Share 2 different networks at the same time?

[Guest]

This is continuation of the thread 5/30/06. Chuck, I hope you found this.
I've played around with the permissions on WOLFEKE. The SHARE folder that XP
created is accessible by the other computer, JANET. However, the other shared
folders that I created on WOLFEKE were not accessible. I looked at the SHARE
folder on WOLFEKE to try and determine what was different about it, and I
noticed that it had permission to EVERYONE. I created a test folder on
WOLFEKE and gave it permission to EVERYONE. That folder was then accessible
by JANET.

The conclusion that I reached was if EVERYONE is not included on a shared
folder on WolfEKE, JANET cannot access it.

 

[Chuck]

This is continuation of the thread 5/30/06. Chuck, I hope you found this.
I've played around with the permissions on WOLFEKE. The SHARE folder that XP
created is accessible by the other computer, JANET. However, the other shared
folders that I created on WOLFEKE were not accessible. I looked at the SHARE
folder on WOLFEKE to try and determine what was different about it, and I
noticed that it had permission to EVERYONE. I created a test folder on
WOLFEKE and gave it permission to EVERYONE. That folder was then accessible
by JANET.

The conclusion that I reached was if EVERYONE is not included on a shared
folder on WolfEKE, JANET cannot access it.

OK, Ken.

Generally, Everyone IS included in the share permissions for a given folder.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html

I'm sort of at a loss what we were investigating the last time we communicated,
so be patient with me. And read the above 2 articles. I've made a few changes
here and there recently.

 

[Guest]

OK, Ken.

Generally, Everyone IS included in the share permissions for a given folder.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html

I'm sort of at a loss what we were investigating the last time we communicated,
so be patient with me. And read the above 2 articles. I've made a few changes
here and there recently.

Chuck:
I have a laptop work computer (WOLFEKE) running XP Pro that's part of a
domain at work and I'm trying to network it at home to a home computer
running WME. We've solved the visibility problem and are now working on the
accessibility problem. The home computer (JANET) is unable to access any
folder on the work computer (WOLFEKE) that doesn't grant access to EVERYONE.

When you say that generally everyone has access to shared folders, I don't
understand that because I give specific authority to different users in the
domain to my shared folders.

The work computer (WOLFEKE) has one folder that I want to share at home
only, and I don't want anyone else at work when I'm attached to the domain to
have access to that folder. My concern is that if I give EVERYONE access to
that folder, files in that folder will be accessible to anyone on the domain
at work.
Ken

 

[Chuck]

Chuck:
I have a laptop work computer (WOLFEKE) running XP Pro that's part of a
domain at work and I'm trying to network it at home to a home computer
running WME. We've solved the visibility problem and are now working on the
accessibility problem. The home computer (JANET) is unable to access any
folder on the work computer (WOLFEKE) that doesn't grant access to EVERYONE.

When you say that generally everyone has access to shared folders, I don't
understand that because I give specific authority to different users in the
domain to my shared folders.

The work computer (WOLFEKE) has one folder that I want to share at home
only, and I don't want anyone else at work when I'm attached to the domain to
have access to that folder. My concern is that if I give EVERYONE access to
that folder, files in that folder will be accessible to anyone on the domain
at work.
Ken

Ken,

The term "Everyone" means access to all authenticated users. All users are
members of "Everyone". If you have some files / folders permitted to
"Everyone", you can have others permitted to specific users.

With NTFS, you have 2 sets of permissions:
# Share Permissions ("Sharing - Permissions").
# NTFS Permissions ("Security").

NTFS permissions (assuming you are running NTFS) apply to local and network
access, and Share permissions apply to network access only. What most people do
is permit share access to Everyone, and use more granular settings for NTFS.
Share permissions are not as detailed as NTFS permissions anyway. I've tried to
explain it in my article.
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html

Now you have a challenge, in that you have a workgroup, but you are trying to
open it to a computer that comes from a domain. That's an ongoing challenge
here - folks who need to mix domains and workgroups, permitting what needs to be
permitted, and not expose too much to what should not be permitted.

So you're right, if you have a server (the laptop) that provides shares to folks
at work, using Everyone as a filter isn't granular enough. But if you have a
domain, why are you using a client as a server anyway? If you have a domain,
you should use the domain resources as servers. It's way better to have formal
roles in a domain - servers store and share data, and clients access the data.

Do you have a local account on WOLFEKE, to match the local account on JANET?
That's where you start.

Obviously, setting up a workgroup gives folks bad habits that shouldn't be
repeated in a domain. OK, I feel another article being written.

 

[Guest]

Ken,

The term "Everyone" means access to all authenticated users. All users are
members of "Everyone". If you have some files / folders permitted to
"Everyone", you can have others permitted to specific users.

With NTFS, you have 2 sets of permissions:
# Share Permissions ("Sharing - Permissions").
# NTFS Permissions ("Security").

