I need to create a Windows file share and configure it so that the files can be modified over the network without the user needing to authenticate. In some cases this will be an interactive user dropping files into the folder using Windows Explorer. In many other cases the user will actually be a Windows service running as Local Service. The Windows server is not a member of a domain.
Let me say up front that I know we should not be doing this. However, assume that parameters outside my control prevent a more proper / security-conscious configuration.
I am able to accomplish this task by enabling the Guest account and then giving the Everyone group appropriate permissions to the folder and share. This is certainly easy, but I get very nervous enabling the Guest account. I believe it has ramification that go far beyond just file sharing. Am I justified in my paranoia?
Using Linux and Samba, this task of creating a writable, public network share is not hard either, and I do not recall quite as much concern about the overall security of the machine.
Is there a way using Windows Server, to just configure a public, read/write share without severely compromising the machine's security?
The machine will be on a standalone LAN and not connected to the Internet.
Best Answer
You may need to enable the local policy for "Network Access: Let Everyone permissions apply to anonymous users". This may be disable by default on certain versions of Windows. Use this in addition to granting the Everyone group CHANGE rights on the file share and NTFS permissions.
Additional information on the policy is here: http://technet.microsoft.com/en-us/library/cc778182(WS.10).aspx