Folder Permissions and Home Networking with Windows 7


  1. Posts : 18
    Windows 7 32 bit
       #1

    Folder Permissions and Home Networking with Windows 7



    Hello – I have twogeneralized questions that aren’t related in this context, but I hope it’s OK Iinclude them both in the same thread. They do both pertain to general Windows 7functionality and if later versions of Windows are the same, the knowledge isof value. Basically, I am wanting a better understanding of how Windows worksin these areas that can help to explain some of the seemingly illogical ways wehave to do things at times.

    Question one: I’ll sum it upas, “why, at times, do I have to give myself permission or ownership to certainfolders or files?” The first account created in the first admin account and conceivablyhas the highest level of control – but then why do I have to sometimes “Run asAdministrator” certain programs at times? I have a basic understanding of howpermissions work, and how they can be inherited – and how to change them, andchange ownerships. But I don’t know how these two things fit together. And atthe core of the issue is, if I’m able to give myself ownerships andpermissions, then why does Windows even make me have to go through it?

    I realize that this has beendesigned for client-server networks, domains and a lot more than a singlecomputer or home network. I would like a better understanding of all of it –that way when I do come across a situation where I can’t access a folder orfile, I won’t have to fuddle around in the various security and details screensuntil hopefully it finally works. One situation in particular is when I’veconnected an external drive from an older system, where I used the same UserAccount name. Could it be that although it looks like “I” have permissions,that it’s really the account from the old system? But, to get back to moregeneral things, is there a good resource that explains how all this works – andthat explain the terminology? Things like Object names, Groups, inheritances, etc.?

    The next thing is aboutnetworking, which also seems to be designed for workplaces, then eitherstripped down or adjusted the setup process for home use. When I first setup acomputer (usually I’m connecting to a router/gateway at the same time), I amprompted to set up or join a network. Just following the prompts and not justallowing Windows to lead the way, I end with a Network (this shows up in theNetwork and Sharing Center control panel as “Network 1”), I’m in a workgroupcalled “Workgroup” and then there’s this Homegroup, which tells me to use thisfor easier file sharing.

    Where actually does this “Network1” exist? Then when I go to set up a second computer, is it supposed to see andconnect to this “Network 1” and “Workgroup”? I also don’t understand why, even if I don’t do anything with those twothings when setting up the second computer, both computers can still see eachother and any shared folders, printers, etc.?

    So what I would like to dohere is set up both computers so that everything is nice and net – where eventhough I can share files now, I would like to have it all hooked up via thesame Network, Homegroup, Workgroup or however it’s done. Although this seems tobe a peer to peer network, I would ideally prefer something more of aserver-client configuration if that’s possible. And to be able to use RemoteDesktop – does Windows 7 still require the primary computer to be running WinProfessional?

    Thanks for this site and allthe great information within!


      My Computer


  2. Posts : 5,656
    Windows 7 Ultimate x64 SP1
       #2

    NTFS permissions and Run As Administrator are two different things. NTFS permissions are file/folder level access control lists (ACL) to manage who can do what to those files/folders. Why you may need to take ownership is perhaps because Everyone description may change depending on the OS or because the accounts of a PC does not have any authority over the other PC. And having the same account name doesn't help because there are Security IDs (SID) working behind the scenes and they are different.

    When you try to access a file from a network location, two types of permissions work together to determine what level of access you should have. Sharing and NTFS. The most constrictive of the two is your resultant permission. These permissions are necessary even for home networks because you may have users that you don't want to have full control access to your shares.

    The network name (Network1 in your example) seen in Network and Sharing Center is not important. See the wiki description for workgroup:
    Workgroup is Microsoft's term for peer-to-peer local area network. Computers running Microsoft operating systems in the same workgroup may share files, printers, or Internet connection. Workgroup contrasts with a domain, in which computers rely on centralized authentication.
    So it may be one thing in 1st PC and something else in 2nd PC. As long as both are in the same workgroup they can see each other in the LAN (needs some services to be started though). The default workgroup is Workgroup and IP addresses usually come automatically from a DHCP server (your LAN router) so 2 PCs can see each other automatically in a network.

    Client and Server are roles more than anything, as long as a PC is requesting services from another one it is a client and the other is a server. Rest is MS earning money by crippling an OS and naming it client OS or adding Client Access Licenses (CAL) and name it a server OS (if you ask me) :)
      My Computer


  3. Posts : 18
    Windows 7 32 bit
    Thread Starter
       #3

    Very good - what you postedis consistent with my experience and thus, makes much sense! I often post lengthyquestions and really appreciate when someone takes the time to read and respondto the whole thing. Also, I also suggest that if you already don't, you wouldbe very good at publishing a tech blog, even though there is no shortage ofthose.

    This is how I currently havethings configured - would you mind telling me if there may be a better way, orif this is perhaps how you would do it? I know the rule of thumb is as long asit works, and it does want you want it to do, then it's right - but I'm alwayslooking for the better or best way if it exists.

    I did not enable or create aHomegroup - although I'm still considering this. It seems that it everythingthe Workgroup can do except perhaps for the media streaming. On the maincomputer, I created a user account with a password for the second user toaccess the public files. As expected, when they go into Network on thatcomputer and open it, they are prompted to log in and have access to the PublicFolders. In this set up the main computer acts as the server.

    Does this setup require that bothcomputers belong to the workgroup? In this case, I'm using the default name of"Workgroup". Is there any way to simplify this - it seems thatbefore I was able to allow the other computer access to shared folders withouthaving to create this user account on this computer. In other words, I thoughtI could grant permissions to the existing user account that already exists onthe second computer.

    Thank you very much for yourinput!
      My Computer


  4. Posts : 5,656
    Windows 7 Ultimate x64 SP1
       #4

    I guess all best practices in this area are related to security.

    Homegroup is not required for any network related feature I believe. Even streaming should be compatible with none-MS products, right? And those wouldn't know anything about a HomeGroup.

    You don't need to create any special accounts on the server PC by the way. Your regular account can be used by the client when accessing the shares. Default "Workgroup" is enough. Maybe you can even have different workgroup names assigned, then you would need to access by IP addresses I believe (haven't tried such a thing for ages :)).

    How you do it (minus the extra account you created) is good enough. Better to ask for credentials (username/password combo) for your shares, you can tick to save those credentials anyway. The trick is to use an account that is present on the PC you are trying to connect. So if you are connecting to PC A from PC B, enter the credentials of an account that is present on PC A. Because PC A does not know anything about PC B.

    Hope I am thorough. If not, ask away
      My Computer


  5. Posts : 18
    Windows 7 32 bit
    Thread Starter
       #5

    That's plenty of info for me to go on. I just ran into another situation where I connected another external drive and had to reset permissions - finally was able to do it without a lot of trial and error. So I'm getting there. Thanks for you help!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:52.
Find Us