Quantcast
Channel: File Services and Storage forum
Viewing all articles
Browse latest Browse all 13565

How to setup both a separate [public] Anonymous Login share (without login prompt) and a [private] Authenticated User share (with login prompt) on the same server

$
0
0

Hey All,

 

Any help in resolving this issue would be greatly appreciated. 

Environment Details:

Windows Server 2012 R2 (Non-domain)

Two shares:

\\server2012\anon_share

\\server2012\private_share

Intended Solution:

I have two shares \\ server2012\anon_share and \\ server2012\private_share. For the anon_share would like to allow users to connect to it anonymously and without a login prompt (e.g. as a symbol server), for the private_share would like it so that you are always presented with a login prompt (e.g. user folder shares) and anonymous users are blocked.
 

For \\ server2012\anon_share would like the following functionality:

  • Anonymous Logon without Login Prompt
     

For \\ server2012\private_share would like the following functionality:

  • User Login Prompt when attempting to connect
  • Anonymous Logon is not allowed
  • Restricted to list of Authenticated Users (existing as local user accounts on the server)

Actual Results:

Have tried a number of combinations of Sharing Permissions, Local FS Permissions, and Local/Group Policy settings to no avail.

\\ server2012\anon_share (Public) Settings:

Sharing

People to Share with:

Read/Write   Everyone

Read/Write  Anonymous Logon

Read/Write   Guest

Owner            LocalAdminUser

 

Advanced Share Permissions:

Allow – Full Control  Everyone

Allow – Full Control  LocalAdminUser

Allow – Full Control  Guest (server2012\Guest)

Allow – Full Control  Administrators (server2012\Administrators)

Allow – Full Control  ANONYMOUS LOGON

 

Security

Permissions:

Allow – Full Control  Everyone

Allow – Full Control  SYSTEM

Allow – Full Control  LocalAdminUser

Allow – Full Control  GuestAllow – Full Control   ANONYMOUS LOGON

  

\\ server2012\private_share(Private) Settings:

Sharing

People to Share with:

Read/Write   AuthUser1

Read/Write   AuthUser2

Read/Write   Everyone

Owner            LocalAdminUser

 

Advanced Share Permissions:

Allow – Full Control  Everyone

Allow – Full Control  LocalAdminUser

Allow – Full Control  Authenticated Users

Allow – Full Control  AuthUser1

Allow – Full Control  AuthUser2

Allow – Full Control  Administrators (server2012\Administrators)

Deny – Full Control  ANONYMOUS LOGON

 

Security

Permissions:

Allow – Full Control  Everyone

Allow – Full Control  Authenticated Users

Allow – Full Control  SYSTEM

Allow – Full Control  LocalAdminUser

Allow – Full Control  AuthUser1

Allow – Full Control  AuthUser2

Allow – Full Control  Administrators (server2012\Administrators)Deny – Full Control   ANONYMOUS LOGON

  

Policy Settings (current settings):

Enabled          Accounts: Guest account status

Disabled         Network access: Allow anonymous SID/Name translation

Enabled          Network access: Do not allow anonymous enumeration of SAM accounts

Enabled          Network access: Do not allow anonymous enumeration of SAM accounts and shares

Enabled          Network access: Let Everyone permissions apply to anonymous users

Enabled          Network access: Restrict anonymous access to Named Pipes and Shares

Enabled (\\server2012\anon_share)       Network access: Named Pipes that can be accessed anonymously

Enabled (\\server2012\anon_share)       Network access: Shares that can be accessed anonymously

Guest only – local users authenticate as Guest    Network access: Sharing and security model for local accounts

Send LM & NTLM – use NTLMv2 session security if negotiated    Network security: LAN Manager authentication level

I have observed one of the two following results:

  1. an anon_share that doesn't have a login prompt, however the private_share returns a permission denied error (no login prompt appears)
    1. Breaks other automation tools that depend on the authenticated login for the private share


  2. an anon_share that has a login prompt (Guest), however the private_share prompts for a login as intended
    1. Breaks the use of the anonymous share as a Symbol Store

 

Any help in addressing this would be greatly appreciated! (Figure I am either missing something, or have some conflicting settings). Or if the solution I am trying to achieve is not possible using the setup I have, please let me know of any alternative approaches to achieve the same goal. Thanks!


*** ALSO MICROSOFT PLEASE FIX WHATEVER HORRID RTE THESE FORUMS USE ***



Viewing all articles
Browse latest Browse all 13565

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>