Share Folders on Win7-ULT32 with users SELECTIVELY

Page 2 of 2 FirstFirst 12

  1. Posts : 8,870
    Windows 7 Ult, Windows 8.1 Pro,
       #11

    Tom Stitt wrote this up awhile back and it seems to work but it also takes some effort to complete the process.

    When the users connect, you need to have password sharing enabled (i.e. they must put in a password to enter the shared computer (they can always save this so they need not enter it next time). You now need 2 local users on the Windows 7 computer, e.g. call them user1 and user2 with their own respective passwords. Don't make them ADMIN users.

    Note that you also need to remap the drives and use these logins and passwords for the drive mapping.

    Now user1 has access to everything, so on the outside folder give them complete access (or read only as you desire, including access to the special folder inside). Repeat this action for user2. Now go to the special folder that you only want user1 to have access to. right click on it and select properties/security. On the permissions tab, have a look and write down the current permission settings (this is an important reducndancy step should something you do fail later). Now look for a tickbox to inherit parent permissions and untick this. Now give permissions only to those users that you want to access this folder. Be aware that you probably need SYSTEM and CREATOR OWNER on there.

    Like all good plans, switch user to user1 on the Windows 7 box and test that they can locally access what they are supposed to. Repeat with User2. Now remap the drives with the new passwords and give the passwords out to the users.

    This should fix your issue.
      My Computer


  2. Posts : 25
    Windows 7
    Thread Starter
       #12

    CommonTater said:
    TrumanHW said:
    So, I decided to build a server because all NAS solutions are expensive if they're decent, and some of the decent ones (QNAP 439pro) USES the intel ICH10r !!! The one thing I do NOT have with my server solution is the ability to choose which users have access to which folders. The HomeGroup sharing is really cool; and things like my media are ideal to give full read access to. However, I'd really like to be able to enable my friends to each have their own, password protected folders. Obviously, as the admin I could violate their privacy, but I'd like to be the only person they're all trusting.

    I'm having a really hard time finding a way to give selective access. Am I retarded? Am i missing something?

    Is the only way through homegroup or to just create user accounts? And if only through user accounts.. how do I restrict them from modifying (read/write as opposed to read only). Can multiple accounts be logged in simultaneously?

    I do realize I'm kinda network clueless. Thanks for your help.. and even if its just to say you don't think I have a solution, please chime in.
    Go to...

    Control Panel -> Network and Sharing -> Advanced Sharing ->
    Turn OFF public folder sharing
    Turn ON "Use usernames and passwords to access other computers"

    Now you need to set up individual shared folders by right clicking the folder, select sharing and create your file share...

    To give different users, different permissions, select Advanced Sharing instead and you can add their usernames and adjust their permissions in the resulting dialog.

    Only one "gotcha" in this... to access a computer, the user has to have an account name and password that exists on the TARGET computer... So if you want permissions tied to each user... you'll have to give them all accounts on the server (and other computers if they're going to access them as well).

    You're awesome. VERY clear instructions. Good writing, good knowledge. Effective.

    One hiccup, tried to login from a guest account and it didn't prompt me for a username and password. Is it not possible to login from an account that isn't the name of the account I'm on? It didn't prompt me for it ... if it is possible. How would I enable this option.......

    Thanks again.
      My Computer


  3. Posts : 8,870
    Windows 7 Ult, Windows 8.1 Pro,
       #13

    TrumanHW said:
    CommonTater said:
    TrumanHW said:
    So, I decided to build a server because all NAS solutions are expensive if they're decent, and some of the decent ones (QNAP 439pro) USES the intel ICH10r !!! The one thing I do NOT have with my server solution is the ability to choose which users have access to which folders. The HomeGroup sharing is really cool; and things like my media are ideal to give full read access to. However, I'd really like to be able to enable my friends to each have their own, password protected folders. Obviously, as the admin I could violate their privacy, but I'd like to be the only person they're all trusting.

    I'm having a really hard time finding a way to give selective access. Am I retarded? Am i missing something?

    Is the only way through homegroup or to just create user accounts? And if only through user accounts.. how do I restrict them from modifying (read/write as opposed to read only). Can multiple accounts be logged in simultaneously?

    I do realize I'm kinda network clueless. Thanks for your help.. and even if its just to say you don't think I have a solution, please chime in.
    Go to...

    Control Panel -> Network and Sharing -> Advanced Sharing ->
    Turn OFF public folder sharing
    Turn ON "Use usernames and passwords to access other computers"

    Now you need to set up individual shared folders by right clicking the folder, select sharing and create your file share...

    To give different users, different permissions, select Advanced Sharing instead and you can add their usernames and adjust their permissions in the resulting dialog.

    Only one "gotcha" in this... to access a computer, the user has to have an account name and password that exists on the TARGET computer... So if you want permissions tied to each user... you'll have to give them all accounts on the server (and other computers if they're going to access them as well).

    You're awesome. VERY clear instructions. Good writing, good knowledge. Effective.

    One hiccup, tried to login from a guest account and it didn't prompt me for a username and password. Is it not possible to login from an account that isn't the name of the account I'm on? It didn't prompt me for it ... if it is possible. How would I enable this option.......

    Thanks again.
    As you found out, the method above requires you to have a second account on the machine you are sharing from.

