Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Security on a shared network folder

Posted on 2007-11-29
19
Medium Priority
?
1,787 Views
Last Modified: 2012-06-27
We have 75 mobile data users logging into laptops with one generic windows account.  Each of them has their own network account and email, but for ease of administration, they login to windows with another generic account.  Each user has a shared folder on our file server to store documents.  Is there a way to give the individual user account access to their folder without having to give the generic account access? In other words, is there a way to map a drive using different login information that how the person is logged into windows?  


0
Comment
Question by:turtletrax
  • 6
  • 6
  • 5
  • +1
19 Comments
 
LVL 4

Expert Comment

by:superfooz74
ID: 20376181
I don't think there is a way to do that, unless there is a 3rd party program out there for it.
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20376331
That's a tough one.  I don't think you're going to get what you really want either :(

I first thought about a bat file they could click on with this in it.
net use y: \\servername\home\%username%

BUT it would try and map the folder with the current username which is generic.
You may be able to possibly write a vb script that will do the same thing except have an input box for them to type in the Shared Folder Name they wish to map to.

Here is an example.
sNewName = ""      'declare a string to hold computername in
'loop while sNewName is null
Do
    sNewName = InputBox("Enter Laptop BarCode","BarCode")
loop While (sNewName="")

'do until the length is less than 6 prepending 0's to the barcode
do while (len(sNewName)<6)
   sNewName = "0" & sNewName
loop

sNewName = "Laptop-" & sNewName            'build the computername

0
 
LVL 8

Expert Comment

by:YGregersen
ID: 20377164
I would think that you could have them login using their network accounts. When they are remote (away from the network) they would just need to login as workstation only or Windows will use their cached credentials.

And yes they can login into a share without giving the generic account
Under Vista you set up a network drive
Just be sure to check off Reconnect at Logon
But underneath you should click on 'Connect using a Different User Name'
This will make them give their network share name and password.

When they start the machine with the generic account
they should get an error type prompt saying that the system cannot connect to a share and to provide credentials.

Good luck
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:turtletrax
ID: 20377565
When we try to use the "connect using a different user name" we supply the user and password, but it returns an error saying "The network folder specified is currently mapped using a different user name and password. To connect using a different user name and password, first disconnect any existing mappings to this network share."   We don't have any drives mapped to this folder already, so I'm not sure why its giving us that error.  Ideas?
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20377582
Are you using target machinename\username?
0
 

Author Comment

by:turtletrax
ID: 20377626
I used domain\username
0
 
LVL 8

Expert Comment

by:YGregersen
ID: 20377797
So when you do the drop down on the drive letters you don't see that folder mapped elsewhere?


Strange  - I will have to research that.
0
 

Author Comment

by:turtletrax
ID: 20377825
Nope, there is only one other mapped drive in the drop down, and its to an entirely different server.  Thanks!
0
 
LVL 4

Expert Comment

by:superfooz74
ID: 20378481
I'm pretty positive you can not give everyone separate shares if they are using the same user name, but why not just use the generic user name wit ha number on the end (example: generic1,generic2,generic3, etc....)

That would be very easy because you could give everyone their own username and their own share. You could just make an OU in active directory, apply a group policy with the desired settings, and put all the "generic" accounts in there.

0
 
LVL 8

Expert Comment

by:YGregersen
ID: 20380148
Superfooz74: Giving them their own 'generic' name and number would be the same giving them a userid.  


turtletrax: That is really strange it should work. Does this happen to more than one person's machine you have tried this on?
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20381720
Back to reading the question again these are mobile users.  Is this an active directory domain as well?  I would suggest whenever possible that you have your mobile users to login to the domain with their domain account/password.  When this takes place you will map each users "home folders" according to ther username.  EX:  \\server\home\%username%

How are they going to get access to their shared folders when they are not on the network?  VPN?  If they cannot log into the domain to get access then they shouldn't be able to get to their shared folder then?

I would stay away from generic logins for audit purposes anyway.

My point is if they can login to the domain then they should because this is where you will have your gpo's and other security policies, drive mappings, etc... will be.
0
 

Author Comment

by:turtletrax
ID: 20381945
For testing purposes we were trying to make this work from a couple of different PC's that are just on the domain (not remote vpn users).  Each PC was logged on with their unique user.  When trying to map a drive to a folder which that user does not have permissions to, we selected the option to connect using a different user name.  That is when we entered a user which does have permission to the shared folder.  We still get the same error.

The reason we are using one generic account to login to windows is these 75 mobile users switch between laptops depending on which car they are driving.  We dont want to have to setup profiles for every user on every laptop.
0
 
LVL 16

Accepted Solution

by:
Kevin Hays earned 2000 total points
ID: 20382163
Ok, I agree with you on that.  Have you tried to connect using the IP instead of the NetBios name?


Ex:  \\IP\share\folder
EX: \\servername\share\folder

If you are using a generic account instead of domain\username with vpn then how are you going to give access to a shared folder that resides on your network?  Surely you won't be creating those 75 folders on each laptop will you?

Cheers
0
 

Author Comment

by:turtletrax
ID: 20382620
Strange, not sure why but using the IP address worked.  Thanks!
0
 
LVL 8

Expert Comment

by:YGregersen
ID: 20382633
Turtletrax: Can you click your way through the network path or type the whole thing in an explorer window?
0
 
LVL 8

Expert Comment

by:YGregersen
ID: 20382637
Your DNS is not fully functional
0
 

Author Comment

by:turtletrax
ID: 20382649
The strange thing is now that I try it using the name, it also works.  I did reboot that server this morning so perhaps there was just something on the server it was confused about.
0
 
LVL 8

Expert Comment

by:YGregersen
ID: 20382876
To make it easier on the folks, you may want to consider creating a logon batch file that ask for user credentials. It could ask for input and drop in the username and password in the correct place along the command example ed below.

net use [drive letter]: \\netpath\User_Name /USER:passoword\User_name

This way when they boot the machine they can get the drive or skip but when they reboot it goes away so the next person can get prompted. Maybe make the 'autoloader' available on the desktop too.


Good luck - I am glad it was figured out that this was doable and got the correct instructions working.
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20384704
Glad to hear that.  Usually that means DNS is not working like it should, but rebooting the server fixed it.  I would probably do a netidag /v on your DC to check for DNS errors also.

Yeah, my first thought was a vscript or another script that asks for input for username/password to map a drive based on username.

Cheers
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question