How to request.....sharing network resources

[SargeUSMC]

I have a host computer running Win7 with a large external HDD hooked up for storage. This computer currently requires no user account login. Sit down and go.

I have a directory structure created on this host storage drive. 1 folder for everyone in the company.
I want the network users, working from their own computers, to have access to ONLY their folder; no one elses.

Is there a way to do that? I've played around with the advanced sharing options, but I don't know what they syntax is to point to another machine/user on the network.

Any help would be appreciated.


Semper FI

 

[Layback Bear]

I'm not sure I can help you Sarge but those that can will need some information to work with.

Please complete this tutorial by Brink.

http://www.sevenforums.com/tutorials/180324-system-info-see-your-system-specs.html

 

[GokAy]

It is not as easy as in a domain, but yes, this is doable. Example names in bold, change to whatever you will (but keep them consistent).

Windows 7 max concurrent connections is 20. How many users do you have? Possibly you can tweak this. I don't know if there is a limit on max number of accounts that can be created on Win 7.


- Create an account on the Host machine (HOST) for everyone that needs a folder:
--- Name1_Surname1 (password1), Name2_Surname2 (password2), etc.
- Create a folder on your external HDD (Assume it is drive E:): E:\personal
- Create sub-folders for the employees in E:\Personal
--- E:\Personal\Name1_Surname1, E:\Personal\Name2_Surname2, etc.
- Advanced Share options for E:\Personel - remove Everyone, add Authenticated Users full control, add Administrators full control
- Security tab for E:\Personal - Advanced - Change Permissions - remove tick for "Include inheritable permissions ..." - click "Add" at pop-up security window
--- remove Users (if there is one)
--- modify Allow "Authenticated Users", Apply to: "This folder only" and tick only:
------- Traverse folder / List folder / Read attributes / Read extended attributes / Read permissions
- Security tab for E:\Personal\Name1_Surname1 - Advanced - Change Permissions
--- remove "Authenticated Users"
--- Add "Name1_Surname1" - Apply to: "This folder, subfolders and files" with Full Control
--- Add "Name1_Surname1" - Apply to: "This folder only" - tick Deny for Delete / Take Ownership
- Repeat Security tab adjustments for all of the other "Name#_Surname#"s so everyone has rights in his/her own folder

Now, you can either make your users to browse to the shared folder Personal via Network in left pane of Explorer, but you will have to enter the credentials (username: Name#_Surname# with Password: Password#) and save them (check the tick box while entering credentials) OR map a network share.

For Name1_Surname1 it will look like this (run at the users own PC)

net use [B]Z[/B][COLOR=black]: [B]\\HOST\Personal\Name1_Surname1[/B][/COLOR][COLOR=black] /savecred[/COLOR]

Enter username (Name1_Surname1) and password (password1) when prompted.

I hope I haven't missed anything. If something doesn't work as away, this is working in my Virtual Lab.

** You can also impose NTFS quotas for the users, so they don't exceed a certain amount of Disk space.

Edit: Maybe you can just use Group Policy Logon script to map the network share, haven't tried this due to time (03:30 AM).

 

[SargeUSMC]

question.....with this procedure are we giving access to the E drive on the host to individuals, or to user accounts on the network workstations?

For example, my name is Bob, but the name of the computer I use is Repair-Shop1 and the user account I log into, without a password, is Shop.....

 

[GokAy]

With this method you are not touching any of the current user accounts that reside on their respective workstations. I am not interested in your credentials (as it should be for security reasons).

Also, users doesn't need to know their corresponding user account on the HOST and it's password. This information should only be at the administrator. Once you map the network share, it will be automatic to the user. (at most you will have to remap and enter the correct credentials from time to time).

Since there is no common authenticator, it is not possible to give access to user accounts that are on the workstations. If you have a domain controller or something like the Small Business Server of the old days then sure you can give access to users and that would be even easier. But I guess, your PCs are just networked together w/o any domain like function, right?

I hope this clears some confusion. Ask away if anything is not clear.

 

[SargeUSMC]

I just noticed you are in Istanbul! Thank you kindly for your help. I'll give it a go.

 

[SargeUSMC]

Ok, after I setup the advanced share options for the backup drive and try to apply them, it tells me access is denied to the system volume information folder on the drive.

Setting security permissions for the user folder on the backup drive, I cannot remove any of the users there. The Include Inheritable Permissions" box is checked off. If I uncheck it, all users disappear.

 

[GokAy]

You should be doing these (sharing and NTFS permissions) for the folder not the drive. Can you post a screenshot please? I won't be home for a few hours but will try to help if I can.

 

[SargeUSMC]

Ok, I goofed right from the start and didn't create a subdirectory on the backup drive for all the user folders to go into.

So I've done that, and I was able to go thru your instructions step by step, and it all seemed to work.
So now when I navigate to the host computer, I can see the shared root folder on the backup drive. But when I try to access that root folder to get to the user folders inside, it tells me that I don't have permission to access it.

Not sure why, but that's where I am.

 

[GokAy]

Ok, check whether administrators have full control on main shared folder (E:\personal in my example) also check user folders' permissions for admins. You are trying to browse from the Host right? Not through shared folder?

 

[SargeUSMC]

No, from the host I can see everything. From a network workstation I can't get past E:\Personal.

The sharing tab for advance properties of the user folder is telling me the folder is not shared......

 

[SargeUSMC]

I'm trying to browse TO the host from a net workstation manually, before mapping a net drive. Can't get past the e:\Personal directory.

If I check the properties of the user's directories, under the sharing tab it tells me the directories are not shared......I don't know if that means anything or not, but that's where I am.

 

[GokAy]

Yes, we didn't share the user folders, but just the Personal. Rest is done with NTFS permissions.
I am home now and can actually see my example. Sending a PM shortly.

 

[GokAy]

OP connected to my Virtual Machine remotely and we did troubleshoot the problem interactively. It turned out to be the HOST machine had "password protected sharing" turned off, and anyone browsing to the share was using the guest account. Everything started working as expected after "password protected sharing" was turned on.