Workgroup Security

#1
I am having trouble with shares. I have three machines running Windows 7 Pro all in the same workgroup and on a Work Network. On PC1 I have created a share with Everyone with Full control on the Share Permissions tab and then a user with full control on the Security tab. However the user is local to PC1 and when the same user ID (different SID) on PC2 can see the share but no access to write. What am I doing wrong?

Please let me know if you need more info.

Thanks.
 


Trouble

Noob Whisperer
#2
On the machine hosting the share open network and sharing center and from the left column choose "Change advanced sharing settings" in the "Home or Work (current profile) area scroll to the bottom and "Turn on password protected sharing" and "Use user accounts and passwords to connect to other computers"
Now just make sure that the user account in question has the same username and the same passwords on both machines and Windows pass through authentication should take care of the rest. As long as he is not a member of a "Group" that has less than write permissions.
When a share is accessed across the network, share permissions and ntfs permissions are enumerated against the user account as well as group account that the user is a member of. His access token will be based on the most restrictive of these cumulative permissions.
 


#3
Thank you Randy.

That is the part I was missing, "Use user accounts and passwords to connect to other computers". I will try this out on Monday. Thanks again and have a great weekend.
 


#4
I have tried this an must still be missing something. I have created a test user on both PC's with the same ID and PW. They are both members of the users group for each PC. For example users group on PC1 and users group on PC2, the share hosting PC. The Share Permission is set to Everyone with Read access and Administrators set to Full Control. On the security tab System is set to Full Control, Test user set to Full Control and Administrators set to Full Control.

On the Share Hosting PC under Advanced share settings, Network discovery is on, file and printer sahring is on, Public is off, 128-bit encryption is on, password protected sharing is on, and use user accounts and passwords it on.
I have even made the same changes on PC1 but still get Network Error message you do not have permission to access share.

Please help.
 


Trouble

Noob Whisperer
#5
Normally you would set the share permissions to full control - everyone and then use the ntfs permissions under the security tab to make more granular and specific adjustments regarding your file or folder security. Anyway this is starting to sound more like a third party piece of software problem than an actual microsoft security problem. So take a look at any such software and make sure that you don't have something else actually preventing anytype of network access. Then adjust your security settings for your test project as I suggested above, and always use the ntfs permissions to get specific regarding read, write, modify, etc. Test if need be, full and full, (for your test user) and then back it off a little a see if you can figure out why it's breaking (when done make sure you remove the everyone group in both locations).
 


Trouble

Noob Whisperer
#6
Also remember when making adjustments in folder level permissions and security make sure you cascade those permissions down to include sub-folders and files. Also make sure that you are not inheriting permissions from a parent container that may be causing problems.
Don't know how much patiences you've got but here's a pretty good microsoft article regarding security (share and ntfs) kinda wordy but perhaps worth a read. Administering Shared Folders
 


#7
Thank you again. That did it, I was setting them up wrong. I needed to set the share permissions to full conrtol. Thank you again.
 


Trouble

Noob Whisperer
#8
Glad to hear that you got it sorted out. Thanks for posting back and updating your thread. Hope to continue to see you around the forums.
Randy
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.