Local Account vs Microsoft Account and Shares in Workgroup

By xendrome
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

xendrome

Posted
Posted

So just some discussion on this, and no lets not get into "HomeGroup" discussion. I want permission level controls over shares/files.

Windows 7 workstation, and Windows 7 "server" for files shares. And setup with a identical username/password on both. Browsing to the server from the workstation, no problems. You just right click the share, and map the drive since the log on credentials are the same.

Now if I install Windows 8 on the workstation, and sign in to a Microsoft Account instead of local (because I think that is required to use the store) how is that going to interact with the Windows 7 "server"?

My obvious thought is, it isn't going to authenticate and either fail with an error or ask for credentials. Obviously I can map the drive with alternate credentials. But this is kind of goofy to have to fight with something to simple.

The best solution would be to allow "local" accounts to also "link" a Microsoft Account to the local login, but I don't think that is possible.

Thoughts guys?

Experienced

libertas83

Posted
Posted

There are a couple ways that you may be able to do it. Not sure if any of this is changed or easier in Windows 8.

1.) You should be able to add a Windows Credential to your account. Search for Credential in the Control Panel. They may have revamped it a bit in Windows 8 though. If it is still there, all of your online accounts and windows accounts can be stored there.

2.) Look into Linked IDs which links an online account, like Microsoft Account, with a local account.

Windows 8 I'm sure uses that Linked IDs concept, but just takes it further to making it default and more useful. It might be better to create the local account first, then add your ID. Try it out when you get it and report back your results.

couldn't you set share permissions with "Everyone"?

He wants to control permissions at the folder/file level not give it to everyone. However, there are actually 2 sets of permissions for shares, shared permissions and NTFS permissions. Whichever has the most restrictions will be used.

NTFS permissions give you the best control over shared permissions. Usually the best way to set the access is to set share permissions to everyone and then use NTFS permissions to lock down access to the groups/users you want.

The main issue here is not how to do the permissions, but how do you link an online acount to a local account which my comments above describe.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"Obviously I can map the drive with alternate credentials. But this is kind of goofy to have to fight with something to simple."

I don't really understand this statement - what do you think your fighting with?

The box doing the shares has permissions set with what it knows its local accounts. To access those you have to auth, where is the fight?

As mentioned you can use alternate creds to auth to that box to access its shares.

I am not seeing the issue?

Veteran

Unrealistic

Posted
Posted

"Obviously I can map the drive with alternate credentials. But this is kind of goofy to have to fight with something to simple."

I don't really understand this statement - what do you think your fighting with?

The box doing the shares has permissions set with what it knows its local accounts. To access those you have to auth, where is the fight?

As mentioned you can use alternate creds to auth to that box to access its shares.

I am not seeing the issue?

The way I am understanding his question is as long as the username/password are the same on machines, you can just browse to them via \\computername. I've always used this trick myself. I think what he's asking is, by using a Microsoft Account, it is no longer going to pass those credentials, as it will now be using a Windows Live ID.

It might be possible to create a local account first with the same username/password and then convert it to a Microsoft Account later. I would have to test this first to confirm though.

Edit - I downgraded my Microsoft Account to a local account and the shares instantly worked, but when I went back to a Microsoft Account, the credentials were invalid. I attempted to restart the machine just to see and Windows did a BSOD. After it came back, the shares continued to not work. The share is actually no longer working, giving me an error that the resource can't be found. I'm sure I broke a registry entry somewhere by downgrading and re-upgrading (maybe a bug?). I'll probably have to delete this account completely and make a new one now.

If anything, you can still use a local account, but just manually login to your Windows ID for the Store, Skydrive, Messenger, etc. The only thing you won't have access to is the synced settings features.

Grand Master

xendrome

Posted
  • Author
Posted

The way I am understanding his question is as long as the username/password are the same on machines, you can just browse to them via \\computername. I've always used this trick myself. I think what he's asking is, by using a Microsoft Account, it is no longer going to pass those credentials, as it will now be using a Windows Live ID.

Exactly...

I'll have to test that also, but I don't think it'll work.

Proficient

Anthonyd

Posted
Posted
My obvious thought is, it isn't going to authenticate and either fail with an error or ask for credentials. Obviously I can map the drive with alternate credentials. But this is kind of goofy to have to fight with something to simple.
What? Everytime you access to a remote network drive, you are using the credential of that remote machine. So just enter your live account when accessing to the Windows 8 machine and it will work like a charm.
Grand Master

xendrome

Posted
  • Author
Posted

What? Everytime you access to a remote network drive, you are using the credential of that remote machine. So just enter your live account when accessing to the Windows 8 machine and it will work like a charm.

Server is Windows 7, it only uses local accounts... Desktop is Windows 8, logged on with a Microsoft account.. Does not compute.

Yes I know I can map the drives with other credentials, but looking to see if I am missing something built in....

It didn't. Read my edit.

Thanks for testing sorry it broke your load... do a system restore?

