How to share a folder with only 1 user on the network?

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
Our computers are connected through a Workgroup

I want to share a folder with only my manager so me and her can collaborate

now when I right clicked on the folder, when to share, by default it had Administrator (my local account on my computer)/read-write and that's it

so I tried to add her username to also give her read write permissions but it said user not found

what is the correct way to add her computer/user name which is on the network to grant her access?
 

pandemonium

Golden Member
Mar 17, 2011
1,777
76
91
You'll need to create her a username/password and set read/write permissions for that folder. It doesn't have to be her username/password that she uses on her workstation; just one that she'll remember.

Here's a good run-down of options if you're looking to go down the rabbit-hole some more. Your choice will depend on your version of Windows:
1. "Synchronising" user accounts (worst option).
If you create local user accounts on the workgroup server with the same username and password as the domain user accounts that you want to grant access, you can add these local accounts to the share and NTFS permissions and it will allow the domain users to seamlessly connect to the share.
The obvious headache with this approach is administration, since whenever the domain user changes their account, it will no longer be in sync with the local account on the workgroup server and access will be denied. Therefore, I wouldn't recommend this approach.
2. Use "Credential Manager" to store credentials for the workgroup host (only recommended for very small numbers of users).
Credential Manager only exists on Windows Vista and later, so if your clients are Windows XP then forget about this option and skip to the next.
Credential Manager can be found in the Control Panel and allows you to enter Windows credentials which are stored securely. Whenever the user accesses the workgroup host, their client will use the saved credentials you entered instead of the domain credentials.
The positive aspect of this approach is that it alleviates the password changing issue. However, there are still too many negatives, such as having to enter the credentials manually for each user per computer, which isn't practical if you've got more than a couple of users requiring access.
3. Use a mapped drive via a logon script (still not a preferred option).
You can use a logon script to map a drive to the workgroup server, using the /user switch. For example:
net use G: \\workgroupServer\share /user:workgroupServer\user passwordThe upside to this approach is that you're finally using a centrally managed solution. The downsides are that the password is completely unsecure, and unless you plan to put in a bit of fancy DOS scripting, everyone's going to use that one account to map with, meaning the same access for all. Still, it's potentially better than the other two previous approaches.
4. Group policy user logon script (a better option).
Mostly the same as the above, though it offers one advantage in that it's easier to target different groups of people if you're not comfortable with scripting that kind of logic.
5. Use Group Policy Preferences (preferred option).
This option is only available natively with Windows 7. If you want to use policy preferences with Windows XP or Vista, you'll need to look at downloading the GPP extensions for those operating systems from here. For Windows XP you'll also need to have deployed Service Pack 2 (though SP3 is highly recommended owing to some issues with SP2) and for Vista, Service Pack 1.
You will also need access to a Vista with SP1 or Server 2008 machine from where you can run the Group Policy Management Console (part of the RSAT tools for Vista, or the Features section of Server Manager for Server 2008) in order to define group policy preferences.
Assuming you meet these requirements, you can deploy a mapped drive quite easily to specific people (or groups of people). It also makes it a little harder for curious people to obtain the password for the account you're using.
So, as you can see, there's a lot of alternative options for solving your problem - some good, some not so good. Hopefully this helps you decide on an approach.
Cheers,
Lain
 

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
hmm, this is new to me,

so what I get from teh above is that I need to create a username/pass for her in the credentials manager? (I am running Windows 8 Pro)

I hope that I won't see that account when I login but just for this sharing purpose right?

where do I find this exactly?

your help is highly appreciated man
 

pandemonium

Golden Member
Mar 17, 2011
1,777
76
91
Hopefully this will work for you. I tested it here, but I'm at work with a different level of operation, so I'm muddling through some of the steps assuming they'll be correct for your network security privileges:


On your machine:
  • Go to Control Panel > User Accounts. Click Give other users access to this computer.
  • Add... Her username with WORKGROUP as the domain. You may want to setup a password for her to use or have her use her password (have her type it herself). Whichever she/you are comfortable with/prefer.
  • Group Membership can be Other: Guests. Apply. Reboot if prompted.
  • Locate the folder where you'll be sharing files with her. Right click, Share with...specific people.
  • Click Locations and select your local computer name (should be at the top).
  • Locate Guests and click Ok.
  • Set Permission Level to whichever is appropriate (Read if she's only going to see what you put there, Read/Write if you want her to have permissions to modify and put files in there).
  • Click Share.
  • You'll get a confirmation window with \\computername\folder\...
  • On her PC, type that exact path into an explorer window and it should work.
I hope that'll set you up. Like I said, I'm hoping this will be correct and it'll prompt her for her password when she attempts to access the folder. It may not since she's already logged in on her workstation. Just make sure that folder is not accessible by another random workstation and you're set!

Sorry I couldn't be more confident here, but it's been a while. >.>

If someone else is more acquainted with this, by all means correct me here.
 

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
  • Go to Control Panel > User Accounts. Click Give other users access to this computer.

I stopped here at the first step, I cannot find this "Give other users access to this computer" in Control Panel > User Accounts

I'm using Windows 7 Professional x64 FTW

Please help me I'm a n00bie
 

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81

lemme read this :)

Edit: from what the guide explains is that the user I want to share with must have a user account on my computer, hmmm so there is no way I can create like a hidden account for them it must be an active account

Edit 2: I was able to share the folder only with my manager by creating her a local account on my computer :) I wish there was a way to give her access without giving her an account on my computer but oh well, at least she can read/write to that folder now
 
Last edited by a moderator:

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
lemme read this :)

Edit: from what the guide explains is that the user I want to share with must have a user account on my computer, hmmm so there is no way I can create like a hidden account for them it must be an active account

Edit 2: I was able to share the folder only with my manager by creating her a local account on my computer :) I wish there was a way to give her access without giving her an account on my computer but oh well, at least she can read/write to that folder now

How is your computer supposed to differentiate between you, her and everyone else without separate, local accounts?
 

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
How is your computer supposed to differentiate between you, her and everyone else without separate, local accounts?

I don't know I thought you could create basically some sort of permission to an inactive account that would allow her to access that folder without her actually having a real account.
guess that's not possible, oh well, im happy i got it to work at least

thank u all
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I don't know I thought you could create basically some sort of permission to an inactive account that would allow her to access that folder without her actually having a real account.
guess that's not possible, oh well, im happy i got it to work at least

thank u all

Not in Windows because the CIFS server is so ingrained within the OS. If you created a disabled account she still couldn't connect because the account would be disabled. If you're worried about her getting via RDP you can restrict that, but you still need a full blown Windows account. On other OSes using things like Samba for CIFS sharing you have more flexibility, but if you want to use filesystem permissions to restrict/grant access you'll still need an OS level account or group.
 

drebo

Diamond Member
Feb 24, 2006
7,034
1
81
And this is why centralized authentication is so important/useful for businesses.
 

SecurityTheatre

Senior member
Aug 14, 2011
672
0
0
I don't know I thought you could create basically some sort of permission to an inactive account that would allow her to access that folder without her actually having a real account.
guess that's not possible, oh well, im happy i got it to work at least

thank u all

This is one of the many things that Active Directory Domain authentication gives you.

But it's certainly not worth setting it up just for you and her to share documents. :)
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
This is one of the many things that Active Directory Domain authentication gives you.

But it's certainly not worth setting it up just for you and her to share documents. :)

She would still have a real, active account with AD it just wouldn't be on his local PC.
 

SecurityTheatre

Senior member
Aug 14, 2011
672
0
0
She would still have a real, active account with AD it just wouldn't be on his local PC.

Fair enough, but you can enable file sharing, while disabling local login.

That's useful for the case of wanting to share a few files, but not allowing the person to get on your PC and mess with it.

This is not something you can do with local accounts, but it is something you can do with AD accounts and I guess that was the thrust of the question.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
SecurityTheatre said:
Fair enough, but you can enable file sharing, while disabling local login.

That's useful for the case of wanting to share a few files, but not allowing the person to get on your PC and mess with it.

This is not something you can do with local accounts, but it is something you can do with AD accounts and I guess that was the thrust of the question.

You should be able to restrict local logon rights with the local security policy. It's a little more work, but achieves the same goal without setting up AD.

I create the same username password on all computers and then use
\\machinename\C$

In order to get to the default admin shares the account has to be a local admin on the sharing machine so that's not a very good solution for someone who wants a restricted account.