Network Access/Rights

[21Outlaw]

I've tried to figure this thing out for a total of about 20 hours now with no luck. I've used WinXP's Help & Support Center, Support Knowledge Base, Google and everything else I could think of.

What I want to do is very simple. I'm connected to a wireless network as well as 2 other computers in my house that want to access a folder of mine where I store all of my downloads. I would like to give both of them access to this folder with only the necessary permissions to read and open the files, that's it.

I've tried everything from the MMC to the local/group policy settings. Messing with the shared permissions and security permissions. I'm lost here.

I will provide screenshots if needed. If you've got any ideas, let me know. I would like to start from ground zero and go from there, if possible.

Possible pertinent info:
Windows XP Professional SP2 with all the latest updates - fresh install (mostly)
Linksys Wireless Router, Linksys Wireless USB Antenna
Windows Firewall on
Norton AV 2005
Used this code - secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose to restore some security settings
The file system on my computer and his are both NTFS.
I have simple file sharing turned OFF.

Thanks!

 

[Fardringle]

I'm not going to list step-by-step instructions for each of these items at first since the post would just be too long, but these are the primary things you need to have set up in order to share the folder:

1) All computers on the same Windows workgroup and same IP subnet with no routers or hardware firewalls between the computers. (i.e. the other computers have to be plugged in to a LAN port on your wireless router or connected to it wirelessly, and not on another router/switch that your router is plugged in to through its own WAN port.)

2) Windows XP firewall turned off on your PC. (Do this at first and you can try to create a trusted zone in the firewall for the other computers after you get the sharing working properly.)

3) Since you are using NTFS permissions and not simple file sharing, you will need user accounts on your PC matching the user names and passwords that you log in with on the other computers. (You can have them not match, but you'll have to 'log in' every time you connect if you do it this way.)

4) Folder on your computer shared on the network with Read permissions assigned to the user account(s) for the users on the other computers.


edit: The exact error message you get when you try to connect to the share from another computer would also be helpful in determining the cause of the problem if these steps do not allow you to get connected.

 

[21Outlaw]

1) All computers on the same Windows workgroup and same IP subnet with no routers or hardware firewalls between the computers. (i.e. the other computers have to be plugged in to a LAN port on your wireless router or connected to it wirelessly, and not on another router/switch that your router is plugged in to through its own WAN port.)

All members of workgroup "WORKGROUP". We're all wirelessly connected to the same Linksys Wireless router and have IP ranges from 192.128.1.2 - 192.168.1.5.

2) Windows XP firewall turned off on your PC. (Do this at first and you can try to create a trusted zone in the firewall for the other computers after you get the sharing working properly.)

Done.

3) Since you are using NTFS permissions and not simple file sharing, you will need user accounts on your PC matching the user names and passwords that you log in with on the other computers. (You can have them not match, but you'll have to 'log in' every time you
connect if you do it this way.)

Addressing this... couldn't I "Map Network Drive" in My Computer, and "Reconnect at logon." Wouldn't this hold my user name/pass allowing me to access it every time one of those computers needed to access my shared folder? It seems to have worked when I tested this out earlier this evening.

4) Folder on your computer shared on the network with Read permissions assigned to the user account(s) for the users on the other computers.

Here's where I run into problems at... I can't for the life of me figure out how to add a "user" from another computer onto that list. It won't let me navigate outside of my own computer to search for Users, Groups, or Built-in security principals. If I could get this fixed, I could get everything else like I want it to.

edit: The exact error message you get when you try to connect to the share from another computer would also be helpful in determining the cause of the problem if these steps do not allow you to get connected.

Well, well... After those many hours I came across MANY error messages. The ones I hated seeing most were:
Logon failure: The user has not been granted the requested logon type at this computer.
\\sharename is not accessible. You might not have permission to use this network resource. Logon failure. The user has not been granted the requested logon type at this computer.

 

[Fardringle]

quote:

--------------------------------------------------------------------------------
3) Since you are using NTFS permissions and not simple file sharing, you will need user accounts on your PC matching the user names and passwords that you log in with on the other computers. (You can have them not match, but you'll have to 'log in' every time you
connect if you do it this way.)
--------------------------------------------------------------------------------


Addressing this... couldn't I "Map Network Drive" in My Computer, and "Reconnect at logon." Wouldn't this hold my user name/pass allowing me to access it every time one of those computers needed to access my shared folder? It seems to have worked when I tested this out earlier this evening.

Theoretically, yes, you could. But this would just be an automated way to do the "log in every time" procedure that I mentioned, and you will have to use the "Connect using a different user name" option and supply a valid user name and password for an account on your PC (the one sharing the folder) that has permission to access the folder. It can work that way, but it works better to have the user name and password on the remote machines match a local account on the PC sharing the resources.

quote:

--------------------------------------------------------------------------------
4) Folder on your computer shared on the network with Read permissions assigned to the user account(s) for the users on the other computers.
--------------------------------------------------------------------------------


Here's where I run into problems at... I can't for the life of me figure out how to add a "user" from another computer onto that list. It won't let me navigate outside of my own computer to search for Users, Groups, or Built-in security principals. If I could get this fixed, I could get everything else like I want it to.

