We have a few Windows Servers in our lab, and occasionally need to connect to them from our office PC's. The lab servers are part of a Workgroup, not a Domain, but the office PC's are all part of an AD Domain.
I can turn on File Sharing on the lab servers, and I have the Sharing Permission set to "Everyone" (read access). However, in order to connect to the server's share from an office PC, the user must provide credentials. Since the server is not part of the domain, the user must know a set of local credentials on that server.
We'd rather not setup 1 or more extra local accounts for users, nor share the credentials for the "real" local accounts on that servers. Is there any way to allow real public (non-credentialled) browsing of a fileshare in this config?
Best Answer
This is done with two Local Security Policy (
gpedit.msc) changes on the server. Both are located in:Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security OptionsAccounts: Limit local account use of blank passwords to console logon only = DISABLEDNetwork Access: Let Everyone permissions apply to anonymous users = ENABLEDDo a
gpupdate /forceand try again. If it doesn't work, try rebooting the server, I'm not sure if that is required.Long story short, "Everyone" only includes "Authenticated Users." When connecting without a username / password you are using Anonymous. You also can't access resources over the network without a password by default unless you allow blank passwords. Keep in mind both of these options greatly reduce your security on the server, but because this sounds like a lab / non-production environment it doesn't sound like an issue.