Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / Anonymous File and Printer Sharing Without Password in Windows 10 / Server 2016

October 24, 2019 Windows 10Windows Server 2016

Anonymous File and Printer Sharing Without Password in Windows 10 / Server 2016

By default, when a user tries to access a network shared folder on a server joined to the Active Directory domain from a workgroup computer, the prompt to enter a domain account credentials appears. Let’s consider how to enable unauthenticated (anonymous) access to a shared folders or printers on a domain server from workgroup computers in Windows 10 / Windows Server 2016.

input cerdentials to access shared folder on windows

From the security point of view, it is not recommended to enable anonymous network access for a guest account. Moreover you should never do it on the AD Domain Controllers. So prior to enabling anonymous access, try to use the more correct way – join workgroup computer to your domain or create domain accounts for all users in a workgroup.

Contents:
  • Local Anonymous Access Group Policies
  • Allow Anonymous Access to a Shared Folder on Windows
  • How to Enable Anonymous Access to a Shared Printer?

Local Anonymous Access Group Policies

Open the Local Group Policy Editor (gpedit.msc) on a server/computer, which you want to enable anonymous access to.

Go to the following GPO section: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Configure the following policies:

  • Accounts: Guest Account Status: Enabled
  • Network access: Let Everyone permissions apply to anonymous users: Enabled
  • Network access: Do not allow anonymous enumeration of SAM accounts and shares: Disabled

group policy settings to allow anonymous access to a network shared folder on windows 10 / server 2016

For a security reasons, make sure that the Guest account is specified in the Deny log on locally policy under the Local Policies -> User Rights Assignment.

Then make sure that Guest is also specified in the Access this computer from network policy in the same section, and the Deny access to this computer from the network policy should not have Guest as the value.

Also make sure that network folder sharing is enabled in Windows ( Settings  -> Network & Internet  -> Ethernet -> Change advanced sharing options). In All Networks section, select the options Turn on sharing so anyone with network access can read and write files in the Public folders and Turn off password protected sharing if you trust all devices in your network (refer the article “Can’t see computers on my network”.)
windows 10 / 2016 - turn on sharing so anyone with network access can read and write files in the Public folders

Allow Anonymous Access to a Shared Folder on Windows

Then you have to configure permissions to access the network folder you want to share. Open the folder properties, got to the Security tab and check current folder NTFS permissions. Press Edit -> and assign Read permissions (and Modify if needed) to Everyone local group. To do it, click Edit -> Add -> Everyone and select the folder access privileges for anonymous users. I have granted read-only permissions.

allow guests (everyone) to access shared folder on windows 10

In the Sharing tab, allow anonymous users to access the shared folder (Share -> Advanced Setting -> Permissions). Make sure that Everyone group has Change and Read permissions.

averyuone shared folder permissions

In the Local Policies -> Security Options section of the Local Group Policy Editor enable the policy Network access: Shares that can be accessed anonymous. Here you must specify the shared folder names you want to enable anonymous access to (in my example, it is Share1, Distr and Docs folders).

group policy: Network access: Shares that can be accessed anonymous

How to Enable Anonymous Access to a Shared Printer?

To enable anonymous access to a shared printer on your computer, open the shared printer properties in theControl Panel -> Hardware and Sound -> Devices and Printers. Check the options Render print jobs on client computers on the Sharing tab.

enable the option "Render print jobs on client computers " on the shared printer

Then check all permissions for Everyone group on the printer Security tab.

printer permissions - allow everyone (guest) to print on a shared printer

After that you will be able to connect to your shared folder (\\server-name\sharedfolder) and printer on a domain computer/server from workgroup computers without entering your credentials, i. e. anonymously.

In Windows 10 1709 or newer network access to a shared folder over the SMBv2 protocol under the guest account is restricted by default and you can see the following error: ‘You can’t access this shared folder because your organization’s security policies block unauthenticated guest access’. See this article.

9 comments
2
Facebook Twitter Google + Pinterest
previous post
Active Directory Dynamic User Groups with PowerShell
next post
Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update

Related Reading

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

Enable Internet Explorer (IE) Compatibility Mode in Microsoft...

January 27, 2023

How to Disable or Uninstall Internet Explorer (IE)...

January 26, 2023

How to Delete Old User Profiles in Windows?

January 25, 2023

9 comments

Olivier October 24, 2019 - 2:26 pm

It’s not because we can do something that it must be done.
Despite your warning, how many people will apply quickly – too quickly I would say – what is written in this article ?

Article totally useless, and moreover in the present days, very dangerous for security.

… and what will be the next article? How to do to pass all passwords in clear text ? How to do to avec all inbound rules open on a firewall ?

Be responsible

Reply
admin October 25, 2019 - 11:48 am

Thanks for your feedback!
Yes, you are right – anonymous access is an extremely dangerous thing from a security point of view.
In the article, I described a fairly secure way to provide anonymous access to a specific shared folder on Windows. In my case, this was the only solution available to access shared resource on a specific domain computer from a workgroup .
You can use the article for informational purposes, or check your policy settings to completely disable anonymous access in your network. 🙂

Reply
George Echo July 25, 2022 - 10:09 pm

No need to be a prick. These changes are absolutely necessary in many circumstances, and the writeup is very clearly outlined and helpful to those who may need this ability.

Reply
John May 10, 2020 - 1:43 pm

Oliver (and other like you), what if I don’t care about corporate security? What if my windows machine is inside a local network behind a router i.e. totally inaccessible from the outside? What if I just want to print my stupid cartoon from another PC in the same network (and I don’t *really* care if somebody hijacks my printer)? What if I have not remembered any of my local users’ passwords for ages because of the stupid (but convenient) PIN sign-in thing? There are different users and use cases Oliver. You don create SECURITY by preaching about it without knowing the details.

BTW, damn Windows won’t let me print my cartoon without typing in the credentials even with all the instructions written in this post :/

Reply
Tularis April 13, 2021 - 8:02 am

People like Oliver are the worst. Without this article I couldn’t have setup my internal lab network to host deployable network images.
I don’t need staff member to have to authenticate to the share where the images are located, what’s the point, its internal with the no internet access. He probably supported the whole “Browser Choice” debacle ….

Reply
RG April 27, 2021 - 5:25 pm

i have problem with this setting, if i want next folder with credential(local account) not work, no prompt for input user name and pass

Reply
martin May 17, 2021 - 1:05 am

A huge ‘Thank You’ !
This article has helped restore my sanity after being unable to ‘see’ other machines on my local Home network for purposes of simple folder sharing.
Having gone through the described steps I eventually struck gold by enabling ‘Function Discovery Resource Publication’ service which wasn’t running for some reason.
I had zero chance of figuring this out without your help, so thanks once again.

PS:
F*ck Olivier.

Reply
Jhon September 2, 2021 - 12:58 pm

after 21h1 update – this not working. any idea?

Reply
David January 27, 2023 - 6:00 pm

I have had the same issues a while back and I read a few posts that stated win 10 home will allow you to change global sharing policies but ignores them. They are only applied in the pro versions. Something someone may be able to verify…………….

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023
  • Adding Trusted Root Certificates on Linux

    January 9, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to Disable UAC Prompt for Specific Applications in Windows 10?
  • How to increase KMS current count (count is insufficient)
  • Configuring L2TP/IPSec VPN Connection Behind a NAT, VPN Error Code 809
  • Managing Printers and Drivers with PowerShell in Windows 10 / Server 2016
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top