You don't want to give permissions to the shares on your computer to user accounts on other computers. You can only do that if you are logged in to a domain. What you want to do is CREATE user accounts on your computer for the users on the other computers, and give the rights to those local user accounts. Create the accounts in the Control Panel under User Accounts, then go to the properties of your shared folder, click on the Permissions button, click Add, then add the local accounts and give them the Read permissions.

quote:

--------------------------------------------------------------------------------
edit: The exact error message you get when you try to connect to the share from another computer would also be helpful in determining the cause of the problem if these steps do not allow you to get connected.
--------------------------------------------------------------------------------


Well, well... After those many hours I came across MANY error messages. The ones I hated seeing most were:
Logon failure: The user has not been granted the requested logon type at this computer.
\\sharename is not accessible. You might not have permission to use this network resource. Logon failure. The user has not been granted the requested logon type at this computer.

With what you have said, this error message makes perfect sense. Essentially, it is telling you that the user name the other computers are trying to use to connect to the shared folder on your computer does not exist (or has not been given the correct permissions) on your computer. Create the appropriate accounts in Control Panel>User Accounts with passwords matching the login passwords for the same user name on the other PCs, give them the permissions for the share, then try to connect (or map the drive) again. Or, if you really don't want to create the correct user accounts, make sure that your local user account has permission to access the share, and have the remote computers connect using your user name and password...

 

[JackMDS]

Log to this page it has a lot of links to instructions to Windows Network Settings, and Sharing.

Link to: Windows Network - Installing & Sharing.

 

[Joemonkey]

Originally posted by: Fardringle

quote:

You don't want to give permissions to the shares on your computer to user accounts on other computers. You can only do that if you are logged in to a domain. What you want to do is CREATE user accounts on your computer for the users on the other computers, and give the rights to those local user accounts. Create the accounts in the Control Panel under User Accounts, then go to the properties of your shared folder, click on the Permissions button, click Add, then add the local accounts and give them the Read permissions.

...

Create the appropriate accounts in Control Panel>User Accounts with passwords matching the login passwords for the same user name on the other PCs, give them the permissions for the share, then try to connect (or map the drive) again. Or, if you really don't want to create the correct user accounts, make sure that your local user account has permission to access the share, and have the remote computers connect using your user name and password...

This is the hardest thing to get people to realize when trying to share things and not on a domain, and why simple file sharing is a great idea!

 

[21Outlaw]

Well seems like I can get it covered whenever I go home and take my lunch break here in a few minutes.

That's what my problem was it seems. I didn't want to create any other user accounts other than my admin/guest account on my machine. I was using a workgroup and trying to assign permissions to a user account on a different computer. You state that you don't want to do that. I've gotta ask why? Or is it just not possible on a workgroup and only possible on domains, like you mentioned?

Thanks for all your assitance so far Fardringle. I really appreciate it.

JackMDS, thanks for the link. It was very informative. Wonder why I never found that one before!

Joemonkey, yea it was hard for me to realize. It took you all!

 

[21Outlaw]

The error I get now is:

\\Sempron\incoming is not accessible. You might now have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

Access is denied.

Too add more information, the user account I created named "user" doesn't have a password. Therefore, I changed my "Accounts: Limit local account use of blank passwords to console login only" in my Local Security Policy | Security Options to disabled per these instructions: http://www.practicallynetworked.com/sharing/xp_filesharing/03userpasswords.htm

This user account has the share permission of "Read" and that's it.

Any more ideas?

 

[21Outlaw]

Well... I've added a password to the user account...

When going to My Network Places | Sempron (my computer's name)

It asks me for a user name/pass and I put them in and check the Remember password box. I then can go in and navigate around but whenever I go to open a file I get an error saying "Cannot open \\Semprong\folder\folder\filename.rar"

Why would I get this error and how do I fix it?

 

[ktwebb]

check the permissions on the file and make sure your using the proper credentials when trying to access the network resource.

 

[21Outlaw]

I went to the file, right clicked, clicked Properties and clicked on the Security tab. The "user" account wasn't listed and isn't listed on any of the files within this shared folder. I do beleive this is my problem.

I changed the security permissions on all the folders/files within this shared directory and I do beleive this will solve the problem. As soon as I can get to one of the other computers within this network, I'll update this post.

Thanks ktwebb.

 

[21Outlaw]

Thanks all. That got everything working correctly.

 

[Fardringle]

Glad to hear it is working properly now!


To answer one of your previous questions:

That's what my problem was it seems. I didn't want to create any other user accounts other than my admin/guest account on my machine. I was using a workgroup and trying to assign permissions to a user account on a different computer. You state that you don't want to do that. I've gotta ask why? Or is it just not possible on a workgroup and only possible on domains, like you mentioned?

That's exactly right. You cannot access the security information/accounts on other computers on a workgroup (without special tools that most people will never use), so there is no way to give permissions for those remote accounts to access local resources. The only security information a computer on a workgroup knows about is the security and accounts set up on the computer itself.

If you were working on a domain, you would give the permissions to accounts on the domain controller so that when someone is logged in to the domain with the appropriate account, they will have permission to see your shared files/printers.