Link to home
Start Free TrialLog in
Avatar of Marc_Artur
Marc_ArturFlag for Sweden

asked on

multiple networkshares with mutiple users on one computer

Hi there all,
well my problem is that i have a small workgroup with a server. They are not in any domanin just same workgroup. The server is running standard edition 2016 and the computers are running windows 10 enterprise. I configured the server as a file server and then i shared a couple of folders. now here comes the issue. some forlders i want only one or two persons to acess but when i map the network folders to the workstation. every time i want to map another folder with a specific user diffrent that the first time i get connection error. i tried to looka rround and tried many pssible sollutions but none work. i tried to use net use in a cmd like this but like i said only one connection to the server is accepted at any time. please help :-)

net use o: \\10.0.0.10\user1  /user:SERVER\user1 user1123
net use p: \\10.0.0.10\user2  /user:SERVER\user2 user2123
net use q: \\10.0.0.10\user3  /user:SERVER\user3 user3123

Many thanks
Marc
Avatar of Rob Williams
Rob Williams
Flag of Canada image

During any given session you can only use one set of credentials to a server.
You would normaly control access to shares by permissions not using different mappings
Why wouldn't you make this a domain.  It would be so much easier to set permissions and manage.
Rob is right, one set of creds per share, however you could write batch files with each username, it'll be easier for you to set up a domain to be honest. You have the server, you can install AD and create the users and groups within a few hours.
Yea, as noted above it's not possible to connect to the same server with more than one user account for SMB/CIFS access.
You need to consider what you're trying to achieve to assess the best way to achieve it. why do you want to do this?
Avatar of Marc_Artur

ASKER

Thnak you for the fast answer, yes i do agree that that would be a much faster way ( at first i did suggest this), but under the cirmunstances it is not an option :-( and at the same time i try to keep some files private to different users.

Shortley explaied there are several small offices that come together and share a server. they have the common files that they have projects on but they all want their own "private space" on the server. they are allso connected to several diffrent networks throu citrix and vmhorizon
They aren't going to do it as a Windows Server.  Even in a domain - which does make more sense.  Get a bunch of cheap NAS devices if they really need that separation.
Putting it bluntly, what they want and what they need are two completely different things, they need a domain whether they want it or not.

Why won't they accept a domain at that site?
Also that's an excellent sugggestion Lee, a cheap netapp would be ideal
Generally, you should create multiple shared folders on the server, and give each user their own user account.
Apply permissions to each folder to allow only the appropriate users to have access.

You then allow each user to connect/map to each share they should have access to.
well if the batchfiles is the way to go.. what choice do i have, it sounds strange that you cannot logon to diffrent shares with diffrent usernames/passwords from one computer...
well if the batchfiles is the way to go.. what choice do i have, it sounds strange that you cannot logon to diffrent shares with diffrent usernames/passwords from one computer...

That's correct - multiple people have said this as has Windows I'm sure, which is (unusually) explicit in the error message.
Multiple accounts can have access to the same share. Each person should connect with their own account that gives them access to all of the folders they need access to, but not the folders they don't have access to.

Create a group for each share. Give the group NTFS and share permissions. Put users into the group. That is how you assign permissions.
Thank you Kevin, thank you all :-)  but this applies if you have a domain setup. right now i can connect to from the client workstation only to one share on the server. all other shares i get error acessing. i tried creating local users on the workstation that have same credentials as the ones on the server but that id not help.
i know that it is not so simple what i try to do and there are diffrent ways, much, easier ways to do this, but sadly this is what i have to fix, or find a sollutios with your help. i still find it hard to belive that you cannot acess more than one share with one credential at a time ....they should you not acess diffrent network resources with diffrent user credentials....
If you have a workgroup server, multiple users, and multiple permissions it is going to be an absolute nightmare to manage passwords.  Also mapping drives to different folders does not control access to the other shares, it's basically just a shortcut. Though not ideal you can have multiple companies on one server and in the same domain, just carefully set permissions by groups and have a group for each company.

I can never get over how a company cannot justify the cost of their own server.  You can buy a decent file and print server for $3.50 per work day.  Weekends are free :-)

That being said why  not just use a cloud service like onedrive.
You can create local groups.

But it makes perfect sense.  You don't authenticate to a share.  You authenticate to the computer.  So how is the computer to know which "authentication" to apply to a share?  It doesn't - so only one ID can establish a connection with that server.
>>"i still find it hard to belive that you cannot acess more than one share with one credential at a time"
You can access as many shares as you like with the same credentials the issue is using 2 sets of credentials at the same time.
i think i am starting to... kind of understand this... i will try to adress the questions one at a time:
1. Rob - well with proper dokumentation etc iit would not be a nightmare mapping passwords etc. like i wrote that is the easy part
2. Lee - i was thinking that by using
net use o: \\10.0.0.10\user1  /user:SERVER\user1 user1123
net use p: \\10.0.0.10\user2  /user:SERVER\user2 user2123
net use q: \\10.0.0.10\user3  /user:SERVER\user3 user3123
the computer allways will map that drive to the respective network floder that has only one user permission ( on the server)
using net use command like above it should be clear that for each network path it should use that specific username and password
Again, the authentication is with the server, NOT the share.  The server wouldn't know which account to access a share with if it let you do the other two accounts - because the authentication rests with the server not the share.
Hi there Lee, i am sorry but... ireally don`t get this... lets take exactly like how i configured it....
ont he client computer:
net use p: \\10.0.0.10\user2  /user:SERVER\user2 user2123
so map user2 folder using the following credentials
the server looks at the network share and there there is under advanced/sharing/Permission user2 with right credentials - it says ok and it works