Proficient

Anthonyd

Posted
Posted
Server is Windows 7, it only uses local accounts... Desktop is Windows 8, logged on with a Microsoft account.. Does not compute.

Yes I know I can map the drives with other credentials, but looking to see if I am missing something built in....

Then log in with your Windows 7 account when accessing to the shared drive.

The built in feature is homegroup that you don't want to use for some random reasons.

/thread.

Veteran

Unrealistic

Posted
Posted

Thanks for testing sorry it broke your load... do a system restore?

I'm still testing in VMware so no biggie. I created a Snapshot before I did it anyway, so I just reverted to that.

Then log in with your Windows 7 account when accessing to the shared drive.

The built in feature is homegroup that you don't want to use for some random reasons.

/thread.

You certainly like to reply a lot even when you don't understand the issue. I create SMB shares on my Apple servers and I also have an Active Directory with shares as well. I just found out that all of those shares don't automatically login either (which is expected since the credentials aren't the same). Yes, you can manually mount them, but that is far from ideal. Homegroup is exactly what it is, a home feature. Now what?

Proficient

Anthonyd

Posted
Posted

You certainly like to reply a lot even when you don't understand the issue. I create SMB shares on my Apple servers and I also have an Active Directory with shares as well. I just found out that all of those shares don't automatically login either (which is expected since the credentials aren't the same). Yes, you can manually mount them, but that is far from ideal. Homegroup is exactly what it is, a home feature. Now what?

He isn't using SMB. You can't compare.
Veteran

Unrealistic

Posted
Posted

He isn't using SMB. You can't compare.

SMB is the backbone of Windows sharing......

If you have AD, just join the win8 client to the domain and use domain creds? (I really don't like the implementation of the Live ID for local login either...)

Well right, but then you can't use the live services sync. I know I'm talking about a different thing, but it's still an issue.

Veteran

Unrealistic

Posted
Posted

Alright, so while I don't like the solution for my personal issue, I think this should solve your issues.

It's very simple and I overlooked it on the first try. Create a Microsoft Account on Win8 and browse to the machine you want to access via \\computername.

Authenticate and check the remember password option. You should be set from then on out.

post-277424-0-29665700-1344710977_thumb.

Grand Master

jakem1

Posted
Posted

Well right, but then you can't use the live services sync. I know I'm talking about a different thing, but it's still an issue.

I agree. It's a small issue but it's still an issue and it would have been nice if MS had given us the option to create local/AD accounts and link them to an MS account for syncing.

Proficient

Anthonyd

Posted
Posted

I agree. It's a small issue but it's still an issue and it would have been nice if MS had given us the option to create local/AD accounts and link them to an MS account for syncing.

You can link your domain account (AD) with an MS account, and you can also block that with a GPO.
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I still don't see what the issue is here?

There is not much difference between you logging in locally with billy and Password1 so it matches up with remote machine billy Password1 and accessing the share, via saving credentials to send billy Password1 when your logged in with [email protected]

Its not like your local account was sync'd in any way to the remote machines shares\account - if you changed the password on your machines local billy account, you would of failed to auth. So either you would have to had changed the account info on the remote machine or saved credentials.

It's not some other account logged into you local machine would have access to shares that billy does.

I don't see anything really different here other than saving credentials once vs them being what you logged in with. The method of access is still the same to the remote share - your authing with billy Password1. Be it thats what you logged in with, or what you saved as auth for that remote machine.

Grand Master

xendrome

Posted
  • Author
Posted

Care to detail it?

Because WHS is a dead product and I don't see how it's related to the discussion :p

WHS 2011 is end of life in 2016, and is still being sold on systems today. So just because MS isn't making a successor to it, doesn't instantly mean it is dead.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • New PowerToys update fixes memory leaks and other issues

      By Dutchie64 · Posted

      Yup, that's a doozy right there 😄
    • New PowerToys update fixes memory leaks and other issues

      By Dutchie64 · Posted

      It's a bundle of tools created by a variety of people, so things can go wrong sometimes. It's a great addition to Windows, and I use a lot of the tools on a daily basis. Also, it's still a 0.**** release so quick updates are to be expected 😉
    • Why Delta Chat is the best decentralized messenger you have probably never tried

