When a user attempts to access a network share on a server connected to an Active Directory domain from a workgroup computer, by default the user is prompted for domain account information. Let’s see how to give non-authenticated (anonymous) access to shared folders or printers on the domain server of workgroup computers running Windows 10 / Windows Server 2016.
For security reasons, it is not recommended to allow anonymous access to the network for guest accounts. Also, you should never do this on AD domain controllers. Therefore, before allowing anonymous access, try using the most appropriate method to connect a workgroup computer to your domain or to create domain accounts for all workgroup users.
Anonymous local group policy
Open the Local Group Policy Editor (gpedit.msc) on the server/computer you wish to grant anonymous access to.
Go to the next part of the GPO: Computer configuration -> Windows settings -> Security settings -> Local policies -> Security settings. Establish the following rules:
- Accounts : Status of the guest account : Including
- Network Access : Let all rights apply to anonymous users: Authorized
- Network Access : Do not allow anonymous listing of SAM accounts and shares: persons with disabilities
For security reasons, make sure the guest account is specified in the Deny Login field under Local Policies -> Assign User Rights.
In the same section, make sure that the Access this computer from network policy check box also includes Guest and that the Access this computer from network policy check box is not set to Guest.
Also make sure that network map sharing is enabled in Windows (Settings -> Network and Internet -> Ethernet -> Change advanced sharing options). Under All Networks, select Enable sharing so that anyone with network access can read and write files to public folders, and disable password-protected sharing if you trust all the devices in the network.
Providing anonymous access to a shared folder in Windows
You must now set permissions to access the network folder you want to share. Open the folder properties, go to the Security tab and check the permissions of the current NTFS folder. Click on Edit -> and assign read access rights (and change them if necessary) for each local group. To do this, click Edit -> Add -> All and select Access rights for folders of Anonymous users. I gave permission to read only.
The Sharing tab gives anonymous users access to the shared folder (Sharing -> Advanced Settings -> Access rights). Make sure that each group has toggling and reading privileges.
Under Local policy -> Security options in the Local Group Policy Editor, enable network access : Shares accessible anonymously. Here you have to specify the names of the shared folders you want to give anonymous access to (in my example these are Share1, Distr and Docs).
How do I give anonymous access to a shared printer?
To access a shared printer on your computer anonymously, open the shared printer properties in Control Panel -> Hardware and Sound -> Devices and Printers. Select the Send print jobs to client computers checkbox on the Sharing tab.
Then, in the Printer Security tab, activate all rights for the All group.
You can then connect to the shared folder (server name sharing folder) and the printer on the domain computer/server of the workgroup computers without entering your data, i.e. anonymously. On Windows 10 1709 or later networks, access to the SMBv2 share under the guest account is restricted by default and you may encounter the following error: You do not have access to this shared folder because your organization’s security policy blocks access for non-authenticated guests. See this article.
windows 10 guest share,ntfs anonymous access,give non domain user access to share,enable authentication user sharing,linux connect to windows share anonymous,share folder outside of domain,windows 10 cannot access anonymous share,anonymous login share,windows 10 share folder to guest,windows 10 enable guest,windows share permissions everyone,windows 10 guest shared folder,enter network credentials windows server 2012,windows 10 file sharing without credentials,windows 10 file sharing policies,windows share without password,windows sharing guest,anonymous guest printing,give non-domain user access to share,windows shared folder vulnerability,allow blank password network share,windows 10 blank password,network without password,allow unauthenticated users to connect,windows 10 pro share folder without password,unprotected windows share,windows server 2008 r2 anonymous share access,allowing anonymous access to a file share on windows server 2019,turn off password protected sharing server 2016,allowing anonymous access to a file share on windows server 2012,password protected sharing windows server 2019,allow anonymous access to shared folder windows 10,enable file and printer sharing windows server 2016