How to give access to shared folder but nothing else in W2K domain for non-domain users/computers.

Posted on 2006-04-13
Medium Priority
Last Modified: 2012-05-05
What is the best solution to this problem:
An office with several companies which share a network printer and Internet access.  One of the companies - Company A - keeps its data separate from the others by running a Windows 2000 Server domain with one server and several member computers.  The computers in the other companies are in separate workgroups and they do not have user names or passwords for the domain or the domain computers.  The server runs Windows 2000 Server and the workstations run Windows 2000 Pro or Windows XP Pro and Home.  All of the computers are on the same network segment/subnet.  

Company A needs to share one folder on their domain server so that the people in the other companies can access it from their computers.  However, this is all the access/privilidges they should have.  They should not be able to access any other shared folders on the server, and they should not be able to log onto any of the computers in the domain.  They should be required to enter a password when they connect to the shared folder.  

Will the Guest account or Anonymous access give them more privilidges than they need?  Is it possible to create an account which they can use and lock down the account so they can't do anything else with it?  

Thanks very much.
Question by:efield
LVL 16

Expert Comment

by:Kevin Hays
ID: 16450833
I would stay away from the guest account or even using anonymous access for the shared folder.  Basically I would use a locked down account such as a "user" only.  Since they are on a workgroup they will have to authenticate a little different than if they were on a domain.  If you can get the login prompt to come up when the workgroup users try to access the shared folder then they can just use the locked down account to authenticate and get to the share.

It's so much easier if they are all on a domain though :)


Author Comment

ID: 16452647
What would the locked down user account look like?  What are the minimum privilidges it would need to access the shared folder?  It would only need read-only permissions in the folder.

Accepted Solution

Dave_Hunt earned 900 total points
ID: 16453853
It really depends on how you use security on the other resources in the domain.

I am going to assume that your file share exists on an NTFS file system.  Assuming it does, you can use the permissions tab on the folder properties and give the user account read permissions while giving other users modify or full controll (I never give users full controll, they always try to take admin / backup agent permissions away).

Watch out though, if you have other shares and or resources that use the Everyone or Authenticated User permissions to provide access, this new account will also have rights to them.

I also believe that this new account could query your Active Directory and lookup user / printer information etc., for example, if you keep phone numbers, title info etc. in your AD, the user account by default could read that info, it's likely not a big deal, but is accessible.

I sugest you expermiment with it in your environment.

Hope this helps, Dave

Assisted Solution

tolsonkra earned 600 total points
ID: 16454243
you can access this by piping to the share and then when it asks for a username and password use an account that is a domain user account.   The pc doesn't have to be part of the domain at all to access a share.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Moore’s Law has proven itself time and time again since it was first introduced. So what’s next? Will Moore’s law continue to remain relevant, or will new technology take over and bring us the next big advancement in computing?
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question