|
Posted by Pete on August 14, 2006, 1:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
I'm just asking for those cases where there are no other alternatives (if
there are any). The anonymous access would be only for a single folder in
one workstation. To guarantee that any workstation in the corporate network
(to which access from the outside world is cut off anyway) can start the
utility during user logon.
I'm sure that in most cases the IT department of the customer will be able
to sort out any issues regarding guaranteed access to that folder during the
logon process. This would mean that the application be installed on a file
server that belongs to a domain that all workstations also belong to.
-Petteri
viestissä:ecnjk9uvGHA.4460@TK2MSFTNGP04.phx.gbl...
> Hi Pete,
>
> Let me preface this by saying that your application design is severely
> limiting your marketability. I believe that most knowlegable
> administrators
> would not like to install something that requires that they enable
> anonymous
> access to a share, and most would be quite mad upon finding that an
> install
> had done so without calling that fact out clearing in the pre-install
> requirements
> discussions/warnings. I myself would not install that application and if
> found
> after the fact without a forewarning I would militate against the vendor
> and
> certainly put them on my blacklist to never do further business with in
> future.
>
> You need to look at the policy called
> Network access: Shares that can be accessed anonymously
> and its interaction with the policy called
> Network access: Restrict anonymous access to Named Pipes and Shares
> and the need to ACL the accessible with the Anonymous Logon principal
> For a start search on the first mentioned policy in
>
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/s3sgch04.mspx
>
> It is the need to enable the second mentioned in order for the first
> mentioned
> policy to have effect that would cause most knowlegable administrators to
> refuse permission to install for your application that requires this
> capability.
>
> Roger
>
>> Hello all!
>>
>> I'm currently developing an application which should be accessible by
>> anyone on the Windows network. For this I'd like to create a share that
>> ANYONE on the network can access. The access only needs to be read-only.
>> For now I'd like to be able to define this on a Windows XP box.
>>
>> I have tried editing the local security policy and tried to give
>> anonymous logon access to the share and the files in it. I don't want to
>> use simple file sharing, as it's not available when a computer is in a
>> domain. The solution should make the folder and its contents visible in
>> all of these scenarios:
>>
>> - the computer with the shared folder is in a domain
>> - the computer with the shared folder is not in a domain
>> - the client computer is in a different domain than the computer with
>> the shared folder
>> - the client computer is not in a domain
>>
>> Is this possible at all? In cases where all computers are in the same
>> domain, this problem does not exist, but there are all kinds of customer
>> IT-policies and in those cases the above scenarios might occur.
>>
>> I'm sorry if this is to be found in a FAQ somwhere; I've googled for many
>> hours for a solution, but haven't been able to find one.
>>
>> I'll be grateful for any information on this!
>>
>> -Pete
>>
>
>
| 
XML site map