workgroup networking - can't trigger login box with sfs disabled

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am attempting to network multiple computers. They are connected via a
router and currently have simple file sharing enabled and all are on the same
workgroup. I can access shared files on all the computers. HOWEVER, I want to
set permissions on the files to limit access from certain users. I have
disabled simple file sharing and the the computers can still see each other
and connect to the shared files. BUT, when I change the sharing permissions
(not the NTFS permissions) to restrict to certain users and delete the
"everyone" object then I cannot access the shared files. Additionally, I
should get a login box requesting a username and password for the allowed
user, but it does not appear. For reference, take a look at this website
halfway down:
http://www.practicallynetworked.com/sharing/xp_filesharing/08clientconnect.htm

I have followed the steps to the letter from the above site, but for some
reason the client computer won't trigger the authentication login. I have
this problem with all the computers which are running xp pro sp2, except for
1 computer which has windows 2000 - when I connect to the w2k computer from
an xp client the login box pops up. Any ideas how to do fix this and make the
login appear for connecting to the xp computers (I think once I figure how to
get the login box to appear then I won't have any problem accessing the
shared file, but for now I get an error message saying I don't permission to
access the file - which is true because that user account is not authorized
to access the file)?
 
The conventional way to do this is to create multiple user accounts on the
sharing machine. The user accounts match the user names and passwords used
to log onto other computers, and permissions are assigned to those accounts
as desired.

If you really want to access a share as someone other than the logged on
user, try:

Start/Run \\computername\sharename /user:computername\username ENTER

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
Through trial and error I figured out the answer to my own question. In xp
pro, if the guest account is DISabled, then a login prompt will appear on the
client computer to access a shared file. This is only true if not logged in
on the client under the exact same user account/password as the host/server
computer.

Otherwise, if the guest account is ENnabled, then client will authenticate
thru guest account, even though AFS is enabled. And even though you can
connect to the host/server computer, you can't access shared file if ntfs
permissions don't include "guest" or "everyone". If the permissions are
restricted, the only way to access the shared file (with guest acct enabled)
is to create a duplicate user account/password on the client.

Finally, regarding the suggestion of MVP Doug, I could NOT access a share as
someone other than the logged on user with:

Start/Run \\computername\sharename /user:computername\username ENTER

perhaps I used wrong sytax. I typed exactly above, substituting the
appropriate names, but I left the /user: as is. for example, I typed:
\\bob\sharedfile /user:bob\jane (where bob is the computer name, and jane
is the username on computer bob with the appropriate ntfs permissions).
 
Through trial and error I figured out the answer to my own question. In xp
pro, if the guest account is DISabled, then a login prompt will appear on the
client computer to access a shared file. This is only true if not logged in
on the client under the exact same user account/password as the host/server
computer.

Otherwise, if the guest account is ENnabled, then client will authenticate
thru guest account, even though AFS is enabled. And even though you can
connect to the host/server computer, you can't access shared file if ntfs
permissions don't include "guest" or "everyone". If the permissions are
restricted, the only way to access the shared file (with guest acct enabled)
is to create a duplicate user account/password on the client.

Finally, regarding the suggestion of MVP Doug, I could NOT access a share as
someone other than the logged on user with:

Start/Run \\computername\sharename /user:computername\username ENTER

perhaps I used wrong sytax. I typed exactly above, substituting the
appropriate names, but I left the /user: as is. for example, I typed:
\\bob\sharedfile /user:bob\jane (where bob is the computer name, and jane
is the username on computer bob with the appropriate ntfs permissions).
Click to expand...

Right, if you are logged in, on your computer, with an account that's matched on
the server, that's the account that is used for authentication. You're not
permitted to override that account with another. In a domain scenario, when you
try that, you'll get an authorisation conflict error.

If you're not authenticated (no matching account), then either the Guest account
is used (if active), or you get a pop-up. If you authenticate with Guest, but
it doesn't have access, you don't get access.

Authentication (who are you) and authorisation (do we want you to do this) are
separate. If you get authenticated against an account with no access, that's
it. You don't get access, and you don't get another chance.

There's a white paper from Microsoft, linked in this article, that should wrap
all of this together:
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#OlderOS>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#OlderOS
 
Back
Top