I want to share a folder on my main desktop with the laptops on the network but I don't want to have them open for everyone to get into.
I have turned off simple folder sharing in XP, the machine that will be doing the sharing.
I want it so that if you just try to get into the folder it wont let you, I want it to need a login credential or not allow you in.
On the main machine I have set up another user that will be the ID to log in with, call him Frank on mainmachine.
On the security tab on sharing I stuck him in there and gave him full control and connect from laptops with no problem, but once I take out Everyone or try to lock down the access and then connect as mainmachine\Frank it tells me Access Denied from the remote machines.
I can't figure out how to limit access, right now it seems like I let everyone in or I let no one in.
The password for the Frank account is required, so at least it is seeing that, if I try to access the folder as Frank with out a password computer says no, but once the password is entered the share starts. Problem is that if I just connect as anyone else I can get right in no password.
Is this fixable?
Posts
Everyone has to be allowed on the Sharing tab.
Then, give Frank rights on the Security tab.
That should work, but should keep people not named Frank from browsing your share.
Nope.
Simply allow 'Frank' access on both the Sharing and Security tabs and you should be good to go.
Yeah, no.
Frank can connect and needs to use his password but I can also connect using no credentials at all.
How can I prevent someone from doing that, connecting with out specifying a password?
I KISS YOU!
Well it worked by taking Everyone out of Sharing, putting only Frank in and then adding Frank to security.
But then the Windows admins I talked to said the opposite and I think I tried it a few days ago and it didn't work. But also a couple of days ago I switched from Vista to 7.
bah.
I KISS YOU!
Maybe those Windows admins went to the same MCSA class as I did. :oops:
If you have 'everyone' in sharing, and a single user in security, only the single user will be able to open the file (because they are the only one allowed the permission to via NTFS), though everyone will be able to SEE it.
If you have a single user in sharing and 'everyone' in security, only the single user will be able to see the file (because no one else has permission to view the contents of the share), so obviously they will also be the only person who can open it.
Share permissions are like being given the key to the file cabinet. Security permissions are like being given the secret decoder ring for the document. If you can't get into the file cabinet, the decoder ring is useless. If you don't have the decoder ring, you can look at the contents of the file cabinet all you like, but you can't get any info from the files.
So taking everyone out of sharing, putting Frank in sharing only lets only Frank see it, then adding Frank into security also lets Frank use everything?
So we did it right? I'll have to test sometime, to make sure other people can't get in just to see stuff.
I KISS YOU!
if you want to keep your shared files hidden then just put a password on your guest account
Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups -> Users -> right click Guest -> set password
whenever someone wants look at your shared files they are prompted to enter a password before seeing any files or folders
Correct. Only Frank's account will even be able to see the shared folder on the network.
If you leave "Everyone" as an account with permissions to the files on the Security tab, all credentials would technically be able to open the file if they could see them. But, since Frank is the only one who can see it due to the sharing permissions, it's moot. Only he can navigate to the share and even see the file to attempt to open it in the first place.
What it really comes down to is how secure you need it to be. I personally prefer not to rely on just Sharing permissions or just security permissions if the material is sensitive. Best practice would be to give both share and security permissions only to administrators and the users who specifically must access the files.
If you're going to use only one or the other, I would trust the NFTS permissions over the sharing permissions, for security. That is to say, it is more secure to restrict access via the Security tab than via the Sharing tab, but either will work to block any but the most motivated knowledgeable person from accessing the files.