Solved

How to grant access to a shared folder on Server 2008 DC

Posted on 2010-09-23
16
894 Views
Last Modified: 2012-05-10
Recently I installed a new Windows Server 2008 machine in a network and then joined 3 computers to the domain.  I would like for each computer that is connected to the domain to be able to access a shared folder called Public on the server.  Everytime I try to connect to this server I am prompted for administrator credentials.  Is there a way that I can make this folder available for any computer that is a member of the new domain?
0
Comment
Question by:Gary Gordon
  • 6
  • 3
  • 3
  • +3
16 Comments
 
LVL 4

Expert Comment

by:nutwoo
ID: 33748196
have you added share and ntfs permissions on the share for the users trying to connect ?
0
 
LVL 7

Expert Comment

by:sirocco87
ID: 33748233
-Create a user or multiple user accounts in the AD.
-Create a folder on the server
-Edit sharing and security settings to allow read/write access for the accounts you created earlier.
0
 
LVL 7

Accepted Solution

by:
myhc earned 250 total points
ID: 33748263
have you infact added the PC's to the domain. in My computer.  Sounds like you havn't .
Sorry to ask but i don't know your level of knowledge.

If your PC's are on the domain you should just get access denied, not a prompt.

 
0
 
LVL 7

Expert Comment

by:myhc
ID: 33748275
Do your users exist in active directory only or have you added them to the PC as well?
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 33748496
ALL:  The client computers in question have been added to the domain sucesfully.  When I go to Active Directory Users and Computers, there they all are.  Now the windows user profiles on these machines are strictly local.  We are not using domain based accounts or domain based user profiles.

Here's what I did so far.  I shared the folder (\\CBNO\Public).  Created a User Group called "CBNO-PCs" and then added all the domain connected PCs to it.  Then I gave this group "Co-ownership" of the \Public folder on the server.  When I attempt to map the share or connect via run command, I get a username/password prompt.

Can I access this share based on computer membership to the domain or will I have to use a domain based user account for access?  
0
 
LVL 7

Expert Comment

by:myhc
ID: 33748557
thats because you can't do it like that. you need to add the users into AD. or create one user that everyone knows. then you could a a mapping presetup to allow access without prompt.
0
 
LVL 7

Assisted Solution

by:myhc
myhc earned 250 total points
ID: 33748585
mapping will be

net use z: \\cbno\public /user:username password
0
 
LVL 7

Expert Comment

by:myhc
ID: 33748622
you need to create a user called "serveruser" or something, set a password, set user never to expire. then add it to your new group.
If you only use the one user then you can drop the group.

I would recommend creating all users in AD and making people login using them. Otherwise you might as well drop the domain controller and just get a network storage box. £200.

If users logi to the domain you can do the mapping as a global change, and even add icons to the desktop automaticly pointing to the folder required
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33763451
Just use the built in AUTHENTICATED USERS GROUP on the file share for permissions. When they logon to the Active Directory computer, with thier AD user credentials, they will be granted access to the share that has Authenticated users on the share.

0
 
LVL 2

Expert Comment

by:kmalte
ID: 33763681
During my 12 odd years in NT Domain/AD Iäve never used this scenario. The only thing that would work is using Everyone for permissions (enabling anonymous access) which is like leaving your front door open at all times.

Is there a reason for not using domain user accounts?

ChiefIT, its local accounts used, not domain accounts.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33765222
I agree, not using the Everyone account.

Logging on with local users is like having a cadilac setting in your garage and not driving it.

AD is used specifically for sharing and authentication for a group of people. If uses are logging on as a local user when you have a domain, it defeats the purpose of having a domain in the first place. Since these are domain computers, give your users domain user access and then give them domain priveleged access to the file shares.
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 33899042
Well, the server only came with 5 user accounts and this non-proffit can not afford more.  I was under the impression that I could add all the pcs to the domain and then just use local profiles.  To get into shared folders on the server I guese I will need a logon script that supplies credentials of a domain user account with rights to the share.  Can I create more than 5 domain user profiles if I have only 5 licenses that come with the server OS?  Can I create a startup script on the PC that connects to a server share and supplies a domain un/pw?  
0
 
LVL 2

Assisted Solution

by:kmalte
kmalte earned 250 total points
ID: 33899276
"Can I create more than 5 domain user profiles if I have only 5 licenses that come with the server OS?"
Yes you can but It is probably in breach of the license agreement.

"Can I create a startup script on the PC that connects to a server share and supplies a domain un/pw?"
Absolutely.
0
 
LVL 2

Assisted Solution

by:kmalte
kmalte earned 250 total points
ID: 33899310
For startup scripts this small tutorial might be helpful: http://www.tutorial5.com/content/view/157/47/

myhc has previously shown how to map the drive so just create a batch file containing something like this:
@echo off
net use X: \\server\share /user:domain\username password /per:no
0
 
LVL 7

Expert Comment

by:myhc
ID: 33907522
how is this going ??
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 33925724
Thanks all!
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now