Multiple Individual permissions.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I have a small home network consisting of 4 clients and 1 server (Configured
as a Workgroup). They are all running XP Pro. The server acts as a file,
print, game and internet server. As it is for my family, internal security is
not really a problem. I do however want to protect some folders from my
younger brother. So on the server I have used folder permissions to protect
folders from his user name, and I have done the same to protect him and my
Dad from folders on the clients (eg. Windows dir).

Currently the only way I know how to achieve that is by having 5 separate
user accounts on each machine.

Accounts:
M
R
D
P
Administrator

However, now I have 5 different login names at the Welcome screen and all
the associated folders that come with each profile, not to mention the pain
of going to 5 computers to change a single permission.

All I want is for Client D to boot to windows automatically using D’s
profile, Client M to boot to M etc. I don’t need roaming profiles.

------------

I am trying to set the permissions to do this:

Client D = Admin rights on all machines
Client R = Admin rights on all machines

Client M = Admin rights on self, user rights (read/write) on all machines.
Client P = Admin rights on self, user rights (read/write) on all machines.

Server = Admin rights on all machines

------------

From my various reading on the subject, it seems I need to upgrade my server
to a Domain server. It seems that that is overkill (and expensive) just to
remove users from the log-in screen and centralize permissions handling.
Plus, I don’t think my game’s (Americas Army, RB63, C&C, HL2, Far-Cry)
various server programs work under 2K, NT or 2003.

I had this idea:
I have noticed in the Computer Management>Local Users and
Groups>Groups>*Select Group>Properties>Add> Location> that it asks you to
select a location of the object, but will only let my search the local
machine, not the entire network. Can I do this and thus centralize the whole
process?

In conclusion, is there a better way to do what I am doing?

Thanks for the help,
Bacon
P.S: Sorry about the long post, thought its better to give as much info as
possible.
 
Hi,

I have a small home network consisting of 4 clients and 1 server (Configured
as a Workgroup). They are all running XP Pro. The server acts as a file,
print, game and internet server. As it is for my family, internal security is
not really a problem. I do however want to protect some folders from my
younger brother. So on the server I have used folder permissions to protect
folders from his user name, and I have done the same to protect him and my
Dad from folders on the clients (eg. Windows dir).

Currently the only way I know how to achieve that is by having 5 separate
user accounts on each machine.

Accounts:
M
R
D
P
Administrator

However, now I have 5 different login names at the Welcome screen and all
the associated folders that come with each profile, not to mention the pain
of going to 5 computers to change a single permission.

All I want is for Client D to boot to windows automatically using D’s
profile, Client M to boot to M etc. I don’t need roaming profiles.

------------

I am trying to set the permissions to do this:

Client D = Admin rights on all machines
Client R = Admin rights on all machines

Client M = Admin rights on self, user rights (read/write) on all machines.
Client P = Admin rights on self, user rights (read/write) on all machines.

Server = Admin rights on all machines

------------

From my various reading on the subject, it seems I need to upgrade my server
to a Domain server. It seems that that is overkill (and expensive) just to
remove users from the log-in screen and centralize permissions handling.
Plus, I don’t think my game’s (Americas Army, RB63, C&C, HL2, Far-Cry)
various server programs work under 2K, NT or 2003.

I had this idea:
I have noticed in the Computer Management>Local Users and
Groups>Groups>*Select Group>Properties>Add> Location> that it asks you to
select a location of the object, but will only let my search the local
machine, not the entire network. Can I do this and thus centralize the whole
process?

In conclusion, is there a better way to do what I am doing?

Thanks for the help,
Bacon
P.S: Sorry about the long post, thought its better to give as much info as
possible.
Click to expand...

Your long post was well written, and quite on point. Many folks asking for help
here would do well to imitate you.

Unfortunately, what you're asking about you already have written the answer for.

