Adding a W2K computer to access network share

Posted on 2003-03-20
Medium Priority
Last Modified: 2010-03-18
I have created a network share on a windows 2000 server. I am trying to add a computer from active directory to have access to the share, is this possible?

Meaning I only want that one workstation to have access to the share on the server.
Question by:mmurfmis
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8175945
Yes it is possible and it is very easy.  As long as you have formated your drives in NTFS.  Just right click the file you have shared.  Click on Sharing. In the Profiles Properties box click on the Security Tab. Unclick "Allow inheritable permissions from parent to propagate to this object" box at the bottom of the security screen.  It will prompt you asking if you want to copy or remove.  You can just click remove and then you will click the add button.  Make sure in "Look in" you have your domain listed.  Scroll down and find your computer name, it will also have an icon of a computer not a person. Click the computer name, click add, and then click ok.  YOu've done it.  If your server isn't formated in NTFS you do the same things except under the Sharing tab of the Profiles Properties.  

Author Comment

ID: 8176051
The server is formatted NTFS and I have added the computer the the share and the security to Everyone Full Control and it says access denied from that machine.

Author Comment

ID: 8176075
I am very familiar with Windows 2000 and security, the problem is I have never tried resticting access to a computer on a network share
Limited time offer using promo code EXPERTS30

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through September 15, 2017, Experts Exchange members get 30% off the US7220 on the ATEN USA eShop using promo code EXPERTS30.


Expert Comment

ID: 8176829
Well I thought you wre crazy for a moment... but then I did it and you were right.  Since I need to do this in the future I'm going to try to play with it.  If I end up figuring it out I will be sure to write again.

Expert Comment

ID: 8176943
Well I figured out a way to do it.  It's sort of easy but its a run about way to do it.  You set up a new user... how many ever you want in active directory.  Then go to that users properties and under the account tab click on "Log on To" and then click "The following Computers" add the computer you want them to only sign onto (the computer that you want to only access the share).  Then add these new users to the network share.  That way only these users can sign on to that one computer and only these users can access the share.  Thus you have to be signed onto that computer to access the share.  Whew.

Accepted Solution

mmurfmis earned 0 total points
ID: 8177144
Ok I figured it out, the way your doing it only gives certain users rights to access a share from a certain computer. Thats not what I want. I want any user logging into a certain machine be the only way to access this share.

So heres what I did, since the server is a member server I created a local user group and added the computer needing access to this share to the local group I created, don't add them to the default local users or everyone for some reason can access the share. By heres where it gets tricky, you also have to add to that user group "NT Authortive\Authenticated Users" to it.

Now when any other machine trys to access the share they cannot, but from the machine specified it works.
LVL 41

Expert Comment

ID: 8177799
Ah, you found out you can only restrict users, and not machines
it is the users that have the SID that is checked against the ACL, and not the machine :~)

Expert Comment

ID: 8511581
Dear expert(s),

A request has been made to close this Q in CS:

Without a response in 72 hrs, a moderator will finalize this question by:

 - Saving this Q as a PAQ and refunding the points to the questionner

When you agree or disagree, please add a comment here.

Thank you.


Community Support Moderator
Experts Exchange

Expert Comment

ID: 8568686
Question closed and placed in PAQ

E-E Admin

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question