dosle
asked on
domain shared folder access restrictions
hello, i hope someone can help me sort out this situation.
we have a shared folder lets call it "Folder1". Folder1 needs to be accessible from 5 different users on the domain and no one else.
Now heres where the problem comes in; when i add the users into sharing permissions, give them full access, and then try to acces the folder from each of those accounts i can't view the share any longer.
When i enable full access to group "Everyone" then the users and the rest of the network have access to the folder which is bad. I even tried creating a group with all 5 users added into it to see if just adding the group to the share access would work but that didn't work either.
thanks,
matt.
we have a shared folder lets call it "Folder1". Folder1 needs to be accessible from 5 different users on the domain and no one else.
Now heres where the problem comes in; when i add the users into sharing permissions, give them full access, and then try to acces the folder from each of those accounts i can't view the share any longer.
When i enable full access to group "Everyone" then the users and the rest of the network have access to the folder which is bad. I even tried creating a group with all 5 users added into it to see if just adding the group to the share access would work but that didn't work either.
thanks,
matt.
rindi
Did you just give the users access via the sharing option? If not, you will also have to adjust the properties of the folder itself via security. The allowed user group must also be allowed the correct access in Security. Also make sure those users are member of that Group, but I guess you have done that. Don't forget to remove the "everyone" group from that folder. If you have restricted the access for "everyone", that will have precedence over the other users and groups entered in that folder, as every user every user is a member of the "everyone" group. Also remove other groups from the folder which shouldn't be allowed access. If those users who should be allowed access and they are a member of a further group which isn't allowed access, it is always the restrictive group which takes preference.
ASKER
i just removed the 'Everyone" group in both sharing and file security, so now its just my user trying to access the share, all privledges, with no success.
ASKER
I think I just partially figured out the problem, when all our computers were set up some of them log onto the Domain and some are local. I tested it by logging off the local account which is what i was testing on all this time, then logging onto to the domain and i was able to acccess the share just fine.
now is there a way for those computers that log on locally to get access?
now is there a way for those computers that log on locally to get access?
local accounts won't have permissions on the domain...if the shared folder is on the server, then no, at least not to my knowledge. When you set security permissions on the domain, you can't set it to a local computer account. What is stopping you from putting the local account on the domain though?
Here is the exception: if you create an account on the server that is the same exact user name and password as the local account, even if they don't use the domain account and still use their local account, windows cannot tell the difference...I just tried it here. So basically, let's say user bob has a local account, and you want him to have access to a shared folder on the domain, create an account in active directory for him and tell him to set the password that is the same as his local account...But that depends again on why bob wouldn't have a domain account to begin with...
hope this helps
adam
hope this helps
adam
ASKER
so my only option is to have the users log onto the domain. when they log onto the domain though its nothing like there local account which thy are accustomed to using. this is why i am staying away from moving everyone (70 users) over to domain logon, unless someone has a method that can help the situation.
It sounds like you need to setup roaming profiles, it depends on the client OS how to transfer the local profile to the roaming profile stored on the server, so can't help more without knowing the versions of server & client OS, in the longer term learning about policies & profiles may make your admin time easier.
Steve
Steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for the input. I will be testing this approach on some machines soon :)