share folder permission

[Lisa]

Hi,

My XP Pro is in a domain. I created a user account and group on the local
machine and grand proper permission to a shared folder. However I get access
deny error message when I tried to open it from other machine on the network,
but I can acccess it if I use domain account. It seems like the local account
doesn't work. Can someone know why this happen?

Any help will be appreciated!

Thanks in advance!

Lisa

 

[Lanwench [MVP - Exchange]]

Hi,

My XP Pro is in a domain. I created a user account and group on the
local machine and grand proper permission to a shared folder. However
I get access deny error message when I tried to open it from other
machine on the network, but I can acccess it if I use domain account.
It seems like the local account doesn't work. Can someone know why
this happen?

Any help will be appreciated!

Thanks in advance!

Lisa

A local account is just that - local. You can't access anything across a
network connection with one. So, to access a shared resource on a remote
machine on the network the user *has* to be logging in with a domain
account. (Yes, there are some ways to do things in a workgroup with local
accounts, but those aren't really relevant & I don't want to confuse
matters).

My questions are:

1) Why create a local share since you've got AD? Workstations really
shouldn't have any data on them, let alone *shared* data. That's what the
centralized servers are for.

2) If you *do* need a local shared folder for some reason, why did you
create a local user/group? The two things are not related.

 

[Lisa]

Hi Lanwench,

Thanks for your reply. We have a branch office oversea who has their own
domain. Now we want to share files. I don't want to create accounts for them
on our AD. That's why I was thinking about local account on the shared PC. Is
there a way to do it without creating account on our AD?

Thanks again for your advice!

Lisa

 

[Lanwench [MVP - Exchange]]

Hi Lanwench,

Thanks for your reply. We have a branch office oversea who has their
own domain. Now we want to share files.

OK - so why not create a trust?

I don't want to create
accounts for them on our AD.

I would, if you aren't creating a trust. It's a lot easier to secure & audit
stuff that way.

That's why I was thinking about local
account on the shared PC. Is there a way to do it without creating
account on our AD?

Again, why would you have files shared from a workstation anyway? This is
bad practice. Keep everything on your servers. It's much better.

Thanks again for your advice!

You're most welcome - hope it's helped.

 

[Lisa]

Thanks again Lanwench. The reason that I concerned to create their accounts
on the AD is the license issue. We ran out of CALs. Is that true that we can
only have 100 accounts if we purchased 100 CALs?

The other thing that we put the shared folder on the workstation instead of
server is that this is for sharing files. Not require a lot of securities.

Thanks again,

Lisa

 

[Lanwench [MVP - Exchange]]

Thanks again Lanwench. The reason that I concerned to create their
accounts on the AD is the license issue. We ran out of CALs. Is that
true that we can only have 100 accounts if we purchased 100 CALs?

For licensing questions you should call Microsoft directly, to ensure you
get the best advice. That said, a) yes, you need more CALs if you have more
users and b) if you stop & disable the license logging service as most
people do, you will be presumed to be in "per seat" mode. I don't know
whether per user or per seat makes sense for your company. But you can't
bypass your CAL count by doing what you're trying to do right now.

The other thing that we put the shared folder on the workstation
instead of server is that this is for sharing files. Not require a
lot of securities.

That isn't the point - the point is, if it's company data, it should be
centrally maintained and backed up and administered. Workstations should be
just that - workstations.