File Sharing

  • Thread starter Thread starter Alan
  • Start date Start date
A

Alan

I have the exact same question as the exchange below from 8/5/03,
except my shares are on a W/2000 Pro box, and the machines I want to
selectively allow access are XP/Pro. Looks like W/2K doesn't allow
disabling simple file sharing. Is there a way to allow one box access
to some directories and the other box access to others? BTW, my
systems have printer sharing going both ways... Audit seems to
indicate the XP box is logging on as a local user(me), and I can make
it "forget" how to log on.


Search Result 6
From: Steve Winograd [MVP] ([email protected])
Subject: Re: File sharing
View: Complete Thread (146 articles)
Original Format
Newsgroups: microsoft.public.windowsxp.network_web
Date: 2003-08-05 22:48:32 PST


"Paul Ooi" said:
I am a Windows XP user and am currently in a workgroup called SHALOM.
I am trying to make the following work.

I wish to share 2 folders, which are PRIVATE and PUBLIC respectively,
they are both in a disk which has been formatted to NTFS. PUBLIC
should be able to be accessed by anyone in the network while PRIVATE
should only be accessed by certain people.

This is what I have done so far.

In the Security tab of the PUBLIC folder properties, i added
PAUL\Guests user group and in the Share Permissions tab i added
PAUL\Guests user group too. PUBLIC now can be accessed by anyone in
the network without requiring them to enter any password. The problem
now is the PRIVATE folder which I want to restrict some users to have
access to it. I want Windows to prompt the user to enter a username
and password and if it matches one of the restricted user accounts in
my computer, then access is granted to them, otherwise deny their
access. How do I do that?

Thank you.

Paul

Here's how XP Pro (with simple file sharing disabled) controls network
access works in a workgroup (not in a domain):

1. You define permitted users and their type of access for a shared
disk or folder. The user accounts must exist on the local computer.

2. Someone logs into another computer on the network specifying a user
name and password.

3. That person requests access to an XP Pro share.

4. XP Pro looks at the user name and password specified by that person
at login time. If it matches an account on the local computer, XP Pro
grants or denies access according to the pre-defined permissions for
that account.

5. If the user name and password don't match an account on the local
computer, XP Pro replies and asks for a different user name and
password.

6. If the client computer runs Windows 2000 or XP, it displays the
prompt to the user, who can enter another user name and password. If
the client computer runs Windows 95/98/Me, it displays the dreaded
IPC$ prompt, for which there's no correct reply.

This web site has details:

Windows XP Professional File Sharing
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
 
I have the exact same question as the exchange below from 8/5/03,
except my shares are on a W/2000 Pro box, and the machines I want to
selectively allow access are XP/Pro. Looks like W/2K doesn't allow
disabling simple file sharing. Is there a way to allow one box access
to some directories and the other box access to others? BTW, my
systems have printer sharing going both ways... Audit seems to
indicate the XP box is logging on as a local user(me), and I can make
it "forget" how to log on.

W/2K doesn't have simple file sharing -- that's new in XP. Access
control is by user name, not by computer name. Set up user accounts
and define the desired permissions on W/2K. It works the same as
XP/Pro with simple file sharing disabled:

Windows XP Professional File Sharing
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Tx for your reply. When I do as described, I have the following
problem. Config: The 2K box has a printer that it shares with the XP
box. The 2K box also has a drive "D" that is shared with the
administrator and one other user (properties/sharing/permission) who
is not defined on the XP box. However, the XP box can still see all
of drive D. When I audit access to D on the 2K box, it appears that
the XP access is coming in as a local user, but that's all I can
figure out.
 
W/2K doesn't have simple file sharing -- that's new in XP. Access
control is by user name, not by computer name. Set up user accounts
and define the desired permissions on W/2K. It works the same as
XP/Pro with simple file sharing disabled:

Tx for your reply. When I do as described, I have the following
problem. Config: The 2K box has a printer that it shares with the XP
box. The 2K box also has a drive "D" that is shared with the
administrator and one other user (properties/sharing/permission) who
is not defined on the XP box. However, the XP box can still see all
of drive D. When I audit access to D on the 2K box, it appears that
the XP access is coming in as a local user, but that's all I can
figure out.[/QUOTE]

All access to W/2K Pro and XP/Pro in a workgroup is by a local user.
That's why you need to create matching user accounts on both
computers.

When you connect to W/2K from XP, it sends XP's logged-in user name
and password. If W/2K recognizes them, because they match a local
user account, it grants the type of access that you've defined for
that account. If W/2K doesn't recognize them, it prompts for a
different user name and password.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
When you connect to W/2K from XP, it sends XP's logged-in user name
and password. If W/2K recognizes them, because they match a local
user account, it grants the type of access that you've defined for
that account. If W/2K doesn't recognize them, it prompts for a
different user name and password.

Steve, tx for your perserverance.

My problem is that I DO NOT have matching accounts on the machines,
yet the 2K machine grants the XP machine access to all file shares.
The XP machine also has access to a printer on the 2K machine, and I
might have provided an account/password long ago to set up the printer
share. Does XP have some way of storing/caching account
name/password combinations and then attempting to use these to get
access, even if there is no actual local user account by that name?
 
When you connect to W/2K from XP, it sends XP's logged-in user name
and password. If W/2K recognizes them, because they match a local
user account, it grants the type of access that you've defined for
that account. If W/2K doesn't recognize them, it prompts for a
different user name and password.

Steve, tx for your perserverance.

My problem is that I DO NOT have matching accounts on the machines,
yet the 2K machine grants the XP machine access to all file shares.
The XP machine also has access to a printer on the 2K machine, and I
might have provided an account/password long ago to set up the printer
share. Does XP have some way of storing/caching account
name/password combinations and then attempting to use these to get
access, even if there is no actual local user account by that name?[/QUOTE]

Yes, XP might have cached the logon information. Go to Control Panel
| User Accounts, click your account, and click "Manage my network
passwords". Is there an entry for the W/2K machine?
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Yes, XP might have cached the logon information. Go to Control Panel
| User Accounts, click your account, and click "Manage my network
passwords". Is there an entry for the W/2K machine?
--

Bravo! Killed the entry, now working as desired.
 
Yes, XP might have cached the logon information. Go to Control Panel
| User Accounts, click your account, and click "Manage my network
passwords". Is there an entry for the W/2K machine?

Bravo! Killed the entry, now working as desired.[/QUOTE]

That's good news, Alan. Thanks for reporting the result.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top