Security Options for Anonymous Acccess to File Share on Windows Server 2003 (e.g. print server)

The minimum (just about, but it may be possible to do better, but I got fed up changing Group Policy and rebooting the computer) security options for Anonymous Acccess to File Share on Windows Server 2003 (e.g. print server):

Enable and give the guest account a blank password:

Enable the guest account and give it a blank password (computer management: users and groups)
gpedit.msc -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options ->
Accounts: Guest account status: enabled

In the same bit of Group Policy (allowing network access for anonymous logins from NT4,2K and XP):
Network Access: allow anonymous SID/Name translation: disabled
Network Access: Do not allow anonymous enumeration of SAM accounts: enabled
Network Access: Do not allow anonymous enumeration of SAM accounts and shares: disabled
Network Access: let everyone permissions apply to anonymous users: enabled
Network Access: restrict remote access to named pipes and shares: disabled

gpedit.msc -> Computer Configuration -> Windows Settings -> Local Policies -> User Rights Assignment ->
Access this computer from the network: everyone, anonymous logon

The GPO stuff can be done in the AD domain policy or an OU GPO.

After that I was given access without a credential prompt to the printer shares.

I then limited access to the shares using the windows firewall and a custom IP/subnet list.

Reference discussion with most of the info in it