Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Add local computer account to server share permissions

Posted on 2009-05-13
Last Modified: 2012-05-06
I want to add a local computer user account to a server share..Is this possible?
Question by:judsoncollege
  • 3
  • 2
  • 2
  • +2
LVL 18

Expert Comment

by:Andrej Pirman
ID: 24379657
Yes, it is.
But first you need to create the identical user account on SERVER, with identical USERNAME and PASSWORD as on local computer, and then edit share permissions on SERVER and add this user to have desired privileges.

But note, that resulting permissions are the combination of NTFS Permissions (Security Tab) and SHARE Permissions (Share Tab), so do not forget to edit permissions in both tabs under Properties of shared folder on server side.
LVL 95

Expert Comment

by:Lee W, MVP
ID: 24379684
Let's be clear - that's not the same thing  - you can work around it labsky suggests, but you cannot add local accounts to other machines.
LVL 18

Expert Comment

by:Andrej Pirman
ID: 24379687
Note 2:
My previous answer was assuming that you are talking about SERVER in WORKGROUP environment, NOT in Active Directrory DOMAIN environment. Because in DOMAIN environment, procedure is a bit easier, but different.
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

LVL 18

Expert Comment

by:Andrej Pirman
ID: 24379697
And yes, Leew is correct - my 1st answer is a workaround, which would work, but is not the proper way of setting it up :)

Author Comment

ID: 24379775
I am talking about in an Active Direcotry environment.
LVL 95

Accepted Solution

Lee W, MVP earned 300 total points
ID: 24379809
You cannot apply security or groups to local accounts BEYOND the local system.  Create a domain user account for the person and restrict them appropriately using their account properties and appropriate security settings in Group Policy and the file system.
LVL 18

Assisted Solution

Americom earned 100 total points
ID: 24380240
You should probably manage your account appropriately to avoid unnecessary administrative works. If you already have active directory then stay away from local account. When password expired, the workaround with same username and password of a local account to match with domain account will be problematic in the long run.
LVL 10

Assisted Solution

Banthor earned 100 total points
ID: 24380927
Best Practices supports All scenarios
Create a Local Group to access the resouce share
Add Domain Groups and Local Members to the local resource Group.
  Groups should exist for each set of descrete permissions
Never add a User to a resource, only include them into groups
Never use Deny
Disable Guest.
Disable Administrator
Replace Everyone, with Authenticated Users


Author Closing Comment

ID: 31581215
Thanks everyone.

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell Active Directory Attribute LVR Metadata 3 18
WMI Setup on Server 2012 and 2008 GPO 1 29
Editting Multiple Objects in AD 4 21
Powershell to query AD 3 35
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question