Monthly Archives: March 2015

Creating network share with anonymous access

I needed to create a network share on Windows server machine which would require no authentication whatsoever from users. This post is intended to serve me as a reminder, since googling the solution every time eats easily away hours.

Settings which need to be changed of course depend on version of Windows of network share host. This post describes how to do it on a Windows 2012 R2.

Rougly what needs to be done is:

  • network share should be created
  • share permissions need to be set
  • security settings need to be changed

In more words:

  1. Share a folder by opening folder properties, navigating to Sharing tab and clicking
    Advanced Sharing…
    2015-03-10_18-34-08
  2. Enable sharing and click Permissions
    2015-03-10_18-34-35
  3. Add Everyone (should already be there), Guest and ANONYMOUS LOGON and give them Read access
    2015-03-10_18-35-07
  4. Open Group Policy Editor (hit Ctrl+R, type gpedit.msc and hit enter)
  5. Navigate to Computer Configuration → Windows Settings → Security Options
    2015-03-10_18-50-30
  6. Change following:
    • Accounts: Guest account status – change to Enabled
    • Network access: Let Everyone permissions apply to anonymous users – change to Enabled
    • Network access: Restrict anonymous access to Named Pipes and Shares – change to Disabled
    • Network access: Shares that can be accessed anonymously – enter name of share you created in the text field
      2015-03-10_18-49-23

This let me access the share \\<MachineName>\Share without providing any login information.

Running Windows 8.1? With how similar these two OSs seem, you’d expect this would be enough. However, it is not. For Windows 8.1, Microsoft recommends using Home groups. It is still possible to get conventional file share working, but I have not had time to try this out and it doesn’t seem a good security practice. I’ll just refer you to a find I stumbled upon on MS Technet Forums. Essentially what it suggests is using LanMan level 1 compatibility mode which would allow OS to accept LM authentication (in addition to NTLMv2). I’m not going to pretend to understand what kind of repercussions this has on machine security so I won’t recommend you to do it outside of your home LAN, and maybe not even there if it’s exposed over WiFi.

2015-03-11_13-07-44

Web server returning proper response with 500 status

Problem

I’ve had a funny problem today. It wasn’t so funny during hour time I was trying to solve it. Directing my browser to a web page which looked OK yesterday resulted in a horrific view of content without downloaded styles and smelled like missing script files.

Debugger has shown that indeed, some of the static files could not be downloaded. Status 500, server said. Internal server error, server said. Ok then, let’s see what this is about. So I open Response body and what do I see? I see proper response, from start to end.

2015-03-06_19-07-14

This happened to random static files.

Root cause

My bad…

I’ve placed some debugging code which occasionally failed in Global.asax.cs, Application_Start method. Code was such that it failed for random web request, and IIS was configured through web.config to let ASP.NET handle all requests, including static files. So, from standpoint of ASP.NET, web request has failed since an exception was thrown and it returned status 500 to IIS. However, it did not return any response body along with status, so IIS grabbed the file and sent it back.

 

Web fonts and IE on Windows 2012

I’ve had not a good day with web. It’s been throwing me curve balls whole day. One of things which wasted my time was Internet Explorer which is ran on a server OS.

I did not expect everything to go completely smooth, as it’s usual to have to go around IE enhanced security on server operating system if you wish to browse at all.

I’ve fired up IE’s debugger to see what’s going on, expecting that problem lies in MIME types configured in IE (or web.config file). However it turned out that IE did not request web fonts at all. There was no warning or notice in console either.

Iconless buttons
IE on server OS does not request web font unless site is trusted

Problem was that IE does not even request web fonts unless host is added to list of trusted sites. Run to IE options, Security tab, select Trusted sites and add target host to the list. Problem should be solved

2015-03-06_18-53-152015-03-06_18-56-08