Jump to content



Photo

Windows 7 share permissions


  • Please log in to reply
17 replies to this topic

#1 canuckerfan

canuckerfan

    Neowinian

  • Joined: 11-June 02

Posted 27 August 2013 - 21:58

I've been searching around google for a while and can't seem to figure this one out.

 

My current setup has the main desktop PC which shares all the music, movies and photos. All the other machines connect to the desktop PC to access these files. As of now, all users over the network have read access. However, I want to give one user, and this one user only, write access to a particular shared drive. How do I go about doing this?

 

Sharing files otherwise works fine amongst all the machines. And the desktop PC is running Windows 7. The network is a workgroup.

 

Edit: Just to clarify, the user I want to give write permissions to is accessing the drive over the network - not locally.




#2 manroweb

manroweb

    Lover of all things tech

  • Tech Issues Solved: 1
  • Joined: 07-April 02
  • Location: Swindon UK

Posted 27 August 2013 - 22:01

setting-permissions500x368.jpg

 

From here you can allow write access to one user



#3 Mando

Mando

    Neowinian Senior

  • Joined: 05-April 02
  • Location: Scotland, Dundee
  • OS: Win 7 Ultimate x64/Pro x64/Home prem x64
  • Phone: Samsung Note ICS

Posted 27 August 2013 - 22:05

As with previous windows versions, ensure that the "account" is identical on both PCs.

 

Lets say for sake of argument that the "share" in on Main-Desk and Main-desk\Mark has full R/W to the shared folder.

 

e.g. Main-Desk\Mark

pwd= password

 

Marks-laptop\Mark

pwd= password

 

you can then add Mark (with pwd= password) to the ACL and it will allow laptop mark to R/W on "desktop Marks" profile using the user prompt that opens in the share, due to the passwords being the same it will allow remote connectivity using the "alternate" login. (actually using main-desktop\Mark via laptop "mark")

 

Job done.



#4 Aergan

Aergan

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 24-September 05
  • Location: Staffordshire, UK
  • OS: Windows 8.1 Pro / Server 2012 R2 / Mint 16
  • Phone: Sony Xperia Z1

Posted 27 August 2013 - 22:08

You're likely using Guest / Public access. You would need to either look into

 

Homegroup

  1. http://windows.micro...b1&v2h=win7tab1

 

Traditional user share

  1. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
  2. Create a user account on host PC e.g. HOSTPCNAME\UserWhoWrites
  3. Give user permissions at NTFS level to directory to modify or full access
  4. Set share permissions to Users -> Full control
  5. On the client PC, add the credentials to the credential manager for your host PC: HOSTPCNAME\UserWhoWrites
  6. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
  7. Reboot both


#5 OP canuckerfan

canuckerfan

    Neowinian

  • Joined: 11-June 02

Posted 27 August 2013 - 23:06


you can then add Mark (with pwd= password) to the ACL and it will allow laptop mark to R/W on "desktop Marks" profile using the user prompt that opens in the share, due to the passwords being the same it will allow remote connectivity using the "alternate" login. (actually using main-desktop\Mark via laptop "mark")

Both machines have an account with the same username and password. But what do you mean by "ACL"?

 

 

 

You're likely using Guest / Public access. You would need to either look into

 

Homegroup

  1. http://windows.micro...b1&v2h=win7tab1

 

Traditional user share

  1. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
  2. Create a user account on host PC e.g. HOSTPCNAME\UserWhoWrites
  3. Give user permissions at NTFS level to directory to modify or full access
  4. Set share permissions to Users -> Full control
  5. On the client PC, add the credentials to the credential manager for your host PC: HOSTPCNAME\UserWhoWrites
  6. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
  7. Reboot both

 

Window user accounts are used for network sharing ("Use user accounts and passwords to connect to other computers"). I've tried adding the Windows Credentials this way and it doesn't seem to work:

 

Server: 192.168.1.100 (local IP of desktop PC)

User: Navin

Password: *** (this is the account password which is also the same as the account on the desktop PC)

 

 

This is the share and security settings for the drive:

 

security.png

 

 

share.png



#6 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 74
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 28 August 2013 - 20:14

Well seems you have multiple groups on your ntfs, and you have share permissions with everyone - what are those set too.. If read does not matter what ntfs you set, most restrictive wins between share and ntfs.

Normally you only have share everyone set to full, and control your actual access with ntfs.

If you have a user that is member of multiple groups you can run into conflicting permissions.

I would clean up your ntfs permissions to say system and admins, keep in might that you can run into UAC issues across the network and admin membership.

You need to fix up your ntfs and share permissions so that his account has write. While not giving anyone in ntfs write, etc.

#7 OP canuckerfan

canuckerfan

    Neowinian

  • Joined: 11-June 02

Posted 28 August 2013 - 20:43

Well seems you have multiple groups on your ntfs, and you have share permissions with everyone - what are those set too.. If read does not matter what ntfs you set, most restrictive wins between share and ntfs.

