Configure NFS Shares for Anonymous Access

  • Article

Applies To: Windows Server 2008, Windows Storage Server 2008 R2

By default, Server for NFS does not allow anonymous users to access a shared directory. When you share a directory, you can allow anonymous access to the directory, and you can change the UID and GID values for anonymous access to the UID and GID used by a specific UNIX operating system.

Note

The anonymous UID and anonymous GID for an NFS share are used when reporting the owner of a file owned by an unmapped Windows user.

  1. Enable the Network Access: Let Everyone permissions apply to anonymous users policy setting.

    This policy adds the SID for Everyone to any access tokens created for anonymous connections. This allows anonymous users to access any resource that has been given the Everyone group permission.

    To enable this policy for computers that are:

    • Domain members, configure the policy in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options using the Group Policy Management Console.

    • Standalone servers, configure the policy in Security Settings\Local Policies\Security Optionsusing the Local Group Policy Editor.

  2. Grant the built-in group Everyone the appropriate NTFS permissions to the folders being shared as follows:

    • Read-only access, grant the Read & execute NTFS permission.

    • Read and write access, grant the Read & execute NTFS permission and the Write NTFS permission.

Note

The Share and Storage Management snap-in lets you choose the appropriate access permissions when an NFS share is enabled for anonymous access. The corresponding NTFS permissions are then automatically applied to the folder being shared. 

For more information about how to grant NTFS permissions, see [Set, View, Change, or Remove Permissions on Files and Folders](cc754344\(v=ws.10\).md).

  1. Allow anonymous access to an NFS shared folder by using one of the following methods: