Require login for shared folders over network?

[8thNote]

I have three computers at home. My main desktop computer is running Windows XP Professional while the other two computers are on XP Home.

I would like to setup folders on my desktop computer that can be access by anyone, and others that require logins with passwords. I got close to this once, but I can't figure out what I did, and it's not working anymore.

I'll put this in examples.

"Folder 1" is to be shared with anybody on the network.
"Folder 2" is read-only to some, but full-access to others according to login name.

How can I do this? Please help. I've been looking all over to figure this out.

Thanks!

 

[MustISO]

I'm not very familiar with XP but in Win2k you right-click the folder and select properties. From there you can select sharing options or click on the security tab to set permissions.

 

[8thNote]

No offense, but that's the kind of reply I DON'T want. I KNOW I can access the permissions and stuff and how to get there, but I need to know WHAT to set to do what I want.

I can now get it to ask for username and password when I attempt to access the desktop from a different computer, but it doesn't accept any username or password I enter. Even the one I setup on the desktop specifically for network access.

 

[Matthias99]

I've never had a problem setting it up -- it's like he said. Under "Properties" for the shared folder, you can go into the "Sharing" tab and set access rights and passwords. IIRC, you only provide a password -- the username should be left blank when trying to log in (although maybe that was in Win98, but I though it was the same in XP). I don't think you can do read/write access by login, but you can provide a read-only and read-write password.

To do anything much more complex, you really want an FTP server. It offers much more flexibility.

 

[8thNote]

Ah-ha! I figured it out! But I'm not entirely sure what I did. I can try to post it here, if anyone wants to know.

 

[Monoman]

sure, post it

 

[bobcpg]

Originally posted by: 8thNote
Ah-ha! I figured it out! But I'm not entirely sure what I did. I can try to post it here, if anyone wants to know.

yes please

 

[bobcpg]

 

[blcjr]

If this is overly pedantic, forgive me, but there does seem to be some interest in learning more about this subject.

The first thing to understand is the difference between "sharing permissions" and "ntfs permissions." Assuming a win2k/xp pro hard drive formatted NTFS, there will be two tabs in the folder properties dialog: sharing and security. The "security" tab accesses the ntfs permissions. Sharing permissions only secure the folder from the standpoint of remote access, e.g. from another computer. If the underlying ntfs permissions are more permissive, there is nothing stopping anyone from logging on to the machine locally and accessing resources you thought you had locked down! This is because ntfs permissions always override sharing permissions. Because of this, the general recommendation is to ignore share permissions, and set the folder's ntfs permissions for the level of access and security that you want.

Now let's put this to use with the original question:

I'll put this in examples.

"Folder 1" is to be shared with anybody on the network.
"Folder 2" is read-only to some, but full-access to others according to login name.

Here is how to do it, step by step.

1. Share the folders; ignore the permissions tab on the share tab.
2. Create two groups (assuming a workgroup here, and not a domain, use the computer management console to add the groups...if not clear how to do this, ask). Let's name them Group1 and Group2. Add to Group1 the users who should only have read-only access to the folder, and add to Group2 the users who should have full-access to the folder.
3. Right click Folder 2, select the security tab, remove the Everyone group, and add the two groups you just created. You should also add the administrators group. The permissions should default to read only, so leave them that way for Group1. I don't recommend "full-access" for Group2; give them the "modify" permission, which is one step below "Full Control". Give the administrators group "Full Control." (With the modify permssion, users will be able to do everything except take ownership or reset permissions; if you give non-administrators "Full Control" they can dink around with permissions and lock other users out. Ordinary, non-administrative, users should never be given "Full Control."

That should do it. Notice that we did nothing with Folder 1. The default share and ntfs permissions give everybody full control. Personally, I would never do that, but that is the way the scenario was originally proposed. I would at least knock the ntfs permission level on Folder 1 down to "Modify" (from "Full Control"). And in a domain environment I would remove the Everyone group and replace it with "Authenticated Users."

Hope this helps, and is not to over the top.

 

[Mitzi]

I wasn't aware of the difference between security permissions and sharing permissions. Thanks for the excellent rundown blcjr

:beer:

 

[bobcpg]

Is there a way i can create a user, for said file permissions, but have it not show up in the login screen?