• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 813
  • Last Modified:

local user account access to another machine?

this actually seems like a obvious answer now i write it out,
the situation: windows server 2008 r2

serverA - has local account user: accountx

serverB(same network) has a shared folder,

am i correct there is no way to give accountx permissions on this folder on serverB?

meaning i would need to have a domain account to do this?

many thanks!
0
weaverk
Asked:
weaverk
2 Solutions
 
themrrobertCommented:
Well because they are both servers, I'm not sure, however it seems like you could go to the Sharing + Security option on the shared folder on serverB (right click the shared folder and choose "Sharing & Security"), and add the user from serverA with permission.  

When adding the user, you can use DOMAIN\Username if the user is on another domain, or COMPUTERNAME\Username if it is a local username to that computer.
0
 
epichero22Commented:
Or just go to serverB and add a user the same way: same username / same password.
0
 
KCTSCommented:
Yes - and No

You could (should) do this with a domain account, however, if you create a user account with the same name on both severs - with the same password, it will work seamlessly (until you change one of the passwords).

Alternativly when you connect to the share, just use the username/password of an account on the machine where the share is located
0
 
BeartlaoiCommented:
YES

You have serverA\accountx which your process is running under.
On ServerA in a CMD prompt run:
  getsid.exe \\. accountX \\. accountx
  to get the SID of accountX
On serverB create or use an account solely for the purpose for logging into serverB from serverA, call it accountY
On ServerB create a local group that will be used to control access to the share and its folder, call it groupY.
Add serverB\accountY to groupY
Use this vbs script to force the SID to be a member of groupY, modify it with proper name and SID
On Error Resume Next 
 
Const ERR_ALREADY_MEMBER=&h80070562 
 
strComputer = "." 
strGroup = "groupY"
'replace SID below with SID of user to add 
strSID = "S-1-5-21-979129171-3499849554-561687685-1011" 
 
Set objUser=GetObject("WinNT://" & strSID) 
If Err Then 
    WScript.StdErr.Write "ERROR: Invalid SID " & strSID & VbCrLf 
    WScript.Quit 1 
End If 
 
Set objGroup=GetObject("WinNT://" & strComputer & "/" & strGroup & ",group") 
If Err Then 
    WScript.StdErr.Write "ERROR: Can't open group " & strComputer & "\" & strGroup & ": 0x" & Hex(Err.Number) & vbCrLf 
    WScript.Quit 1 
End If 
 
objGroup.Add objUser.ADsPath 
If Err Then 
    If Err.Number = ERR_ALREADY_MEMBER Then 
        WScript.StdErr.Write "ERROR: SID " & strSID & " is already a member of " & strComputer & "\" & strGroup & VbCrLf 
    Else 
        WScript.StdErr.Write "ERROR: Can't add SID " & strSID & ":  0x" & Hex(Err.Number) & VbCrLf 
    End If 
Else 
    WScript.StdErr.Write "Success: Added " & strSID & " to " & strComputer & "\" & strGroup & VbCrLf 
End If 

Open in new window

Save this as ForceSid.vbs on serverB and run it.
  cscript ForceSid.vbs
Open the members of groupY to verify that the SID is now in there.
On serverB add groupY to both the share permissions and the folder permissions as desired.
On serverA open a cmd prompt with RunAs serverA\accountX
On serverA establish a network login to serverB with this cmd line:
  net use \\serverB\sharename /user:serverB\accountY <password>
Now you can access the files.
0
 
abbrightCommented:
When you create accountx as local account on ServerB with the same password the access will be possible. This is workgroup-style access. ServerB authenticates with the username and password to serverA.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now