now on the same computer we try  after mapping
net use o: \\10.0.0.10\user1  /user:SERVER\user1 user1123,
diffrent network path, diffrent user credentias
the server looks at the network share the credentials are right but it denies access to the network folder

the server denies the connection of the local computer even if it has the right credentials for the right network shared folder....
it is like havind several e-mail adresses but you can look only one at a time...
Avatar of Vikas Bhat
Vikas Bhat

Create multiple DNS entries locally in host file pointing to same IP and then use

net use o: \\SHARE1\user1  /user:SERVER\user1 user1123
net use p: \\SHARE2\user2  /user:SERVER\user2 user2123
net use q: \\SHARE3\user3  /user:SERVER\user3 user3123

SHARE1,SHARE2,SHARE3 should resolve to same IP: 10.0.0.10
As stated over and over you can't connect to the same server with 2 credentials at the same time. You can't even do one then the other without a reboot.
Why not just create one share with multiple folders, one for each company, and set the permissions.  This is where it's a pain, the user changes their local password, now you have to log onto the server to change their password for them so it matches, because it's a work group.
You can create 1 share with multiple folders as suggested, which is a good idea.

You can also have different scripts for different computers. Notice that both user1 and user2 are connecting to share1 for the O drive. For the P drive, they connect to different shares.


on Computer A
net use o: \\10.0.0.10\share1  /user:SERVER\user1 user1123
net use p: \\10.0.0.10\share2  /user:SERVER\user1 user1123


on Computer B
net use o: \\10.0.0.10\share1  /user:SERVER\user2 user2123
net use p: \\10.0.0.10\share3  /user:SERVER\user2 user2123
My suggestion for managing permissions does not apply to just AD environments. It is the permissions model that dates back to Windows NT, and works in workgroup mode.
Hi there Vikas, you mean like

10.0.0.10            \\SERVER\SHARE1
10.0.0.10            \\SERVER\SHARE2
or how?

Yes Rob and Kevin i will try this little later this evening and let you know if it will work, but i am still worried asi have to change the credentials for the folders under it
hi there Kevin, yes my days take me back to nt 4.0... so this i why i think or i rememner that this is possible and should be. at that time there awws not this big craze about domains and surfing was done via 16k modem.... back in the days....

the user rights is put on the server for diffrent users... hmmmm
I date back well before NT4 (punch cards and main frames) but quickly learned, even with NT4 and Back Office Server, domains saved so much time and improved security.  My company will only manage domain networks for that reason.  However, workgroups work fine, just less secure and more time to manage.  The key, as with NT4, is making use of NTFS (security)  permissions to manage and secure access.
I never used punch cards, and the tape was audio cassette type in Commodore PET as I recall. My first NTFS permissions was NT 3.5, which was soon upgraded to NT 3.51.
thank you Rob and Kevin for reminding me of thouse times, sometimes i forget the romance of computers, there are few things that the current generation kind of forgot like going to a friend and taping computerprograms with the tape recorder...

i will try to go and sleep on the matter, and try testing out tomorrow, but still i am quite unsure on how and why if you have the right permission the right networkpath you cannot do more than one connection at a time. i checked NTFS permmissions and it looks fine  that is i  added the specific user with full rights, and the share folder with only one user rights to acess. logical it would be that every time you try to acess that specific resource on the network it would check for the user rights and then you bound diffrent network paths to diffrent users, of course if you provide the right username and password.

i was thinking about the solutions with the NAS, that cold perhaps work, but then again what is if the common files shares are on the windows server and the personal shares are on the NAS, will windows not complain that there are more connections with diffrent credentials?

thank you again for the time you put indo helping me :-)
That's not how authentication works. You authenticate once, and all communications will use the same authentication token.

An old trick is to first connect to \\servername\ipc$ /user:domain\user

Once the password is entered and accepted, you are authenticated for all future communications until logout. You don't get an opportunity to present different credentials to each share you access. When you are logged into a machine, you have 1 identity on the network. Since you are in a workgroup, you can present different identities to each machine, because nothing is centralized. You do not, however, get to present multiple identities to the same machine.
i still find it hard to belive that you cannot acess more than one share with one credential at a time
It's generally an issue with how shares are intended to work in the SMB protocol. You effectively connect to the server once and authenticate. This single authentication is then used to identify which shares you can and cannot access. It's efficient and doesn't have to keep a record of which authentication to use for each folder.

May not be ideal for some specific scenarios, but it may be the most efficient option overall.
ASKER CERTIFIED SOLUTION
Avatar of Vikas Bhat
Vikas Bhat

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
THANK YOU ALL for trying to help me and thank YOU Vikas, your sollution was spot on. It worked to map from the same computer with diffrent user accounts. Thank you again :-). So despite everything it works :-)
Thankyou Marc, happy to help!