Search This Blog

Thursday, April 26, 2012

Create an anonymous share in Windows 2008 server

I wanted to mount an iso in Hyper-V across a network share, however Hyper-V will not let you do this. It is due to security which I won’t go into here. To get round this you have to either copy the iso locally or create the remote share to allow anonymous access. Now this is obviouly a security issue, so  you should judge whether this solution is suitable for you, but for me it makes sense.

I am grabbing the necessary fragment from a fuller article here by Scott Havens.

In an environment without Active Directory (like my home network), or when the machines in question are in domains that don’t talk with each other, we need something else.  One option is to enable anonymous access to the share where the ISOs are stored.  This solution is fine for my home network, and may be feasible for other small networks where security isn’t as much of an issue.  While the instructions below are for Windows Home Server specifically, they are easily adapted to a bog-standard (non-WHS) file server.

  1. First, go to Administrative Tools->Local Security Policy.

    In Security Settings/Local Policies/Security Options, make the following changes:

    - Network Access: Do not allow anonymous enumeration of SAM accounts and sharesDisabled
    - Network Access: Let Everyone permissions apply to anonymous usersEnabled
    - Network Access: Restrict anonymous access to Named Pipes and SharesDisabled
    - Network Access: Shares that can be accessed anonymously – Add SOFTWARE (or the appropriate share) to the existing list

    In Security Settings/Local Policies/User Rights Assignment:

    - Access this computer from a network – Add ANONYMOUS LOGON and Everyone if they’re not already there

  2. After closing the Local Security Settings window you’ll need to reboot the server or force application of security policy via gpupdate.
  3. Then, open up Computer Management and go to System Tools->Local Users and Groups->Groups.
    Windows Home Server creates several security groups that provide read-only and read/write access to the shares it manages.  Find which group offers Read-Only access to the share and add Everyone to this group.  On my computer, the Software share is managed by RO_8 and RW_8, so I added Everyone to the RO_8 group.
  4. While you’re in Computer Management, go to System Tools->Shared Folders->Shares.  In the properties for the appropriate share, add Everyone to the Share Permissions.

Share/Bookmark

Wednesday, April 25, 2012

Win2k8R2 - Unable to rename a connection–already exists

I image a lot of machines, saves me having to keep going through the complete setup with each machine.

On a couple of occasions I have had issues with network connections, it seems windows retains the old imaged server nic info, but it sees the hardware on the new server as new. Therefore it will not add them teaming or call them the right name if you have renamed them.

On trying to rename them to the same name you had on the original machine, you will get an error saying the name already exits. But in network connections they will not show up, even if you start device manager and select view\hidden devices they will not show.

You need to run the following from an elevated command prompt

SET DEVMGR_SHOW_NONPRESENT_DEVICES=1

and then open device manager, select view\show hidden devices. The devices that are no longer present on the new machine will be greyed out and can be uninstalled.

You will now be able to rename the connection.


Share/Bookmark