File Sharing in a Peer to Peer Network

[TonyN]

Hello Everyone: I am trying to implement file sharing in a Windows/XP Peer to
Peer Network. I have 10 Windows/XP computers networked together -some of them
are allocated to Staff, others are Guest machines. I need the Staff machines
to be able to share files and I need those shared files to be inaccessible
(and preferably not visible) to the Guest machines.

My starting point was to disable Simple File Sharing so that I could use the
user level permissions. (Simple File Sharing does work in this configuration,
but I would like more access control at a user or machine or workgroup
level.) When I try to set permissions, the Shared Document Properties shows
me local objects only, not other machines/users on the network i.e. in
Permissions/Add/Select Users or Groups, I am not able to select anything
other than the local machine.

Can someone oint me in the right direction?

Thanks. . .

Tony N.

 

[Malke]

Hello Everyone: I am trying to implement file sharing in a Windows/XP Peer
to Peer Network. I have 10 Windows/XP computers networked together -some
of them are allocated to Staff, others are Guest machines. I need the
Staff machines to be able to share files and I need those shared files to
be inaccessible (and preferably not visible) to the Guest machines.

My starting point was to disable Simple File Sharing so that I could use
the user level permissions. (Simple File Sharing does work in this
configuration, but I would like more access control at a user or machine
or workgroup level.) When I try to set permissions, the Shared Document
Properties shows me local objects only, not other machines/users on the
network i.e. in Permissions/Add/Select Users or Groups, I am not able to
select anything other than the local machine.

Can someone oint me in the right direction?

At this point you should consider buying an entry-level server and setting
up a domain. That will really be the easiest and best way to control access
globally from a central location (the server).

You do not control access by machine; you do it by user permissions as you
originally thought.

Another alternative to the domain is to simply put the Guest machines on
their own network. If you want them to have Internet access, you'll need to
purchase a second account from your Internet Service Provider. Set up the
router for that connection to have a different subnet from your Staff
machines. If the Guest machines don't need Internet access, then just buy a
switch and set them up with static IP addresses on the separate subnet.
IOW, if your Staff is on 192.168.1.xxx, put Guests on 10.0.0.xxx.

Malke

 

[Steve Winograd [MS-MVP]]

Hello Everyone: I am trying to implement file sharing in a Windows/XP Peer to
Peer Network. I have 10 Windows/XP computers networked together -some of them
are allocated to Staff, others are Guest machines. I need the Staff machines
to be able to share files and I need those shared files to be inaccessible
(and preferably not visible) to the Guest machines.

My starting point was to disable Simple File Sharing so that I could use the
user level permissions. (Simple File Sharing does work in this configuration,
but I would like more access control at a user or machine or workgroup
level.) When I try to set permissions, the Shared Document Properties shows
me local objects only, not other machines/users on the network i.e. in
Permissions/Add/Select Users or Groups, I am not able to select anything
other than the local machine.

Can someone oint me in the right direction?

Thanks. . .

Tony N.

In a workgroup network, you can only specify permissions for a user
account that exists on the local computer. That's OK, because those
permissions apply to matching user accounts that exist on other
computers. So by defining account(s) with the same user name(s) and
password(s) on all of the staff computers, you can do what you want.
Ron Lowe and I have written a web page with details:

Windows XP Professional File Sharing
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Desktop Experience)

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[TonyN]

Malke and Steve: Many thanks for your replies to my question about file
sharing. Would either of you be able to give me a quick tutorial about the
difference between Workgroups and Domains, and any related considerations in
a configuration of this size (10 workstations).

Thanks. . .

Tony N.

 

[Malke]

Malke and Steve: Many thanks for your replies to my question about file
sharing. Would either of you be able to give me a quick tutorial about the
difference between Workgroups and Domains, and any related considerations
in a configuration of this size (10 workstations).

Very quickly (because domains are a complicated subject):

A domain is created when you have a machine running a server operating
system which you have made the domain controller and are using Active
Directory. All permissions/restrictions on the users and workstations are
set on the server. The advantage is that you can manage all your users and
workstations from one central location instead of having to go to each
workstation individually. You can set very fine-grained permissions and
restrictions on users and groups of users, push out updates, virus
definitions, host programs, have the data in one location for easy backup
(no data should be on the workstations). Domains are very cool. The
downside of having a domain is that you have to learn something new. ;-)
With such a small network, it isn't that complicated though. Here are a few
links to get you started:

Great resource - http://www.petri.co.il/

Windows Essential Business Server for small companies (I haven't tried this
yet, it's pretty new) http://www.microsoft.com/ebs/en/us/default.aspx

Windows Small Business Server
http://www.microsoft.com/sbs/en/us/default.aspx

A Workgroup is a collection of networked computers. They are all equal,
hence the term "peer-to-peer". They can share resources but each
workstation is managed individually. One thing I should also point out is
that there is a limitation on inbound concurrent connections with Windows
XP/Vista that you may bump into if one of the workstations is acting as a
"pseudo-server", acting as a file/application server. The limitations is on
the number of connections, not the number of computers and one computer can
(and usually does) make more than one connection to the pseudo-server. XP
Home has a 5-connection limitation and XP Pro has a 10-connection
limitation.

Inbound connections limit in XP - http://support.microsoft.com/?id=314882

5 - XP Home/Vista Home Basic
10 - Vista Home Premium/Vista Ultimate/XP Pro
74 - SBS 2003 (I don't know if this has changed in SBS 2008)
Unlimited for full Server OSes

A good rule of thumb is that if you have a pseudo-server and 7 or more
workstations, it's time to consider a server - not just because of the
inbound connections limitation but because of the time needed to administer
all those workstations individually.

Malke

 

[TonyN]

Malke: Thanks for the additional information on Workgroups and Domains, and
the reference links - lots to think about. (I'll try not to panic!)

Regards. . .

 

[Malke]

Malke: Thanks for the additional information on Workgroups and Domains,
and the reference links - lots to think about. (I'll try not to panic!)

You're welcome. And there's certainly no need to panic. Since you have a
business, if you are considering a domain you might also consider hiring an
outside computer tech to set it up for you (unless you are the IT guy and
need to know this stuff). Time management, you know. Don't use a
BigComputerStore/GeekSquad type of place.

Cheers,

Malke

 

[Gordon]

Malke: Thanks for the additional information on Workgroups and Domains,
and
the reference links - lots to think about. (I'll try not to panic!)

In addition to Malke's comprehensive advice (as usual), if cost is a
criteria you might look at a Linux server....

 

[Anteaus]

Least cost route for >10 users is a Linux/Samba server. This has very good
reliability, but needs a bit more study to setup, as most of its config is
done by editing textfiles.

If you can guarantee to keep it under ten, then an XP Pro machine with
Simple Sharing OFF can act as the server. Issue there, though, is that if you
go over ten you have a problem as there is no upgrade path to a server
version of Windows.

Whatever approach you take, I'd strongly advise against creating a 'cat's
cradle' of shares. Allocate one computer as the data store, and provide it
with some dependable form of backup.

You may find http://mylogon.net a simpler approach to providing a
network-oriented logon (to any Windows or Linux server) for a small site.

 

[TonyN]

Gordon and Anteaus: Thank you for your comments on alternatives for my
networking requirement. In particular, the MyLogon solution looks interesting
- I'll definitely be looking into that approach.

Regards. . .

Tony N.