Normally you only have share everyone set to full, and control your actual access with ntfs.

If you have a user that is member of multiple groups you can run into conflicting permissions.

I would clean up your ntfs permissions to say system and admins, keep in might that you can run into UAC issues across the network and admin membership.

You need to fix up your ntfs and share permissions so that his account has write. While not giving anyone in ntfs write, etc.

I only added Everyone - which has read only permission and Navin, who has full control. All the other entries were there by default.

 

Both machines have the same account and same password but I'm not able to give only him write permissions.



#8 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 74
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 28 August 2013 - 20:47

And what is the permissions on the everyone in your share permissions? If READ, then yeah he would never be able to write anything no matter what the ntfs permissions are.

And yeah the ntfs permissions would be inherited - so? Alter them.

#9 OP canuckerfan

canuckerfan

    Neowinian

  • Joined: 11-June 02

Posted 28 August 2013 - 21:01

And what is the permissions on the everyone in your share permissions? If READ, then yeah he would never be able to write anything no matter what the ntfs permissions are.

And yeah the ntfs permissions would be inherited - so? Alter them.

I think I see what you mean. Because Navin falls in the Everyone group, the Everyone permission will conflict with whatever permission I give to him specifically, correct?



#10 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 74
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 28 August 2013 - 21:13

Everyone falls into Everyone Group ;) So yeah if that is set to READ that that would be more restrictive than whatever specific permissions his account was given.

Normally you just leave everyone as full control in the share permissions, and control your access via NTFS permissions. Share permissions really only need to be adjusted in really odd situations.

Only thing in share should be everyone with full.. Then adjust your NTFS permissions how you see fit.

#11 OP canuckerfan

canuckerfan

    Neowinian

  • Joined: 11-June 02

Posted 28 August 2013 - 21:31

Everyone falls into Everyone Group ;) So yeah if that is set to READ that that would be more restrictive than whatever specific permissions his account was given.

Normally you just leave everyone as full control in the share permissions, and control your access via NTFS permissions. Share permissions really only need to be adjusted in really odd situations.

Only thing in share should be everyone with full.. Then adjust your NTFS permissions how you see fit.

Ok the only thing in Share is Everyone with full. Then under Security I have the Adminstrator group, which includes Navin, and they have full control. However, he's still not able to write over the network to the drive. Actually, he can't even read now. I wonder if there's another conflict with any other groups. Here's the Admin settings:

 

security.png



#12 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 74
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 28 August 2013 - 21:38

Look in advanced with effective permissions. Your going to have issues with Admin groups across the network because of UAC.. Give him permissions directly on the NTFS.

you also need to make sure you AUTH as him.. if you have it open to guests, etc. Then you might be authing as that. And you can only be authed to a machine with 1 account at a time.

If you auth as guest, makes not matter if your account has permissions, etc.

#13 Mando

Mando

    Neowinian Senior

  • Joined: 05-April 02
  • Location: Scotland, Dundee
  • OS: Win 7 Ultimate x64/Pro x64/Home prem x64
  • Phone: Samsung Note ICS

Posted 28 August 2013 - 21:43

canuckerfan, on 28 Aug 2013 - 00:06, said:

Both machines have an account with the same username and password. But what do you mean by "ACL"?

 

 

Window user accounts are used for network sharing ("Use user accounts and passwords to connect to other computers"). I've tried adding the Windows Credentials this way and it doesn't seem to work:

 

Server: 192.168.1.100 (local IP of desktop PC)

User: Navin

Password: *** (this is the account password which is also the same as the account on the desktop PC)

 

 

This is the share and security settings for the drive:

 

security.png

 

 

share.png

 

ACL= Access Control List, sorry spend too much time Adminning Domino :) The above screeny is showing Photos Access Properties, the "list" s showing your Access Control List aka your ACL.



#14 OP canuckerfan

canuckerfan

    Neowinian

  • Joined: 11-June 02

Posted 28 August 2013 - 22:05

Look in advanced with effective permissions. Your going to have issues with Admin groups across the network because of UAC.. Give him permissions directly on the NTFS.

you also need to make sure you AUTH as him.. if you have it open to guests, etc. Then you might be authing as that. And you can only be authed to a machine with 1 account at a time.

If you auth as guest, makes not matter if your account has permissions, etc.

Hmm... it looks like he has full control in Effective Permissions:

 

security.png

 

I think he may be authorizing as guest. Here is the active session for the machine I'm trying to access/write from (NETBOOK):

 

security.png



#15 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 74
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 29 August 2013 - 00:40

Yup like I said if you auth as guest your only going to be able to read.

So auth via command line, or with the map drive option where you can put in an account.

Or easier way is to just create a different share you hit vs the public share that has guest.. So create a share that only he has permission too and just map it to the same dir, then hit that share directly and you should get prompted since guest does not have permission.

\\computername\writesharename



Click here to login or here to register to remove this ad, it's free!