File Sharing Permissions - Xp Pro

By sallyduk ยท 6 replies
Dec 9, 2007
  1. This is my first posting so please bear with me :)

    Have 2 desktops & 1 laptop all running XP Pro, all hard wired to a Gigabit ethernet LAN switch, all in a single workgroup, all with one user account (+ guest) as administrator, all with simple file sharing turned off.

    Ok, down to the problem: I want to give different permissions to different PCs (users) on certain shared directories. I've done a lot of research via Google but am still confused as how to best achieve this.

    When I'm in the ACL editer I do not see the users or workgroup connected on the LAN therefore I can not make the appropriate permission selections (allow, deny, etc.) for each PC (user).

    I understand from my research that creating a domain rather than a workgroup will allow me to achieve what I want but I have to purchase server software to adminster the domain.

    Is my ONLY other option (utilising my current workgroup) to define different permissions to different PCs (users) is to create another account on each PC that's exactly the same (including password). This account will then be seen in the ACL editor by all 3 PCs - yeah?

    I pose this question as it seems a long & complicated way round to achieve something that seems basic to me - perhaps it my lack of understanding of file sharing principles.

    Any clarity on this issue would be very much appreciated.

  2. mikescorpio81

    mikescorpio81 TS Rookie Posts: 293

    You are on your way by the sound of it. Simple file sharing off enables the security tab in folder properties, which is good.
    But you really need to set-up different user accounts. You have 1 account on all 3 PC's with the same username/password right? This means if you set permissions over that user it will affect all PC's. By creating unique logins on each PC, you can then do what you want to do more efficiently. If you create a unique login on PC1, make sure you replicate this acocunt on the other 2 PC's.

    Then you can add the user through folder properties - security and allow/deny access to files/folders.

    REMEMBER: Deny overrides Allow.
  3. sallyduk

    sallyduk TS Rookie Topic Starter

    G'day mate

    It's good to note I'm at least on the right track. Currently, all PCs have a single user with different names & passwords. I'll have a go at creating an additional user on each PC with the same name & password & hopefully this user account will then appear in the list on the ACL editer (security tab in folder properties).

    Will this new user account appear on all PCs over the LAN if each PC is logged onto it's own administrator account or does each PC have to log into this newly created user account?

    I'll let everyone know if this achieves what I'm trying to do.

    Thanks :)
  4. mikescorpio81

    mikescorpio81 TS Rookie Posts: 293

    If you create a new account on one PC, make sure you create the same account on the other PC's too. You need to do this if you are in a workgroup.

    Then you can allow/deny whichever account. It does not matter if the user is local administrator or not, if you set permissions over certain files/folders the user will inherit those permissions when accessing that data.

    Remember too: There are share permissions AND security permissions.
    Share needs to be EVERYONE - FULL CONTROL. This enables users to at least get to the data across the network. The security permissions are for file/folder access.
  5. sallyduk

    sallyduk TS Rookie Topic Starter

    Hi again Mike

    OK, created a user account called Fred on two of the PCs. Good news is that the account appeared in the Group/User name Permissions list. The bad news is when I highlighted Fred as full control for a folder on PC 1 that I wished to share with PC 2 I'm refused access to the contents of the folder unless I logged into PC 2 as Fred.

    Ok, probably my fault - let me explain again what I'm trying to achieve here. I want to be able to log on to a single user account (administrator by default on a single account) on each PC & also be able to set restricted permisions on certain shared folders for a specific PC/User on the LAN whilst giving full permision to another PC/User, ie. different permisions to different PCs/Users.

    From all the research I've done to date I haven't found anything that states it's possible to define different shares to different PCs/Users on different folders within a workgroup setup. I understand that this is achievable if the PCs/Users are on a domain but I understand that I would have to purchase server software to administer this.

    I hope this isn't correct & can't understand why I can't achieve a result for simply defining permisions for different folders for different PCs/Users within a workgroup residing on a LAN without having each time to go to all the trouble of switching users - crazy!

    Can you confirm or otherwise when sharing different folders/files for different PCs/Users with different permisions for each user is achievable without switching accounts & without having to set up a domain rather than sticking with my current single peer to peer workgroup? Please say yes if it's true & how.


    ps. I have set the permisions in the sharing tab but note that under the security tab/advanced that there are numerous options available - I don't understand these but could this be the area for achieving a result for my different permision shares?

    pps. Just had another thought - would the best way to achieve a result be to set up another workgroup that only 2 out of the 3 PCs are registered in so that those 2 PCs can share folders/files with each other without the 3rd PC having access? If so, how do I create a second workgroup?
  6. mikescorpio81

    mikescorpio81 TS Rookie Posts: 293

    If you want users to log on as administrator on their PC (by default), it can be done. The easiest way is to create a user on the shared data PC and give this user rights over all files/folders. Then restrict what the administrator account can get to (share/security permissions). whenever a user logged in as administrator clicks into a file/folder that the administrator account does not have permission to, they will be prompted for a username/password. If you want to access that data you would then type in the account you created beforehand and you should be able to then access the data while logged in as administrator. Understand? :)

    You really should have a good understanding of file/folder permissions before trying stuff like this. you could lock the administrator account out of files/folders if you're not careful.

    At the top-level for the shared folder, "Everyone - Full Control" for shared permissions, and "CreatedAccount - Full Control" for security permissions. Give administrator read access to certain files/folders or deny permissions (be careful). Then when users are logged in as administrator and try to browse to certain areas that you have restricted, they will be prompted for a username/password or will receive "Access Denied".

    All of this can be avoided though, if you create unique accounts for all users. The accounts must be created exactly the same on the shared PC and the users PC. On the shared PC you can then set permissions over the data.
  7. sallyduk

    sallyduk TS Rookie Topic Starter

    Thanks for your response Mike - hopefully the penny will drop very soon!

    I'll experiment with your guidlines above but just before I do & to check my understanding that I've grasped what you're saying....

    OK, so I can indeed achieve different folder/file shares for different PCs/Users on the LAN - I always quote "PCs/Users" as PC & User are the same for my setup - PC1 & PC2 (laptop & desktop) are used soley by one member of the family whilst PC3 is solely used by the other family member.

    Each of the 2 family members wish to be able to share folders/files with each other but deny permissions on certain other folders/files. Each of the 2 family members only have a single user account which by default in XP is the administrator account (type of user account but not the name of the user account). Each family member does not want to have to switch user accounts to facilitate access to different folders/files.

    On previous experimentation with folder/file permissions I could not see the other family member in the list to be able to select & set the folder/file permision. The only way I've been able to see another user is by creating identical accounts on each PC & then having to switch user account to be be able to access the file/folder or be denied access to the file/folder dependent upon the share setting.

    Are you saying that if each of the 2 family members replicate each others user account on their own PC then those user accounts will be seen in the file permission list & depending on whether the other family member has set the folder/file to "allow" or "deny" will determine the access? If the access is set to "deny" then the family member trying to access it will have to have the password to gain access? Can you also please confirm that although each family member's user account (not password) is replicated on all 3 PCs, family members do not have to switch user account to be able to gain access to a folder/file residing on that other PC's main (Administrator) user account?

    This must be doing your head in - it's certainly doing mine! :( I hope I've been able to effectively communicate what I'm trying to achieve & apologise for the long winded postings but I'm not very good at summarising!


    ps. as soon as I've cracked folder/file permissions, I promise to disappear for eternity so you can focus on other peoples problems :)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...