The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

How do I share folders on Windows and require credentials?

Lord JezoLord Jezo Registered User regular
edited May 2009 in Help / Advice Forum
I want to share a folder on my main desktop with the laptops on the network but I don't want to have them open for everyone to get into.

I have turned off simple folder sharing in XP, the machine that will be doing the sharing.

I want it so that if you just try to get into the folder it wont let you, I want it to need a login credential or not allow you in.

On the main machine I have set up another user that will be the ID to log in with, call him Frank on mainmachine.

On the security tab on sharing I stuck him in there and gave him full control and connect from laptops with no problem, but once I take out Everyone or try to lock down the access and then connect as mainmachine\Frank it tells me Access Denied from the remote machines.

I can't figure out how to limit access, right now it seems like I let everyone in or I let no one in.

The password for the Frank account is required, so at least it is seeing that, if I try to access the folder as Frank with out a password computer says no, but once the password is entered the share starts. Problem is that if I just connect as anyone else I can get right in no password.

Is this fixable?

Clipboard03.jpg
I KISS YOU!
Lord Jezo on

Posts

  • necroSYSnecroSYS Registered User, ClubPA regular
    edited May 2009
    Frank is included in Everyone, which is why it doesn't work. It's also the reason Windows desktop filesharing is crap.

    Everyone has to be allowed on the Sharing tab.

    Then, give Frank rights on the Security tab.

    That should work, but should keep people not named Frank from browsing your share.

    necroSYS on
  • KosenjouKosenjou Registered User regular
    edited May 2009
    necroSYS wrote: »
    Everyone has to be allowed on the Sharing tab.

    Nope.

    Simply allow 'Frank' access on both the Sharing and Security tabs and you should be good to go.

    Kosenjou on
  • necroSYSnecroSYS Registered User, ClubPA regular
    edited May 2009
    Not from what I remember of my MCSA class, but it's been a few years...

    necroSYS on
  • KosenjouKosenjou Registered User regular
    edited May 2009
    Not from what I remember of my MCSA class, but it's been a few years...

    Yeah, no.

    Kosenjou on
  • Lord JezoLord Jezo Registered User regular
    edited May 2009
    So I did what you folks said, put only Everyone in Sharing and added Frank in Security. In security there is an entry for Everyone, which seems to be required because once that is removed no one at all can map it.

    Frank can connect and needs to use his password but I can also connect using no credentials at all.

    How can I prevent someone from doing that, connecting with out specifying a password?

    Lord Jezo on
    Clipboard03.jpg
    I KISS YOU!
  • necroSYSnecroSYS Registered User, ClubPA regular
    edited May 2009
    What happens when Frank is the only one in both Sharing AND Security?

    necroSYS on
  • KrikeeKrikee Registered User regular
    edited May 2009
    Try disabling the guest account on your machine.

    Krikee on
  • Lord JezoLord Jezo Registered User regular
    edited May 2009
    necroSYS wrote: »
    What happens when Frank is the only one in both Sharing AND Security?

    Well it worked by taking Everyone out of Sharing, putting only Frank in and then adding Frank to security.

    But then the Windows admins I talked to said the opposite and I think I tried it a few days ago and it didn't work. But also a couple of days ago I switched from Vista to 7.

    bah.

    Lord Jezo on
    Clipboard03.jpg
    I KISS YOU!
  • necroSYSnecroSYS Registered User, ClubPA regular
    edited May 2009
    Lord Jezo wrote: »
    necroSYS wrote: »
    What happens when Frank is the only one in both Sharing AND Security?

    Well it worked by taking Everyone out of Sharing, putting only Frank in and then adding Frank to security.

    But then the Windows admins I talked to said the opposite and I think I tried it a few days ago and it didn't work. But also a couple of days ago I switched from Vista to 7.

    bah.

    Maybe those Windows admins went to the same MCSA class as I did. :oops:

    necroSYS on
  • ErandusErandus Registered User regular
    edited May 2009
    When you blend Sharing and Security permissions, the most restrictive setting, be it Sharing permissions or NTFS security permissions, will be the tangible result.

    If you have 'everyone' in sharing, and a single user in security, only the single user will be able to open the file (because they are the only one allowed the permission to via NTFS), though everyone will be able to SEE it.

    If you have a single user in sharing and 'everyone' in security, only the single user will be able to see the file (because no one else has permission to view the contents of the share), so obviously they will also be the only person who can open it.

    Share permissions are like being given the key to the file cabinet. Security permissions are like being given the secret decoder ring for the document. If you can't get into the file cabinet, the decoder ring is useless. If you don't have the decoder ring, you can look at the contents of the file cabinet all you like, but you can't get any info from the files.

    Erandus on
    [SIGPIC][/SIGPIC]
  • Lord JezoLord Jezo Registered User regular
    edited May 2009
    Erandus wrote: »
    When you blend Sharing and Security permissions, the most restrictive setting, be it Sharing permissions or NTFS security permissions, will be the tangible result.

    If you have 'everyone' in sharing, and a single user in security, only the single user will be able to open the file (because they are the only one allowed the permission to via NTFS), though everyone will be able to SEE it.

    If you have a single user in sharing and 'everyone' in security, only the single user will be able to see the file (because no one else has permission to view the contents of the share), so obviously they will also be the only person who can open it.

    Share permissions are like being given the key to the file cabinet. Security permissions are like being given the secret decoder ring for the document. If you can't get into the file cabinet, the decoder ring is useless. If you don't have the decoder ring, you can look at the contents of the file cabinet all you like, but you can't get any info from the files.

    So taking everyone out of sharing, putting Frank in sharing only lets only Frank see it, then adding Frank into security also lets Frank use everything?

    So we did it right? I'll have to test sometime, to make sure other people can't get in just to see stuff.

    Lord Jezo on
    Clipboard03.jpg
    I KISS YOU!
  • DonaldRumsfeldDonaldRumsfeld Registered User regular
    edited May 2009
    wait so do you want to have a password on 1 folder or all your shared folders? and this is for XP?

    if you want to keep your shared files hidden then just put a password on your guest account

    Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups -> Users -> right click Guest -> set password

    whenever someone wants look at your shared files they are prompted to enter a password before seeing any files or folders

    DonaldRumsfeld on
    111111A.png
  • ErandusErandus Registered User regular
    edited May 2009
    Lord Jezo wrote: »
    So taking everyone out of sharing, putting Frank in sharing only lets only Frank see it, then adding Frank into security also lets Frank use everything?

    Correct. Only Frank's account will even be able to see the shared folder on the network.

    If you leave "Everyone" as an account with permissions to the files on the Security tab, all credentials would technically be able to open the file if they could see them. But, since Frank is the only one who can see it due to the sharing permissions, it's moot. Only he can navigate to the share and even see the file to attempt to open it in the first place.

    What it really comes down to is how secure you need it to be. I personally prefer not to rely on just Sharing permissions or just security permissions if the material is sensitive. Best practice would be to give both share and security permissions only to administrators and the users who specifically must access the files.

    If you're going to use only one or the other, I would trust the NFTS permissions over the sharing permissions, for security. That is to say, it is more secure to restrict access via the Security tab than via the Sharing tab, but either will work to block any but the most motivated knowledgeable person from accessing the files.

    Erandus on
    [SIGPIC][/SIGPIC]
Sign In or Register to comment.