Sharing a folder between two xp machines

[Chris Lawrence]

I have a very simple setup, two Win XP machines physically cabled to a
wireless router. Both are in the same workgroup (not domain). I'd like to
allow users on one of the machines to access a folder on the other. But I
don't want wireless users to have access. So I setup identical usernames on
both xp machines with identical (blank for now) passwords. For one folder I
set NTFS permissions for "everyone" to read and write permission, and the
other xp machine can access it just fine. But that setup also allows
wireless users to see the files, which I don't want. So I set the NTFS
permissions for one username (which exists on both computers) to full
control. But the other xp machine can't see the folder's contents. I would
rather not have to join the computers to a domain. What am I doing wrong
(or is this impossible using a workgroup)?

 

[Charlie Tame]

Just guessing Chris, someone probably knows better, but did the permissions
get "Inherited" from the folder downwards to subfolders and files? If the
machine can see the folder but not the contents you could try a test by
setting just one file in the folder the same way. I must admit the
combination of share permissions and NTFS permissions has caused me some
confusion at time since sometimes it seems to work as expected and then next
time nothing, nada, zilch .

I concluded it must be me

Charlie

 

[Pegasus \(MVP\)]

I have a very simple setup, two Win XP machines physically cabled to a
wireless router. Both are in the same workgroup (not domain). I'd like to
allow users on one of the machines to access a folder on the other. But I
don't want wireless users to have access. So I setup identical usernames on
both xp machines with identical (blank for now) passwords. For one folder I
set NTFS permissions for "everyone" to read and write permission, and the
other xp machine can access it just fine. But that setup also allows
wireless users to see the files, which I don't want. So I set the NTFS
permissions for one username (which exists on both computers) to full
control. But the other xp machine can't see the folder's contents. I would
rather not have to join the computers to a domain. What am I doing wrong
(or is this impossible using a workgroup)?

Access permissions and the domain/workgroup environment
are two concepts that have nothing to do with each other.
You can set your access permissions in a workgroup environment
and you can set them in a domain environment.

It would help if you showed your exact requirements in a
systematic way, referring to PCs as PC-A and PC-b, and
users as X, Y and Z. There is no such thing as a "wireless" user -
NTFS permissions are not sensitive to the way a user accesses
a file. If you wish to exclude a user based on the MAC-address
of his PC then you probably need to configure your IPSEC
settings accordingly (about which I know very little).

 

[Guest]

Chris it is a common error to mix file level permissions with share level
permissions. If a wireless user can see the shared folder, all ntfs
permissions will do is deny access to the files if you set the permissions
that way.

Proper procedure is to share, not to everyone, but to just those two user
accounts on the xp boxes. This is at the share level. Your mistake was you
did this but at the file level [ntfs permissions]

As a rule you should never have to use ntfs file permissions UNLESS you have
two or more different access groups. For example you have 5 site managers
and each has their months expendures/income listed in a spreadsheet. You
want only the site manager to read their sites speadsheet and not anyone
elses. In this case you would assign each manager to the sheet and deny the
others at the ntfs level.

Ntfs permissions never fix a share level problem. Ntfs permissions can only
add granularity to the share permissions.

 

[Pegasus \(MVP\)]

Chris it is a common error to mix file level permissions with share level
permissions. If a wireless user can see the shared folder, all ntfs
permissions will do is deny access to the files if you set the permissions
that way.

Proper procedure is to share, not to everyone, but to just those two user
accounts on the xp boxes. This is at the share level. Your mistake was you
did this but at the file level [ntfs permissions]

As a rule you should never have to use ntfs file permissions UNLESS you have
two or more different access groups. For example you have 5 site managers
and each has their months expendures/income listed in a spreadsheet. You
want only the site manager to read their sites speadsheet and not anyone
elses. In this case you would assign each manager to the sheet and deny the
others at the ntfs level.

Ntfs permissions never fix a share level problem. Ntfs permissions can only
add granularity to the share permissions.

I disagree. What you're saying is equivalent to saying "Never use proper
English - use baby-talk instead. Using proper English never solves a
communications problem".

As you suggest, NTFS is a fully developed access control system with
good granularity. Share permissions, on the other hand, are extremely
basic, comparable to baby-talk. Professional IT staff will always set
share permissions to "Full access for everyone", then set appropriate
NTFS permissions. This approach avoids clashes between the two
permission schemes.

On the other hand, if the OP does not wish to learn about NTFS
permissions then he should stick to basic share permissions and
leave the NTFS stuff alone.

 

[Guillermo]

I would completely agree with Pegasus.

Chris it is a common error to mix file level permissions with share level
permissions. If a wireless user can see the shared folder, all ntfs
permissions will do is deny access to the files if you set the permissions
that way.

Proper procedure is to share, not to everyone, but to just those two user
accounts on the xp boxes. This is at the share level. Your mistake was you
did this but at the file level [ntfs permissions]

As a rule you should never have to use ntfs file permissions UNLESS you have
two or more different access groups. For example you have 5 site managers
and each has their months expendures/income listed in a spreadsheet. You
want only the site manager to read their sites speadsheet and not anyone
elses. In this case you would assign each manager to the sheet and deny the
others at the ntfs level.

Ntfs permissions never fix a share level problem. Ntfs permissions can only
add granularity to the share permissions.

I disagree. What you're saying is equivalent to saying "Never use proper
English - use baby-talk instead. Using proper English never solves a
communications problem".

As you suggest, NTFS is a fully developed access control system with
good granularity. Share permissions, on the other hand, are extremely
basic, comparable to baby-talk. Professional IT staff will always set
share permissions to "Full access for everyone", then set appropriate
NTFS permissions. This approach avoids clashes between the two
permission schemes.

On the other hand, if the OP does not wish to learn about NTFS
permissions then he should stick to basic share permissions and
leave the NTFS stuff alone.