No-password file share still requires login

windows-server-2008 file-sharing

1,189

Solution 1

Make sure the "ANONYMOUS" security object is granted access. "EVERYONE" doesn't count.

You also might need to allow anonymous access within group policy. Open Group Policy Editor and navigate:

- Computer Configuration
  - Windows Settings
    - Security Settings
      - Local Policies
        - Security Options.

Change “Network access: Let Everyone permissions apply to anonymous users” to Enabled

Solution 2

Boiled it down to this:

On the file server Give anonymouse Share and NTFS rights as needed (Read in my case)

Create GPO and apply to file server Computer - Windows - Security - Local - Security

Accounts:Guest account status - Enabled

Accounts: Rename administrator account - SomeNameOfYourChoise

Accounts: Rename Guest account - SomeNameOfYourChoise

Network access: Shares that can be accessed anonymously: YourShareName

Network access: Sharing and security model for local account from “Classic-local users authenticate as themselves” to “Guest only-local users authenticate as Guest”.

1,189

kiran

Updated on September 18, 2022

Comments

kiran almost 2 years
In my Spring(3.1) MVC web application(servlet 3.0) i have following href link in one of the JSP-s:
```
<a href="./edit_account?id=${account.accountId}">
<i class="icon-th-list"></i>${account.accountId} ${program.customer} </a>
```
It used to work properly whenever user clicks on above link on the web page, edit_account used to get appended to application url and used to reach corresponding method within Controller class. Now due to security reasons, I had to make all cookies secure and http-only. Hence added following snippet in web.xml
```
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
          version="3.0">   

  <session-config>

        <cookie-config>     
        <http-only>true</http-only>
        <secure>true</secure>   
        </cookie-config>

  </session-config>

</web-app>
```
After adding above, none of the clicks(href in all JSP-s) working. Following Error is thrown at web page, however j_session_id is showing up on the Url.
```
Http 400 description The request sent by the client was syntactically incorrect.
```
in all my JSP-s, session is true.

Can somebody please help me what changes I need to do make so that all the flows working even after adding above snippet in web.xml?
- Admin over 10 years
  
  your answer is quit fine but first you should enable the Gust Account from the Local Security Policy then it will work
- Thor Erik over 10 years
  
  Thank you Imtiaz, your suggestion pointed me to the final piece to get this working for a client.
Zano about 13 years

Thanks for the suggestion. I granted access to ANONYMOUS LOGON and changed the Security Option in question. I also ran gpupdate for good measure, but I still have the same behaviour.
Sergey Vyacheslavovich Brunov over 11 years

@Zano, your recommendation works for me! Thank you!
Tim Richardson over 8 years

@Zano, thanks. This was the missing piece for me. The security policy was reset (somehow); it was driving me up the wall.