Setting up an anonymous Windows Server 2008 network share?

How do I create a truly anonymous read/write network share in Windows Server 2008?

That is ...

  • no login dialog shown
  • no domain credentials required

... so that any Windows machine can get to this share no matter who is logged in, whether the machine is on a domain or not?


I was able to get a rudimentary anonymous share going by setting the share and filesystem permissions to:

  • Everyone (full control)
  • Guests (full control)
  • ANONYMOUS LOGON (full control)

After that, in the Local Security Policy under Local Policies > Security Options I had to modify

Network access: Shares that can be accessed anonymously

by adding my share to it, like so:

sharename

At that point I was able to get to \\servername\sharename anonymously.


You need to enable the "Guest" account on the Windows Server machine. After you do that, assuming the remote user isn't attempting to logon with a user account that's valid on the Windows Server machine, you'll get what you're looking for. It can be a pain, though, because you'll get logon dialogs on the remote computers if the user account being used on the remote computer matches an account that's valid on the Windows Server machine. The standard "workaround" for that is to rename the local "Administrator" account on the Windows Server machine to something else and refrain from creating any addt'l user accounts.

You'll need, obviously, appropriate share and filesystem permissions on the shared folder.