With Windows XP Pro in a workgroup, you can only authenticate against local
objects. If you wish to authenticate against remote objects (user accounts on a
server), you have to join a domain. Which means, yes, that you will need a
server with Server 2000 or 2003.
 
PrvtBacon said:
Hi,

I have a small home network consisting of 4 clients and 1 server
(Configured
as a Workgroup). They are all running XP Pro. The server acts as a file,
print, game and internet server. As it is for my family, internal security
is
not really a problem. I do however want to protect some folders from my
younger brother. So on the server I have used folder permissions to
protect
folders from his user name, and I have done the same to protect him and my
Dad from folders on the clients (eg. Windows dir).

Currently the only way I know how to achieve that is by having 5 separate
user accounts on each machine.

Accounts:
M
R
D
P
Administrator

However, now I have 5 different login names at the Welcome screen and all
the associated folders that come with each profile, not to mention the
pain
of going to 5 computers to change a single permission.

All I want is for Client D to boot to windows automatically using D's
profile, Client M to boot to M etc. I don't need roaming profiles.

------------

I am trying to set the permissions to do this:

Client D = Admin rights on all machines
Client R = Admin rights on all machines

Client M = Admin rights on self, user rights (read/write) on all machines.
Client P = Admin rights on self, user rights (read/write) on all machines.

Server = Admin rights on all machines

------------

From my various reading on the subject, it seems I need to upgrade my
server
to a Domain server. It seems that that is overkill (and expensive) just to
remove users from the log-in screen and centralize permissions handling.
Plus, I don't think my game's (Americas Army, RB63, C&C, HL2, Far-Cry)
various server programs work under 2K, NT or 2003.

I had this idea:
I have noticed in the Computer Management>Local Users and
Groups>Groups>*Select Group>Properties>Add> Location> that it asks you to
select a location of the object, but will only let my search the local
machine, not the entire network. Can I do this and thus centralize the
whole
process?

In conclusion, is there a better way to do what I am doing?

Thanks for the help,
Bacon
P.S: Sorry about the long post, thought its better to give as much info as
possible.
Click to expand...


As Chuck says, the only way to have anything else other than the local
machine appear in the Location box is to have a domain.

Within a workgroup, you need to create a local account on each machine for
each user you want to grant access to. This will usually mean maintining
simultaneous accounts on each machine for all the users.

It is possible however to configure each machine to boot up straight to it's
assigned user account, and not have to deal with a welcome screen with
several users.

There's a couple of ways to do this:

First, you could hide users from the Welcome Screen:
Go to Start - Run - Regedit, hit Enter.

Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList.

Add the username you wish to hide as a DWORD value. Set the value to 0
(zero).
This will prevent the user from showing up on the welcome screen.

Tha machine will boot to the welcome screen, with only the accounts you want
displayed.
The user can then enter their password, if one is defined.

( If you ever need to log onto one of the 'hidden' accounts, you can press
CTRL-ALT-DEL twice at the welcome screen to get the standard logon dialog. )

Alternatively, you can download TweakUI and use the Autologon feature.
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

You can enter a Username and Password for the account you wish to auto logon
with.
This time, the machine will boot straight to the user's desktop, and will
not wait at the welcome screen for a password.
 
Thanks heaps for the help Ron and Chuck!

I think I will use the TweakUI feature. It is not excatly what I want, but
it achives what I need.

You have done a great deed for this XP user!

-Bacon
 
Thanks heaps for the help Ron and Chuck!

I think I will use the TweakUI feature. It is not excatly what I want, but
it achives what I need.

You have done a great deed for this XP user!

-Bacon
Click to expand...

Thanks for the feedback, Bacon!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Access Denied, XP Pro, SP2, Peer to Peer LAN 5
Can not access .CHM files across the network 3
can't access a shared folder 1
Permissions help please 0
File Sharing in a Workgroup With Controlled Permissions 3
XP SP2 - Cold Start Issue 2
Network access issue in Home Network 2
XP LAN Problem 3

Back
Top