0

My Win 7 machine is in a workgroup and is not a domain member (and cannot be made a domain member). It has a share (and some DCOM components) that need to be accessible by an AD account that is a domain member.

Is that possible?

When I go to the security tab / Locations..., I cannot see the domain, I only see the local PC name in the list of locations.

rustyx
  • 1,506
  • 3
  • 19
  • 28

1 Answers1

1

You will need to add Guest or Everyone to the permissions of the share/folder on your machine, or provide a dedicated local account that you can supply domain users who need access.

jimbobmcgee
  • 2,645
  • 4
  • 24
  • 40
  • Guest/Everyone permission doesn't seem to work. And if I can't supply a local account for a given client, is there a way to authenticate locally against their existing AD domain account? – rustyx Jan 17 '13 at 14:58
  • Short of the Win7 machine being on the domain itself? Not really. It's kind of the selling point of domains. You can try passthrough authentication (add a local account to the Win7 machine, with the same username and password -- but you'll need to keep those passwords in sync). You *might* be able to use `icacls.exe` to directly grant each domain user's SID access to the folder and share objects, but I doubt it. other than that, check to see if the Guest account is enabled locally on the Win7 machine... – jimbobmcgee Jan 17 '13 at 21:42
  • Also look at http://serverfault.com/questions/272409/setting-up-an-anonymous-windows-server-2008-network-share, which does it the other way. The principals should be the same for your Win7 machine. – jimbobmcgee Jan 17 '13 at 21:43
  • Thank you. I understand now that what I'm trying to do is impossible. There is no access to the AD on a non domain member, and consequently no way to authenticate a domain user. – rustyx Jan 19 '13 at 20:10