Search This Blog

Thursday, April 26, 2012

Create an anonymous share in Windows 2008 server

I wanted to mount an iso in Hyper-V across a network share, however Hyper-V will not let you do this. It is due to security which I won’t go into here. To get round this you have to either copy the iso locally or create the remote share to allow anonymous access. Now this is obviouly a security issue, so  you should judge whether this solution is suitable for you, but for me it makes sense.

I am grabbing the necessary fragment from a fuller article here by Scott Havens.

In an environment without Active Directory (like my home network), or when the machines in question are in domains that don’t talk with each other, we need something else.  One option is to enable anonymous access to the share where the ISOs are stored.  This solution is fine for my home network, and may be feasible for other small networks where security isn’t as much of an issue.  While the instructions below are for Windows Home Server specifically, they are easily adapted to a bog-standard (non-WHS) file server.

  1. First, go to Administrative Tools->Local Security Policy.

    In Security Settings/Local Policies/Security Options, make the following changes:

    - Network Access: Do not allow anonymous enumeration of SAM accounts and sharesDisabled
    - Network Access: Let Everyone permissions apply to anonymous usersEnabled
    - Network Access: Restrict anonymous access to Named Pipes and SharesDisabled
    - Network Access: Shares that can be accessed anonymously – Add SOFTWARE (or the appropriate share) to the existing list

    In Security Settings/Local Policies/User Rights Assignment:

    - Access this computer from a network – Add ANONYMOUS LOGON and Everyone if they’re not already there

  2. After closing the Local Security Settings window you’ll need to reboot the server or force application of security policy via gpupdate.
  3. Then, open up Computer Management and go to System Tools->Local Users and Groups->Groups.
    Windows Home Server creates several security groups that provide read-only and read/write access to the shares it manages.  Find which group offers Read-Only access to the share and add Everyone to this group.  On my computer, the Software share is managed by RO_8 and RW_8, so I added Everyone to the RO_8 group.
  4. While you’re in Computer Management, go to System Tools->Shared Folders->Shares.  In the properties for the appropriate share, add Everyone to the Share Permissions.


No comments:

Post a Comment