Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to grant access to a shared folder on Server 2008 DC

Posted on 2010-09-23
16
Medium Priority
?
906 Views
Last Modified: 2012-05-10
Recently I installed a new Windows Server 2008 machine in a network and then joined 3 computers to the domain.  I would like for each computer that is connected to the domain to be able to access a shared folder called Public on the server.  Everytime I try to connect to this server I am prompted for administrator credentials.  Is there a way that I can make this folder available for any computer that is a member of the new domain?
0
Comment
Question by:Gary Gordon
  • 6
  • 3
  • 3
  • +3
16 Comments
 
LVL 4

Expert Comment

by:nutwoo
ID: 33748196
have you added share and ntfs permissions on the share for the users trying to connect ?
0
 
LVL 7

Expert Comment

by:sirocco87
ID: 33748233
-Create a user or multiple user accounts in the AD.
-Create a folder on the server
-Edit sharing and security settings to allow read/write access for the accounts you created earlier.
0
 
LVL 7

Accepted Solution

by:
myhc earned 1000 total points
ID: 33748263
have you infact added the PC's to the domain. in My computer.  Sounds like you havn't .
Sorry to ask but i don't know your level of knowledge.

If your PC's are on the domain you should just get access denied, not a prompt.

 
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 7

Expert Comment

by:myhc
ID: 33748275
Do your users exist in active directory only or have you added them to the PC as well?
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 33748496
ALL:  The client computers in question have been added to the domain sucesfully.  When I go to Active Directory Users and Computers, there they all are.  Now the windows user profiles on these machines are strictly local.  We are not using domain based accounts or domain based user profiles.

Here's what I did so far.  I shared the folder (\\CBNO\Public).  Created a User Group called "CBNO-PCs" and then added all the domain connected PCs to it.  Then I gave this group "Co-ownership" of the \Public folder on the server.  When I attempt to map the share or connect via run command, I get a username/password prompt.

Can I access this share based on computer membership to the domain or will I have to use a domain based user account for access?  
0
 
LVL 7

Expert Comment

by:myhc
ID: 33748557
thats because you can't do it like that. you need to add the users into AD. or create one user that everyone knows. then you could a a mapping presetup to allow access without prompt.
0
 
LVL 7

Assisted Solution

by:myhc
myhc earned 1000 total points
ID: 33748585
mapping will be

net use z: \\cbno\public /user:username password
0
 
LVL 7

Expert Comment

by:myhc
ID: 33748622
you need to create a user called "serveruser" or something, set a password, set user never to expire. then add it to your new group.
If you only use the one user then you can drop the group.

I would recommend creating all users in AD and making people login using them. Otherwise you might as well drop the domain controller and just get a network storage box. £200.

If users logi to the domain you can do the mapping as a global change, and even add icons to the desktop automaticly pointing to the folder required
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 33763451
Just use the built in AUTHENTICATED USERS GROUP on the file share for permissions. When they logon to the Active Directory computer, with thier AD user credentials, they will be granted access to the share that has Authenticated users on the share.

0
 
LVL 2

Expert Comment

by:kmalte
ID: 33763681
During my 12 odd years in NT Domain/AD Iäve never used this scenario. The only thing that would work is using Everyone for permissions (enabling anonymous access) which is like leaving your front door open at all times.

Is there a reason for not using domain user accounts?

ChiefIT, its local accounts used, not domain accounts.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 33765222
I agree, not using the Everyone account.

Logging on with local users is like having a cadilac setting in your garage and not driving it.

AD is used specifically for sharing and authentication for a group of people. If uses are logging on as a local user when you have a domain, it defeats the purpose of having a domain in the first place. Since these are domain computers, give your users domain user access and then give them domain priveleged access to the file shares.
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 33899042
Well, the server only came with 5 user accounts and this non-proffit can not afford more.  I was under the impression that I could add all the pcs to the domain and then just use local profiles.  To get into shared folders on the server I guese I will need a logon script that supplies credentials of a domain user account with rights to the share.  Can I create more than 5 domain user profiles if I have only 5 licenses that come with the server OS?  Can I create a startup script on the PC that connects to a server share and supplies a domain un/pw?  
0
 
LVL 2

Assisted Solution

by:kmalte
kmalte earned 1000 total points
ID: 33899276
"Can I create more than 5 domain user profiles if I have only 5 licenses that come with the server OS?"
Yes you can but It is probably in breach of the license agreement.

"Can I create a startup script on the PC that connects to a server share and supplies a domain un/pw?"
Absolutely.
0
 
LVL 2

Assisted Solution

by:kmalte
kmalte earned 1000 total points
ID: 33899310
For startup scripts this small tutorial might be helpful: http://www.tutorial5.com/content/view/157/47/

myhc has previously shown how to map the drive so just create a batch file containing something like this:
@echo off
net use X: \\server\share /user:domain\username password /per:no
0
 
LVL 7

Expert Comment

by:myhc
ID: 33907522
how is this going ??
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 33925724
Thanks all!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question