Microsoft KB Archive/822011

= INFO: How to Allow Anonymous Logon in NFS and in Windows Server 2003 or in Windows Storage Server 2003 (NAS) =

Article ID: 822011

Article Last Modified on 11/26/2003

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Storage Server 2003

-





SUMMARY
In the Windows Server 2003 family, the Everyone group no longer includes the Anonymous Logon group.

This article discusses the following:
 * How to add ANONYMOUS LOGON to the access list
 * How to add an ANONYMOUS LOGON account (or other Windows account) as owner of an object
 * How to transfer ownership



How to Add ANONYMOUS LOGON to the Access List
To allow anonymous access by the Everyone group on Windows Server 2003, follow these steps:
 * 1) Click Start, click Control Panel, double-click Administrative Tools, and then click either Local Security Policy or Domain Security Policy (on a domain controller).
 * 2) In Security Settings, double-click Local Policies, and then click Security Options.
 * 3) Right-click &quot;Network access: Let Everyone permissions apply to anonymous users&quot;, and then click Properties.
 * 4) Apply permissions as follows:
 * 5) * To allow permissions that are applied to the Everyone group to apply to anonymous users, click Enabled.

-or-
 * 1) * To prevent permissions that are applied to the Everyone group from applying to anonymous users, click Disabled.

Note There is no command-line method for this procedure.

Taking Ownership
To take ownership of a file or folder, follow these steps:
 * 1) Start Windows Explorer, and then locate the file or folder you want to take ownership of.

To start Windows Explorer, right-click Start, and then click Explore.
 * 1) Right-click the file or folder, click Properties, and then click the Security tab.
 * 2) Click Advanced, and then click the Owner tab.
 * 3) In the Change owner to box, do one of the following:
 * 4) * To change the owner to a user or group that is listed, click the new owner.
 * 5) * To change the owner to a user or group that is not listed, double-click &quot;Other users and groups&quot;, and in &quot;Enter the object name to select (examples)&quot;, type the name of the user or group, and then click OK.
 * 6) (Optional) To change the owner of all subcontainers and objects in the tree, select the &quot;Replace owner on subcontainers and objects&quot; check box.

How to Transfer Ownership
You can transfer ownership in two ways:
 * The current owner can grant the Take ownership permission to others. This permission allows those users to take ownership at any time.
 * A user who is granted the Take ownership permission can take ownership of the object or assign ownership to any group that the user is a member of.

Also note the following about transferring ownership:
 * A user who has the &quot;Restore files and directories&quot; privilege can double-click &quot;Other users and groups&quot;, and then select any user or group to assign ownership to.
 * An administrator can take ownership of any file on the computer.
 * In the Windows Server 2003 family, the Everyone group no longer includes the Anonymous Logon group.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbinfo KB822011

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.