Windows – In Windows 8.1, how to force prompt for credentials when accessing a shared folder

network-sharespermissionswindows 8.1windows server 2008

I have a computer with Windows Server 2008 ("R1") SP2, which I use as a home server, and another with Windows 8.1 ("Home"), which I use daily. There is no domain controller in the network. I'm logged at Windows 8.1 with user A, let's call it PC\AUser. There is no user A at the server. I have a shared folder to the user B, let's call it SERVER\BUser.

How can I force to Windows 8.1 ask for credentials when I go to start -> run \SERVER\SharedFolder\ ?

For now I only receive this error: "You do not have permission to access \SERVER\SharedFolder. contact your network administrator to request access."

I've been able to share the folder unprotected, by adding "Everyone" to the permission list. But as soon as I remove "Everyone", the Windows 8 client simply says "you do not have permissions to access this folder", without asking for any credential.

I've already done it in the 2000 and XP days…

How to force the prompt for credentials in Windows 8.1?

Update:

I've accessed it from a Linux client with the command:

smbclient //SERVER/SharedFolder mypassword -U BUser

So this shifts the problem into the Windows 8.1 client – the server is configured OK.

Update 2:

On request, this is the error message I receive. It's in portuguese, but experienced users will recognize the window. It says "Title: Network Error. Windows couldn't access [folder]. You don't have permission to access [address]. Contact the network administrator to request access permission."

error message.

Update 3:

I have been able to connect to the share by using the "map network drive…" option and manually setting credentials there – but first I had to un-map the share using net use /delete because it seems Windows creates a stale mapping on the failed connection attempt (wtf?). This way, it is at least usable for me now. But will give the bounty reward if someone can solve or explain the issue of Windows 8.1 failing to connect with a permissions error instead of asking for credentials.

Final Update:

Found the solution! I've posted it as an answer.

Best Answer

The poster has found that after disabling the Guest account, Windows demanded a credential. I thought it important to add an explanation of this behavior (quoted from this source), that changed completely from after XP and starting with Vista.

Windows XP introduced a concept called Simple File Sharing that, when enabled, entirely eliminated security for file sharing. All network access was done in the context of the Guest user account, regardless of the remote user's actual account name. Essentially. anyone with physical access to your network could access any shared file. This made it much easier for other people in your home and office to get to each other's files.

Windows 8, 7, and Vista also include Simple File Sharing, although it's now called Password Protected Sharing. And, the effect of disabling and enabling the feature is reversed on the two newer operating systems.

image

This setting is not always changeable. In Windows XP Home Edition, Simple File Sharing is always checked and cannot be turned off. In all other versions of Windows, it can be turned on or off, except if the computer is a member of a domain network. In this case, passwords are always required.

Finally. Windows 8 and 7 have a new twist in the way that security works when Password Protected Sharing is turned off. On Vista and XP, when passwords are not required, all incoming network access uses the Guest account. Thus, anyone on the network can access any file in a shared folder if the file can be accessed by the user account Guest or by the user group Everyone.

But on Windows 8 and 7, the following happens when a remote user attempts to use a folder or file shared by a Windows 8 or 7 computer with Password Protected Sharing turned off:

  • If the remote user's account matches an account in the Windows 8 or 7 sharing computer and that account has a password set, that account is used for file access
  • If the remote user's account matches an account in the sharing computer but that account has no password set, then the Guest account is used.
  • If the remote user's account matches no account in the sharing computer, the Guest account is used.

This might seem convoluted, but it is actually a very useful change. First of all, this change was necessary to support the new HomeGroup feature. All homegroup member computers use a special, password-protected account named HomeGroupUser$ to access other member computers, and this change lets it work whether Password Protected Sharing is turned on or off. Second, it gives you the option of giving designated users additional access privileges, without requiring you to set up a full-blown security scheme.

Related Question