NTFS permissions (assuming you are running NTFS) apply to local and network
access, and Share permissions apply to network access only. What most people do
is permit share access to Everyone, and use more granular settings for NTFS.
Share permissions are not as detailed as NTFS permissions anyway. I've tried to
explain it in my article.
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html

Now you have a challenge, in that you have a workgroup, but you are trying to
open it to a computer that comes from a domain. That's an ongoing challenge
here - folks who need to mix domains and workgroups, permitting what needs to be
permitted, and not expose too much to what should not be permitted.

So you're right, if you have a server (the laptop) that provides shares to folks
at work, using Everyone as a filter isn't granular enough. But if you have a
domain, why are you using a client as a server anyway? If you have a domain,
you should use the domain resources as servers. It's way better to have formal
roles in a domain - servers store and share data, and clients access the data.

Do you have a local account on WOLFEKE, to match the local account on JANET?
That's where you start.

Obviously, setting up a workgroup gives folks bad habits that shouldn't be
repeated in a domain. OK, I feel another article being written.

Chuck:

For WOLFEKE, my work computer, which is a client in the domain at work, I
also share some directories with another person at work because I want the
files to reside on my computer and not the server. However, to be clear,
WOLFEKE is not the server for the domain at work.

I have an account called WOLFEKE on WOLFEKE and an account called MOM & DAD
on JANET. They have identical, nonblank passwords. Does that suffice? I
gathered from reading that it was.

It sounds like having WOLFEKE part of a domain at work and a workgroup at
home isn't doable - at least it's not known how to do it yet. Should I give
up on this idea? I guess the next best thing would be to try to secure
individual files with password protection.

Ken

 

[Chuck]

Chuck:

For WOLFEKE, my work computer, which is a client in the domain at work, I
also share some directories with another person at work because I want the
files to reside on my computer and not the server. However, to be clear,
WOLFEKE is not the server for the domain at work.

I have an account called WOLFEKE on WOLFEKE and an account called MOM & DAD
on JANET. They have identical, nonblank passwords. Does that suffice? I
gathered from reading that it was.

It sounds like having WOLFEKE part of a domain at work and a workgroup at
home isn't doable - at least it's not known how to do it yet. Should I give
up on this idea? I guess the next best thing would be to try to secure
individual files with password protection.

Ken

Ken,

To make it simple, you need either account "Wolfeke", or "Mom & Dad", on BOTH
computers, activated for NETWORK use, with identical, non-blank passwords. It's
perfectly doable to have a computer have a double life.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#NonGuest>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#NonGuest

Now to the server bit. If Wolfeke is sharing files TO another person at work,
it's running as a server. Any computer running File and Printer Sharing for
Microsoft Networks is running as a server. If that's a domain at work, then
Wolfeke trusts the domain to tell it who can access the shared data.
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html#WindowsServer>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html#WindowsServer

With all of that said, if you're going to move between domain and workgroup
authentication, there will be challenges.
<http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html>
http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html

And if you're going to move a server, physically, between 2 networks, there will
be more challenges.
<http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html>
http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html

Now if the above articles don't help, or if they contains too much information
to deal with, we can get this working. We'll just have to take it one step at a
time, and try not to wait for a month between discussions.

Windows Networking is a lot of fun. But it can be a hair pulling experience
too. See my photo, if you don't believe me (click on the MVP logo in any of the
above articles).

 

[Guest]

Ken,

To make it simple, you need either account "Wolfeke", or "Mom & Dad", on BOTH
computers, activated for NETWORK use, with identical, non-blank passwords. It's
perfectly doable to have a computer have a double life.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#NonGuest>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#NonGuest

Now to the server bit. If Wolfeke is sharing files TO another person at work,
it's running as a server. Any computer running File and Printer Sharing for
Microsoft Networks is running as a server. If that's a domain at work, then
Wolfeke trusts the domain to tell it who can access the shared data.
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html#WindowsServer>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html#WindowsServer

With all of that said, if you're going to move between domain and workgroup
authentication, there will be challenges.
<http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html>
http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html

And if you're going to move a server, physically, between 2 networks, there will
be more challenges.
<http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html>
http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html

Now if the above articles don't help, or if they contains too much information
to deal with, we can get this working. We'll just have to take it one step at a
time, and try not to wait for a month between discussions.

Windows Networking is a lot of fun. But it can be a hair pulling experience
too. See my photo, if you don't believe me (click on the MVP logo in any of the
above articles).

Chuck:
I clicked on your picture and I've really just started down that road, but I
don't think I like where this could lead! Actually, now that I think about
it, I don't have to pull my hair at all as it just seems to fall out on its
own!

Anyway, I'll be out the next two days and I'm not sure exactly when I'll be
able to try your suggestions. Thank you, and if I don't respond promptly it's
not because of desire.
Ken

 

[Chuck]

Chuck:
I clicked on your picture and I've really just started down that road, but I
don't think I like where this could lead! Actually, now that I think about
it, I don't have to pull my hair at all as it just seems to fall out on its
own!

