Or: "Is this a thing? And how would I check if it was?"
In an environment without a Domain Controller, when accessing a share on a Windows Server 2008 R2 box, from a remote computer without a matching user account on the server, (and connecting by typing \\SERVERNAME\ShareName
from the Start menu) I currently observe the following behavior based on the "Password protected sharing" setting (Advanced sharing settings):
When "Password protected sharing" is turned on, all attempted connections fail after up to 30 seconds with:
Logon failure: the user has not been granted the requested logon type at this computer.
With "Password protected sharing" turned off, connections to anonymous-accessible shares are allowed, while permission-restricted shares fail with:
You do not have permission to access \SERVERNAME\ShareName. Contact your network administrator to request access.
This seems to be expected behavior. I need to have certain shares accessible by anonymous logons, so I had to change this setting from the default to off.
HOWEVER, there is a third case here. (whaaaaat?)
If you try to connect to a share without having modified this setting (that is, it is set to on but you've never clicked it), the connection behaves similar to the on case above in that it takes up to 30 seconds to show a response, but then it displays an authentication dialog:
I had this hunch after beating my head against a wall for a few days, and just replicated this on a server with no existing shares: Create anon-read share, try to connect and get dialog, change the setting, connect successfully, change setting back, and get a different error message. (Tested all of these on fresh client systems so there was no risk of caching.)
To reiterate: I have controlled for the client systems. This appears to be entirely server-related.
So, it's clear to me that changing the "Password protected sharing" setting is changing more than one thing (registry key? I'm Mac-native) behind the scenes, and that the default settings the system ships with do NOT all match up with the setting reflected in the control panel (or the control panel itself is broken and should be changing more things).
So the question is: is this by design, or is it a bug? And in either case, what is the "hidden setting" that is being changed or left unchanged? How would one track that down? I'm running out of fresh servers to test on. :-(