Can not find password protected sharing in Windows Server 2012R2

Solution 1:

Well. The problem is Solved by enabling Guest account status in local security policy local policies\Security options.

Sreen Shot of gpedit.msc

Solution 2:

Guest account enable is one way as stated but in the same group policy area mentioned there is another setting that more closely resembles the question but will carry the same burden of "unsecure and unsafe" to alter this for the whole PC sharing what you wanted to share. Even internet attacks will act like an approved network user permission. This is supoosed to be on and is by default in domain settings, and is off and available to toggle when not joined to a domain, so while called differently, it should be the password protected sharing option you are looking for.

Group policy manager needs a new policy. Never edit default domain policy, messing that one up can require network overhaul and sever reload at times, best to not touch. Under "computer config> policies> windows settings> security settings> local policies> security options" you will find all the following options:

"accounts: guest account status" and set to enabled

Or the one I suggest of:

"network access: sharing and security model for local accounts" and set it to "guest only".

Optionally, you may increase the security or only set this to certain shares only by defining the policy "network access: shares that can be accessed anonymously" but this more secure option won't work if you are needing the password protection off to access a database that doesn't use the same ports as file sharing such as all SQL settings do for instance. Once the new policy is set, you must link your new gpo it to the location the user is found, if in active directory users, link to the domain in Group policy manager. If users were moved or in another custom folder in active directory, then the gpo must be linked in that folder they are in in the group policy manager the same. When many custom GPO's are appliied moving users to a custom folder for mass sharing allows all authenticated users default scope gpo setting to only effect the users moved to that group without defining the scope settings for hundreds of custom policies. Such folders are created in active directory users and computers and usually show up in group policy manager, or if not, be sure to name it the same and create a new organizational unit in group policy manager from right clicking the domain name.

Next remove all authenticated users setting from the scope tab and only add the user sharing the info for a more secure setup. Otherwise the whole network at risk for no reason, and this way only the users sharing will ever see the setting to apply it, unless users are already seperated in active directory into custom folders. Do not move admin or guest built in users or any user groups to custom folders. Leave delegation tab alone, as your scope should have already added read permission to the user already.

Make sure the new GPO is enabled and enforced, then rename the GPO password protected sharing disabler if you didn't already name the new GPO something simmilarly and quickly recognisable, and add nothing else to this GPO make new ones for other stuff. May need to restart sever and user affected stations to take effect at times after all is set up correctly.