
- Breaks other automation tools that depend on the authenticated login for the private share
- Breaks other automation tools that depend on the authenticated login for the private share
- an anon_share that has a login prompt (Guest), however the private_share prompts for a login as intended
- Breaks the use of the anonymous share as a Symbol Store
Any help in addressing this would be greatly appreciated! (Figure I am either missing something, or have some conflicting settings). Or if the solution I am trying to achieve is not possible using the setup I have, please let me know of any alternative approaches to achieve the same goal. Thanks!