How can an unauthenticated user access a windows share?
Solution 1:
To do what you want you'll have to enable the "Guest" account on the computer hosting the files and then grant the "Everyone" group whatever access you want.
"Guest" is a user account, but its enabled / disabled status is interpreted by the operating system as a boolean "Allow unauthenticated users to connect?" Permissions still control the access to files, but you open things up a LOT by enabling Guest.
Don't do this on a domain controller computer, BTW, because you'll be Guest on all DCs...
Solution 2:
In my case, enabling the Guest account and adding Everyone did not help (with a share on an older box with Windows Server 2008 SP2 in a domain and a Windows Server 2012 R2 machine from outside of the domain).
After following the excellent guide posted by Nikola Radosavljevic, anonymous access finally worked in my scenario.
Summary of steps:
- Adding
Everyone,GuestandANONYMOUS LOGONto the permissions of the share. - Open the Group Policy Editor (e.g. by running
gpedit.msc)- Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
-
Accounts: Guest account status:
Enabled -
Network access: Let Everyone permissions apply to anonymous users:
Enabled -
Network access: Restrict anonymous access to Named Pipes and Shares:
Disabled -
Network access: Shares that can be accessed anonymously:
YOUR_SHARE_NAME
Update (Windows Server 2016)
I would like to draw your attention to the comment by @Schneider as he pointed out, that on more recent systems fewer steps are necessary.
Update (May 2020)
@mrtumnus pointed out that the path in the group policy editor's tree could also be:
- Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
I have checked this on Windows Server 2019 and could not find this tree item. If anyone could provide more details regarding in which situation the setting is located at a different place, I am willing to add this information.