    The method I posted does not require this and is the only way to accomplish what you are trying to do.
      My Computer


  4. Posts : 1,170
    XP Pro SP3 X86 / Win7 Pro X86
       #14

    TrumanHW said:
    Interesting. So the quota they state (20) is not "real-world" ..? Regardless, 5 is adequate by far for me... and as far as using a different computer for it to spare my i7... why not just be consolidated?
    It is 20 connections per share...

    A common misunderstanding is that it means you can't have more than 20 computers in a workgroup, but that's not the case... if you could find a router to handle it (and they do exist) the upper limit is actually 32768 machines.

    The thing is that no more than 20 of those machines can be connected to anyone file share at the same time.
      My Computer


  5. Posts : 1,170
    XP Pro SP3 X86 / Win7 Pro X86
       #15

    TrumanHW said:
    CommonTater said:
    TrumanHW said:
    So, I decided to build a server because all NAS solutions are expensive if they're decent, and some of the decent ones (QNAP 439pro) USES the intel ICH10r !!! The one thing I do NOT have with my server solution is the ability to choose which users have access to which folders. The HomeGroup sharing is really cool; and things like my media are ideal to give full read access to. However, I'd really like to be able to enable my friends to each have their own, password protected folders. Obviously, as the admin I could violate their privacy, but I'd like to be the only person they're all trusting.

    I'm having a really hard time finding a way to give selective access. Am I retarded? Am i missing something?

    Is the only way through homegroup or to just create user accounts? And if only through user accounts.. how do I restrict them from modifying (read/write as opposed to read only). Can multiple accounts be logged in simultaneously?

    I do realize I'm kinda network clueless. Thanks for your help.. and even if its just to say you don't think I have a solution, please chime in.
    Go to...

    Control Panel -> Network and Sharing -> Advanced Sharing ->
    Turn OFF public folder sharing
    Turn ON "Use usernames and passwords to access other computers"

    Now you need to set up individual shared folders by right clicking the folder, select sharing and create your file share...

    To give different users, different permissions, select Advanced Sharing instead and you can add their usernames and adjust their permissions in the resulting dialog.

    Only one "gotcha" in this... to access a computer, the user has to have an account name and password that exists on the TARGET computer... So if you want permissions tied to each user... you'll have to give them all accounts on the server (and other computers if they're going to access them as well).

    You're awesome. VERY clear instructions. Good writing, good knowledge. Effective.

    One hiccup, tried to login from a guest account and it didn't prompt me for a username and password. Is it not possible to login from an account that isn't the name of the account I'm on? It didn't prompt me for it ... if it is possible. How would I enable this option.......

    Thanks again.
    I'm guessing you have Guest accounts active on all your computers?
    Just give them different passwords on each machine...

    On Bark ... User == Guest, PW == Bark
    On Meow ... User == Guest, PW == Meow

    Now it will see the credentials don't match and it should pop up the password dialog.

    However... You should note that as "Guest" is a member of "Everyone" but not of Users or Administrators... thus your Guests would have read only permissions unless you tampered with the "Everyone" permissions in the shares.

    The logic behind this is sound...
    If you don't want someone to see something... don't share it.
      My Computer


  6. Posts : 1,325
    Windows7 Ultimate 64bit
       #16

    CommonTater said:
    TrumanHW said:
    Interesting. So the quota they state (20) is not "real-world" ..? Regardless, 5 is adequate by far for me... and as far as using a different computer for it to spare my i7... why not just be consolidated?
    It is 20 connections per share...

    A common misunderstanding is that it means you can't have more than 20 computers in a workgroup, but that's not the case... if you could find a router to handle it (and they do exist) the upper limit is actually 32768 machines.

    The thing is that no more than 20 of those machines can be connected to anyone file share at the same time.
    Hmm... I bumped connection limit in one of my client's network, it was using XP as a file server, there can be only 5 users transferring something from/to the XP machine (5 concurrent users) at any given time. You can connect to the XP machine as many as 20 users per share, but there can only be 5 users that is transferring... But then again, it's XP (this was around 2002), I assume since MS didn't change their policy in clients OS, then the 5 invisible limit is still there (Any Windows server will have 5 CALs, except the SMB edition)... These days I don't even bother to use ANY Windows as a file server, Linux is faster, more resilient, easier to manage, and it can backup like no Windows will ever be able to...

    zzz2496
      My Computer


  7. Posts : 25
    Windows 7
    Thread Starter
       #17

    Lets say I don't want to share the entirety of drive D: with RDC connections or as a network shared folder.
    Lets say user Mike for instance, who uses RDC, and needs access to D:\Backup\Mike
    But Mike can't have access to the remainder of the D: drive; only selective access.

    Currently, under D: security tab, there are members of the group:

    Authenticaed Users
    SYSTEM
    Mike (C.Name\Mike)
    Administrators (C.Name\Administrators)
    Users (C.Name\Users)

    Also, modifications are written after I changed them; are they being written to my OS drive? Or the drive where they are changed? If they are written to the drive I changed them on, D, will this .. 'meta data' be COPIED if I back the drive up? Or does it get striped off if I copy it?

    In case it in anyway simplifies the objective, there will ONLY be two types of users; Administrators and users with restricted access, as I described above.

    thanks :)

    Also, I noticed the group names within computer management aren't exactly the same as under security, and therefor group policy changes I'd make wouldn't be certain. Is this inconsistency of naming convention accidental? Is there a conversion chart? Or is the difference in names indicative of differences that'd need to be observed.
      My Computer


  8. Posts : 25
    Windows 7
    Thread Starter
       #18

    bump
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:17.
Find Us