This article shows how to allow anonymous access to shared network folders and printers on a computer in a workgroup or Active Directory domain. Anonymous access to a remote computer means that users do not need to authenticate (without the need to enter credentials or passwords) to access a shared resource and a
Guest account is used for access.
By default, when you access a shared folder on a remote computer, you are prompted for a username and password (except in cases where both computers are in the same domain, or workgroup and use the same local user accounts with the same passwords). Anonymous access means that when you connect to a remote computer, you are not prompted for a password and can access shared resources without authentication.
Configuring Anonymous Access Settings in Windows
Windows uses a special built-in guest account for anonymous access. This account is disabled by default.
To allow anonymous (unauthenticated) access to the computer, you need to enable the Guest account and change some settings of the Local Security Policy in Windows.
Open the Local Group Policy Editor console (
gpedit.msc) and navigate Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
- Accounts: Guest Account Status: Enabled
- Network access: Let Everyone permissions apply to anonymous users: Enabled
- Network access: Do not allow anonymous enumeration of SAM accounts and shares: Disabled
For security reasons, it is also a good idea to open the “Deny log on locally” policy under the Local Policies -> User Rights Assignment to ensure that the Guest account is specified in the policy settings.
Then make sure that Guest or Everyone is also specified in the Access this computer from network policy and the Deny access to this computer from the network policy should not have Guest as the value.
Also, make sure that network folder sharing is enabled under Settings -> Network & Internet -> Ethernet -> Change advanced sharing options. Check that Turn on file and printer sharing, Network Discovery (allows to show computers in the network environment) are enabled, and Turn off password protected sharing option is disabled in all network profile sections (Private, Public, All networks).
In Windows 11, you can find these options here: Settings -> Network and Internet -> Advanced network settings -> Advanced sharing settings.
Use the following command to update the local Group Policy settings on the computer:
Allow Guest Access to Shared Folders on Windows without Password
After you have configured the guest access policies, you must allow anonymous access to the target shared folder on the Windows host. You must change the security settings of the Windows share you want to allow anonymous access to. Open the folder properties, go to the Security tab, and check the current folder’s NTFS permissions. Assign Read permissions (and Modify if needed) to the Everyone local group. To do this, click Edit -> Add -> Everyone and select the NTFS access permissions for anonymous users. I have granted read-only permissions.
You must also grant anonymous users access to the network share on the Sharing tab (Sharing -> Advanced Sharing -> Permissions). Make sure that the Everyone group has the Modify and Read permissions. Make sure that the Everyone group has Change and Read permissions.
You must now specify the name of the network folder to which anonymous access is allowed in the local security policy. Open the Local Security Policy console (
secpol.msc), and go to Local Policies -> Security Options. Then specify the name of the shared folder to which you want to allow anonymous access in the policy Network access: Shares that can be accessed anonymously (in my example, it is
You can now anonymously connect to this computer remotely.
Win+R and type the UNC path to a shared folder you want to open (you can use the following formats:
If everything is configured correctly, you will see a list of files in a shared folder on a remote computer.
This method of granting anonymous access worked well until Windows 10 2004/Windows Server 2019. In current builds of Windows, you will still see a password prompt when you try to access a shared folder. In order to connect to a shared folder as an anonymous user, you need to specify the user name guest (you do not need to specify a password). But it’s not very convenient.
In this case, you will also need to enable the following Group Policy options:
- Go to the following GPO section: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Change the value of Network access: Sharing and security model for local accounts parameter from Classic to Guest Only. This policy enables the automatic use of the Guest account when you access a remote computer on the network using a local account (It is assumed that you are logged into Windows with a local account);
- Navigate to Computer Configuration -> Administrative Templates -> Network -> Lanman Workstation. Enable the policy Enable insecure guest logons. This policy allows network access to shared folders using the SMBv2 protocol under the Guest account. If you do not enable this parameter, an error will occur when you try to connect to the remote computer using the Guest account: “Y
ou can’t access this shared folder because your organization’s security policies block unauthenticated guest access” See this article.
Then specify that the Guest account should always be used to access shared resources on the specified computer. To do this, you need to add the computer name (or IP address) and the user name you want to use to connect to the remote computer to the Windows Credential Manager. Open the command prompt and run:
cmdkey /add:192.168.13.200 /user:guest
Windows will now automatically log in with the saved account (
Guest in our case) when accessing the specified IP address (or hostname).
Now you can check on the remote computer that the client has connected to the shared folder under the Guest (anonymous) account:
How to Enable Anonymous Access to Shared Printer on Windows
To enable anonymous access to a shared printer on your computer, open the shared printer properties in the Control Panel -> Hardware and Sound -> Devices and Printers. Enable the option Render print jobs on client computers on the Sharing tab.
Then select all Allow permissions for the Everyone group on the Security tab.
You can now connect anonymously to a shared folder (
\\server-name\sharedfolder) and printer on a computer in a domain or workgroup without having to enter a username and password.