Force Authentication to Server before displaying shares Windows 2000

R

Ran Hooper

I'm coming in over a VPN on a router and not a domain member:

I have a network running Active Directory on a Windows 2000 box. Two member
servers running 2003 make you authenticate before displaying shares. The
Windows 2000 box isn't asking for authentication thus some shares are
unavailable since we never authenticate. How do I force it to behave like
the Windows 2003 boxes?

Thanks.

Ran Hooper
 
D

Derek Melber [MVP]

You might want to check the "anonymous" settings for these computers. I
would configure this in a GPO. The settings for 2003 and 2000 are different,
2003 is more granular with regard to anonymous access. Also, 2003 has
anonymous access disabled by default, where 2000 allows it.
 
R

Ran Hooper

Yes I found a "Restrict restrictions for anonymous connections" in the local
machine security policy. It changed nothing :( I can still walk right in.
Anywhere else I should be looking?

Ran
 
R

Ran Hooper

I'm also thinking I might need to reboot, can't do that right now, I'll try
tonight.

And you are right, Windows 2003 has much much more granular control over
this.

Ran
 
D

Derek Melber [MVP]

no need to reboot, just run the following for each type of os:

2k: secedit /refreshpolicy machine_policy
xp,2k3: gpupdate
 
R

Ran Hooper

Sorry I forgot to mention that I had tried that of course. Also verified the
change made it to the registry as well.

Ran
 
D

Derek Melber [MVP]

Ran,

Two more things:
1) make sure you set the Restrict anonymous to the highest level (bottom on
the gpo setting)
2) might want to get rid of Everyone on the shares. Change this to
Authenticated Users and see what you get.

After this, I am a bit puzzled without seeing it first hand, or testing it
myself.
 
R

Ran Hooper

There is no Everyone on any of the shares. After reboot it won't display the
shares, as if I had no rights however it also will not ask me to
authenticate either. I think this box is getting 2003 soon anyway, I'm not
going to worry about it. Thanks for your input.

Ran
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can windows NT and 2000 servers co exist in 2003 and or 2008 Active Directory? 3
Nt4 Auth w/2000 Native mode? 10
win 2000 / 2003 ad problem 1
Strange authentication problem on windows 2000 member servers. 1
workstations crossing network to authenticate 2
Computers cannot log on to domain 6
Upgrade question from windows 2000 AD to 2003 AD 4
I want to remove my last Win2k DC from network 5

Top