Anyway, I'll be out the next two days and I'm not sure exactly when I'll be
able to try your suggestions. Thank you, and if I don't respond promptly it's
not because of desire.
Ken

Thanks for the update, Ken. This thread should be visible for a few days, so
just post back here, when you get back. We'll be here.

 

[Guest]

Thanks for the update, Ken. This thread should be visible for a few days, so
just post back here, when you get back. We'll be here.

Chuck:

I'm back. I've read the articles and tried to follow the directions, but I
still have the same accessibility problem when JANET tries to read certain
folders in WOLFEKE. It is a lot and I could easily have made a mistake.

WOLFEKE was set to simple file sharing, so I changed it to advanced file
sharing. JANET was also set this way, so I made the change, although from
your instructions I don't think it was necessary to change JANET. What are
the implications of doing this for each computer, especially since WOLFEKE is
part of a domain at work?

I created identical accounts on each machine (wolfeke) with identical
nonblank passwords.

I think I need to do some more troubleshooting with permissions and
security. Since the default shared folder works on both computers, it seems
to me the answer could be here.

I really could use some more words of wisdom!

Ken

 

[Chuck]

Chuck:

I'm back. I've read the articles and tried to follow the directions, but I
still have the same accessibility problem when JANET tries to read certain
folders in WOLFEKE. It is a lot and I could easily have made a mistake.

WOLFEKE was set to simple file sharing, so I changed it to advanced file
sharing. JANET was also set this way, so I made the change, although from
your instructions I don't think it was necessary to change JANET. What are
the implications of doing this for each computer, especially since WOLFEKE is
part of a domain at work?

I created identical accounts on each machine (wolfeke) with identical
nonblank passwords.

I think I need to do some more troubleshooting with permissions and
security. Since the default shared folder works on both computers, it seems
to me the answer could be here.

I really could use some more words of wisdom!

Ken

Ken,

If you just have 2 computers, and you are the only person involved, the Simple
File Sharing (with Guest properly enabled for network access) makes sense. As
long as you don't try to share data that can't be shared. Read about Advanced
vs Simple File Sharing.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Simple>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Simple

Now if Wolfeke is part of a domain, it's running with Advanced File Sharing.
Period.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#DomainClient>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#DomainClient

Even under Advanced File Sharing, you can use Guest authentication. Just be
aware of the limitations.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Guest>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Guest

My guess is you'll want to use Advanced File Sharing, with Guest authentication.
But see where you put the shared data. Read the article, then let's see what we
do next. Would you like to try IM?

 

[Guest]

Ken,

If you just have 2 computers, and you are the only person involved, the Simple
File Sharing (with Guest properly enabled for network access) makes sense. As
long as you don't try to share data that can't be shared. Read about Advanced
vs Simple File Sharing.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Simple>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Simple

Now if Wolfeke is part of a domain, it's running with Advanced File Sharing.
Period.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#DomainClient>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#DomainClient

Even under Advanced File Sharing, you can use Guest authentication. Just be
aware of the limitations.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Guest>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Guest

My guess is you'll want to use Advanced File Sharing, with Guest authentication.
But see where you put the shared data. Read the article, then let's see what we
do next. Would you like to try IM?

Chuck:

I think IM is a great idea. I need to be home to do this. I don't have
a lot of experience with IM, but enough to do this.
I'm in the Eastern time zone, and as early as possible
would be preferable as I would just go to work later.

Thanks a lot. I really appreciate this.

Ken

 

[Chuck]

Chuck:

I think IM is a great idea. I need to be home to do this. I don't have
a lot of experience with IM, but enough to do this.
I'm in the Eastern time zone, and as early as possible
would be preferable as I would just go to work later.

Thanks a lot. I really appreciate this.

Ken

Ken,

I have accounts on Google, MSN/Windows, and Yahoo. I don't do this normally,
but in this case, I think IM will serve us better. You tell me which one is
your choice, and I will see where I have my nyms displayed, so you know how to
contact me. With Windows XP, you probably have MSN or Windows Messenger sitting
there in your tooltray already.

 

[Guest]

Ken,

I have accounts on Google, MSN/Windows, and Yahoo. I don't do this normally,
but in this case, I think IM will serve us better. You tell me which one is
your choice, and I will see where I have my nyms displayed, so you know how to
contact me. With Windows XP, you probably have MSN or Windows Messenger sitting
there in your tooltray already.

Chuck:
Windows Messenger please. I'm green with this one, but I don't have to
install anything. Let me know when you can do it. I STRONGLY prefer first
thing in the AM (eastern) - the earlier the better. Thanks again for this!
Ken

 

[Chuck]

:

Chuck:
Windows Messenger please. I'm green with this one, but I don't have to
install anything. Let me know when you can do it. I STRONGLY prefer first
thing in the AM (eastern) - the earlier the better. Thanks again for this!
Ken

Ken,

My email address is in my signature. Send me your WM nym, and I'll send you
mine. I'm in and out of here in the early AM, but if I'm in, my IM should be
live. You can nudge me, if you see my account come online.