canuckerfan Posted August 27, 2013 Share Posted August 27, 2013 I've been searching around google for a while and can't seem to figure this one out. My current setup has the main desktop PC which shares all the music, movies and photos. All the other machines connect to the desktop PC to access these files. As of now, all users over the network have read access. However, I want to give one user, and this one user only, write access to a particular shared drive. How do I go about doing this? Sharing files otherwise works fine amongst all the machines. And the desktop PC is running Windows 7. The network is a workgroup. Edit: Just to clarify, the user I want to give write permissions to is accessing the drive over the network - not locally. Link to comment Share on other sites More sharing options...
manroweb Posted August 27, 2013 Share Posted August 27, 2013 From here you can allow write access to one user Link to comment Share on other sites More sharing options...
Mando Posted August 27, 2013 Share Posted August 27, 2013 As with previous windows versions, ensure that the "account" is identical on both PCs. Lets say for sake of argument that the "share" in on Main-Desk and Main-desk\Mark has full R/W to the shared folder. e.g. Main-Desk\Mark pwd= password Marks-laptop\Mark pwd= password you can then add Mark (with pwd= password) to the ACL and it will allow laptop mark to R/W on "desktop Marks" profile using the user prompt that opens in the share, due to the passwords being the same it will allow remote connectivity using the "alternate" login. (actually using main-desktop\Mark via laptop "mark") Job done. Link to comment Share on other sites More sharing options...
Aergan Posted August 27, 2013 Share Posted August 27, 2013 You're likely using Guest / Public access. You would need to either look into Homegroup http://windows.microsoft.com/en-us/windows/homegroup-help#homegroup-start-to-finish=windows-7&v1h=win8tab1&v2h=win7tab1 Traditional user share Change Network sharing to "Use windows user accounts" rather than 'let windows handle it' Create a user account on host PC e.g. HOSTPCNAME\UserWhoWrites Give user permissions at NTFS level to directory to modify or full access Set share permissions to Users -> Full control On the client PC, add the credentials to the credential manager for your host PC: HOSTPCNAME\UserWhoWrites Change Network sharing to "Use windows user accounts" rather than 'let windows handle it' Reboot both Link to comment Share on other sites More sharing options...
canuckerfan Posted August 27, 2013 Author Share Posted August 27, 2013 you can then add Mark (with pwd= password) to the ACL and it will allow laptop mark to R/W on "desktop Marks" profile using the user prompt that opens in the share, due to the passwords being the same it will allow remote connectivity using the "alternate" login. (actually using main-desktop\Mark via laptop "mark") Both machines have an account with the same username and password. But what do you mean by "ACL"? You're likely using Guest / Public access. You would need to either look into Homegroup http://windows.microsoft.com/en-us/windows/homegroup-help#homegroup-start-to-finish=windows-7&v1h=win8tab1&v2h=win7tab1 Traditional user share Change Network sharing to "Use windows user accounts" rather than 'let windows handle it' Create a user account on host PC e.g. HOSTPCNAME\UserWhoWrites Give user permissions at NTFS level to directory to modify or full access Set share permissions to Users -> Full control On the client PC, add the credentials to the credential manager for your host PC: HOSTPCNAME\UserWhoWrites Change Network sharing to "Use windows user accounts" rather than 'let windows handle it' Reboot both Window user accounts are used for network sharing ("Use user accounts and passwords to connect to other computers"). I've tried adding the Windows Credentials this way and it doesn't seem to work: Server: 192.168.1.100 (local IP of desktop PC) User: Navin Password: *** (this is the account password which is also the same as the account on the desktop PC) This is the share and security settings for the drive: Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 28, 2013 MVC Share Posted August 28, 2013 Well seems you have multiple groups on your ntfs, and you have share permissions with everyone - what are those set too.. If read does not matter what ntfs you set, most restrictive wins between share and ntfs. Normally you only have share everyone set to full, and control your actual access with ntfs. If you have a user that is member of multiple groups you can run into conflicting permissions. I would clean up your ntfs permissions to say system and admins, keep in might that you can run into UAC issues across the network and admin membership. You need to fix up your ntfs and share permissions so that his account has write. While not giving anyone in ntfs write, etc. Link to comment Share on other sites More sharing options...
canuckerfan Posted August 28, 2013 Author Share Posted August 28, 2013 Well seems you have multiple groups on your ntfs, and you have share permissions with everyone - what are those set too.. If read does not matter what ntfs you set, most restrictive wins between share and ntfs. Normally you only have share everyone set to full, and control your actual access with ntfs. If you have a user that is member of multiple groups you can run into conflicting permissions. I would clean up your ntfs permissions to say system and admins, keep in might that you can run into UAC issues across the network and admin membership. You need to fix up your ntfs and share permissions so that his account has write. While not giving anyone in ntfs write, etc. I only added Everyone - which has read only permission and Navin, who has full control. All the other entries were there by default. Both machines have the same account and same password but I'm not able to give only him write permissions. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 28, 2013 MVC Share Posted August 28, 2013 And what is the permissions on the everyone in your share permissions? If READ, then yeah he would never be able to write anything no matter what the ntfs permissions are. And yeah the ntfs permissions would be inherited - so? Alter them. Link to comment Share on other sites More sharing options...
