Do I need a different version of Windows? File/sharing permissions?? Neutered Administrator=Limited User?

[Antoneo]

Hrmm, I have a total of four computers that should be all Windows based and currently have Windows XP set up on all of them. However, one machine, let's call it Server, is dedicated to hosting all of the files that would be opened by the other three; for example, videos, documents, pictures. One machine is a desktop connected to the router by ethernet, and the other two machines are laptops with 802.11b/g connectivity.

I'd like to have two accounts: one for me with administrative rights, and another more restricted account that can use programs, open and edit document type files, but can't install programs. I'll refer them as Admin and Family respectively.

Right now, I'm setting each computer up with Admin (of the group Administrators) and Family (of the group Users: Limited User) accounts and locking down the latter with gpedit.msc. It is a great pain to install the same programs on each computer and trying to make the customizations match for each. I'm aiming to have all accounts on all computers run the same programs and have uniform customizations. So there I encountered the first apparent difficulty; it feels very stupid to do the same thing 4 times. I know has to be a better way.

Next, I run into either file permission problems or file sharing issues. I'm not sure if the blank password on Family is the problem, I'd like to have it stay that way, but when trying to browse into the Server while logged in as Family, I get an error message:

"\\Server is not accessible. You might not have the permission to use this network resource... Logon failure: user account restriction. Possible reasons are blank passwords are not allowed, logon hour restictions, or a policy restriction has been enforced."

I am able to browse the Server's shared contents fine when I am logged in as Admin on the other machines. But not when I am logged in as Family. I tried making Family a member of Administrators but that didn't solve the problem. Windows XP SP2 Firewall permissions have been set to allow File and Printer Sharing.

After running into that problem, I've decided that there's gotta be a better more intelligent way to do all of this. I'm very new to administering computers, but am VERY willing to learn at this point. Note that work is to be done on all computers (ie. Photoshop, word processing) so having a linux server might not be the best of solutions. I'm guessing that changing the operating system on the Server computer to an actual "server" OS would be the answer? Again, I have no experience with management of a domain/workgroup and roaming profiles, but if it solves this hell of a mess, I'm all for it. I'd like to know what I'm jumping into first and if it is worthwhile. 😀 Let me know what you guys think, I'm ready to learn and would appreciate it if someone besides myself would lead the way.

******Hrmm, ok, does a neutered Administrator account equal a Limted User account? Meaning if I created an administrator account and simply included it so that a local group policy restrictions would apply to it (lockdown), would that be equivalent to a Limited User account created by Windows User Accounts in the Control Panel?

 

[Antoneo]

Uppity while I'm researching!

 

[ColKurtz]

Questions:
1)Do you have specific shares set up on the server, or did you simply enable file sharing?
2) Can you map a drive in explorer to that share?
3) Does explorer prompt you for a USERID/PASSWORD when you try to map the share?
4) Can you NET USE X: \\SERVERNAME\SHARENAME?
5) What are the error messages on each (explorer and NET USE), if any?

Maybe we can glean something from the error messages.

 

[Antoneo]

Originally posted by: ColKurtz

Questions:
1)Do you have specific shares set up on the server, or did you simply enable file sharing?
2) Can you map a drive in explorer to that share?
3) Does explorer prompt you for a USERID/PASSWORD when you try to map the share?
4) Can you NET USE X: \\SERVERNAME\SHARENAME?
5) What are the error messages on each (explorer and NET USE), if any?

Maybe we can glean something from the error messages.

My answers to your questions:
1) I disabled Simple Filesharing in the Folder Options. For each folder that was to be shared, for example "Documentaries," I right clicked-->Sharing and Security and enabled File sharing. The Permissions in there is "Everyone"-->Read Only (checkmarked). The NTFS permissions is set so that there are two Users: Admin and Family. Admin has Full Control while Family has "Read and Execute, List Folder Contents, Read" allowed while "Write" is denied. Would the NTFS Permissions affect those in the File Sharing NTFS? I'm running Windows XP SP2 on all the machines. So yes, I set up specific shares on the Server computer.

2) I can map a network drive to the share on Server in the Admin account on the laptop. I am also able to map a network drive to a share on the laptop from the Server machine while loged in as Admin. However, while logged in as Family, I cannot do the same. See the pics below.

3) When I am logged in as Family on the laptop, and go to "My Network Places"-->"Workgroup Computers" I am asked to provide a username and password. The username/userid is the same for all computers; Admin has a uniform password across all machines, and Family was set not to have a password for convenience. I typed in "Family" and clicked OK, but the dialogue box doesn't accept it (just pops up again asking me to enter the username and password).

When I try to map a share with Explorer (while logged in as Family on a laptop), I see the Server listed but none of its shared directories are. 🙁

On a related note, while I am logged in as Admin on the laptop, I can access the shared directories easily, and even do: //Server/c$ or any other drive.

**I did use the command: "net user Family /time:Monday-Sunday,8AM-9PM"
I'm not sure if that would affect anything.

4) <-- will update after I get a chance at the laptop, my brothers are using them.
5) Here is my mapdrive attempt on a laptop while logged in as Family. Note that mapping a drive does work while logged in as Admin.

Here is what I see after I try to browse to the shares in Explorer:
First, when the restriction hours on the Server was set--> npbrowse_time_restrict.JPG
After I removed the time restrictions:npbrowse_time_all.JPG

Would a server OS fit my needs better or would tinkering with Windows XPs work? I'm pretty sure the latter will work, but if having a server operating system would drastically simplify fixing things then, I'm interested.

 

[Antoneo]

Is there some way where I can install everything properly (like programs, browser preferences, local group policies) and then have that copied to each other Windows XP machine?

If I take an Administrator account, and apply local group policies restrictions on it, will it in effect be a limited user account?

 

[mechBgon]

it feels very stupid to do the same thing 4 times. I know has to be a better way.

There is, it's called an Active Directory domain. Hehe... 😀

Is there some way where I can install everything properly (like programs, browser preferences, local group policies) and then have that copied to each other Windows XP machine?

Remote Installation Services.

Probably not the answer you wanted, but if you happened to have a legit Windows Server 2003 license, you'd be on the starting line.

 

[Antoneo]

Ok, I solved my access problems by setting Windows XP to accept a blank password. Yay!

 

[stash]

Yeah, XP by default will only allow a local acocunt with a blank password to log on locally. This is a Good Thing from a security standpoint. A local account with a blank password will be denied the access this computer from the network right, unless you change the policy. Which sounds like what you did.