canuckerfan Posted August 28, 2013 Author Share Posted August 28, 2013 And what is the permissions on the everyone in your share permissions? If READ, then yeah he would never be able to write anything no matter what the ntfs permissions are. And yeah the ntfs permissions would be inherited - so? Alter them. I think I see what you mean. Because Navin falls in the Everyone group, the Everyone permission will conflict with whatever permission I give to him specifically, correct? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 28, 2013 MVC Share Posted August 28, 2013 Everyone falls into Everyone Group ;) So yeah if that is set to READ that that would be more restrictive than whatever specific permissions his account was given. Normally you just leave everyone as full control in the share permissions, and control your access via NTFS permissions. Share permissions really only need to be adjusted in really odd situations. Only thing in share should be everyone with full.. Then adjust your NTFS permissions how you see fit. Link to comment Share on other sites More sharing options...
canuckerfan Posted August 28, 2013 Author Share Posted August 28, 2013 Everyone falls into Everyone Group ;) So yeah if that is set to READ that that would be more restrictive than whatever specific permissions his account was given. Normally you just leave everyone as full control in the share permissions, and control your access via NTFS permissions. Share permissions really only need to be adjusted in really odd situations. Only thing in share should be everyone with full.. Then adjust your NTFS permissions how you see fit. Ok the only thing in Share is Everyone with full. Then under Security I have the Adminstrator group, which includes Navin, and they have full control. However, he's still not able to write over the network to the drive. Actually, he can't even read now. I wonder if there's another conflict with any other groups. Here's the Admin settings: Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 28, 2013 MVC Share Posted August 28, 2013 Look in advanced with effective permissions. Your going to have issues with Admin groups across the network because of UAC.. Give him permissions directly on the NTFS. you also need to make sure you AUTH as him.. if you have it open to guests, etc. Then you might be authing as that. And you can only be authed to a machine with 1 account at a time. If you auth as guest, makes not matter if your account has permissions, etc. Link to comment Share on other sites More sharing options...
Mando Posted August 28, 2013 Share Posted August 28, 2013 canuckerfan, on 28 Aug 2013 - 00:06, said: Both machines have an account with the same username and password. But what do you mean by "ACL"? Window user accounts are used for network sharing ("Use user accounts and passwords to connect to other computers"). I've tried adding the Windows Credentials this way and it doesn't seem to work: Server: 192.168.1.100 (local IP of desktop PC) User: Navin Password: *** (this is the account password which is also the same as the account on the desktop PC) This is the share and security settings for the drive: ACL= Access Control List, sorry spend too much time Adminning Domino :) The above screeny is showing Photos Access Properties, the "list" s showing your Access Control List aka your ACL. Link to comment Share on other sites More sharing options...
canuckerfan Posted August 28, 2013 Author Share Posted August 28, 2013 Look in advanced with effective permissions. Your going to have issues with Admin groups across the network because of UAC.. Give him permissions directly on the NTFS. you also need to make sure you AUTH as him.. if you have it open to guests, etc. Then you might be authing as that. And you can only be authed to a machine with 1 account at a time. If you auth as guest, makes not matter if your account has permissions, etc. Hmm... it looks like he has full control in Effective Permissions: I think he may be authorizing as guest. Here is the active session for the machine I'm trying to access/write from (NETBOOK): Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 29, 2013 MVC Share Posted August 29, 2013 Yup like I said if you auth as guest your only going to be able to read. So auth via command line, or with the map drive option where you can put in an account. Or easier way is to just create a different share you hit vs the public share that has guest.. So create a share that only he has permission too and just map it to the same dir, then hit that share directly and you should get prompted since guest does not have permission. \\computername\writesharename Link to comment Share on other sites More sharing options...
canuckerfan Posted August 29, 2013 Author Share Posted August 29, 2013 Yup like I said if you auth as guest your only going to be able to read. So auth via command line, or with the map drive option where you can put in an account. Or easier way is to just create a different share you hit vs the public share that has guest.. So create a share that only he has permission too and just map it to the same dir, then hit that share directly and you should get prompted since guest does not have permission. \\computername\writesharename Thanks for all your help up to now. This issue has really been bugging me. I modified my batch file for mapping the share: net use Y: /delete /yes net use Y: "\\PC\E - PHOTOS" /p:yes /user:Navin *** :: where *** is the password It maps the drive fine. However, he still can't read or write to it. Edit: The open session is still being detected as Guest: Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 29, 2013 MVC Share Posted August 29, 2013 Did you disconnect the previous session? Link to comment Share on other sites More sharing options...
canuckerfan Posted August 29, 2013 Author Share Posted August 29, 2013 Did you disconnect the previous session? Yes, I rebooted both machines. Link to comment Share on other sites More sharing options...
Recommended Posts