      By Nas · Posted

      Oh, I did. And it's even worse than I was hoping! Besides a lot of techno-babble jargon (yes I understand 100% of it but it's still all just techno-babble) there's 2 key points that make me super-weary about even considering testing this out. -- By default, after installation, a relay is automatically set up, so you do not need to care about that. * Non-chatmail apps use email servers as a long-term message archive while chatmail clients use email servers for ephemeral instant message relay. * Supporting the full variety of classic email setups would require considerable development and maintenance efforts, and complicate making chatmail-based messaging more resilient, reliable and fast. -- Basically, the end-user device is the 'server' (relay) so there is NO ARCHIVING whatsoever because every message is necessarily ephemeral. Great for techno-paranoia (and for illicit activities preferring no tracks to cover) but terrible for everybody else. It's also ironically contradictory to engineering principles of redundancies besides the transport layers due to the explicit absence of any persistent storage. Instead of 'classic email address' retaining multi-GB messaging archives on its server, now every device must retain 100% of those storage demands. (Email messages were originally meant to be short correspondences, not the multi-MB attachments boondoggle that now exists with unlimited spam engines flooding every potential recipient.) Any device swap or reset (or loss) makes the entire message history go bye-bye forever... lest there's an off-device auto-archival "relay" mechanism that's really a separate server that holds onto all transported messages (an email server) that utilizes 'chatmail email address' identities (like an email server) and its own persistent storage archive (like an email server). But... this solution is hoping to exist alongside real-world email address identities (based on the email server relay pathway) but simply render messages in chat thread format in an ephemeral manner (with contents being encrypted, and messages auto-expiring) ... In the end, it's a chat app/experience for the Web3/P2P-at-all-costs zealots. (I have accts on all sorts of federated web3 services so I understand the technical and non-technical alike.) For any practical users, however, it's just another service to download/install, register, cross-share id cards/qr codes, but know that there's no history/archive whatsoever (by design) so no account/message recovery whatsoever... update the device, install a bummed update patch, or dare upgrade your device... all history, poof, gone. Ya gotta start everything over again like they're a brand new person.
    • You've tried DuckDuckGo and Brave Search, now get serious with SearXNG

      By zikalify · Posted

      You've tried DuckDuckGo and Brave Search, now get serious with SearXNG by Paul Hill Over the last decade, it has become quite trendy to dump Google Search in favor of privacy-preserving alternatives such as DuckDuckGo, Startpage, and Brave Search. These search engines have done a very good job at highlighting dodgy practices by Google, such as adjusting search results based on what it thinks you’ll like (filter bubble) and stalking you around the web to advertise to you. While these search engines are good starting points when compared to non-private services like Google, there are still quite a few issues with them. For example, both DuckDuckGo and Brave Search require running non-free JavaScript in your web browser, which is comparable to running proprietary software on your computer, meaning you can be sure about what it’s actually doing in the background. Another issue is that these search engines are hosted on the respective companies’ servers, and you are using a service that you don’t control. Finally, DuckDuckGo, while offering privacy features, relies heavily on Microsoft’s infrastructure for its results and, in the past, has permitted Microsoft tracking scripts. If you are looking for a more private search solution than DuckDuckGo, Brave Search, and Startpage, then I recommend taking a look at SearXNG. It is a privacy-respecting metasearch engine that can be used via different public instances, which is useful for mobile users, or you can install it on your computer or server and run it locally with maximum control. Unlike Google, Bing, or Brave Search, which crawl the web and have their own search indexes, SearXNG is a metasearch engine, meaning it taps other search engines, stripping your identifying data, such as IP address, user agent, and cookies, in the process. Your search query is sent to the other search engines you enable before aggregating the results. SearXNG has deployment flexibility. If you are a casual user or a mobile user and don’t want to run SearXNG locally, you can use a public instance that is hosted by someone else. The main problem with this is that you are putting trust in the maintainer of the instance regarding stuff like logs that they may keep; good hosts should have a privacy policy explaining their policies. If you are trying to use SearXNG, you can also install the software on your device and then head to 127.0.0.1:8080 in your browser and search from there. While you don’t have to worry about a third-party admin like the public instances, search engines could ultimately block your IP address if they frown on you pulling in their search results locally. If you want to run it locally, it’s a good idea to use proxies or VPNs to hide your actual IP. You don’t have to worry about this with a public instance, as search engines never see your IP address. The main privacy benefit of using SearXNG is that it isolates your identity from the underlying engines that it’s capable of searching, such as Google and Bing. These search engines will only see requests coming from a generic server, so they can’t profile you and create a bubble filter that influences what results you see. This also ensures that your search engine doesn’t turn into an echo chamber that prevents you from reading alternative points of view. As a free software project, you are allowed to inspect SearXNG to make sure there are no negative features bundled inside. This sets it apart from the privacy search engines mentioned earlier because you can’t check their source code. As a meta search engine, you are not restricted to getting results from one source. Due to the fact that it scrapes content from other websites, your SearXNG instance will periodically get blocked from different providers, so it’s good to select a range of sources as a backup. While enabling all of the services will give you great results, this can make searching slower. I am personally happy with slower searches for the best results, but you can always check which providers are slowing down your search from the search results page and disable them to speed things up. If you want decent results quickly, enable the main search providers such as Google, Brave, DuckDuckGo, Qwant, Bing, and Yahoo. This way, you get wide coverage without the latency. On the Engines tab in Preferences, do note that there are different tabs, such as General, Images, and Videos, with their own providers that can be toggled and are not covered by "Enable all" while on the General tab, so be sure to dig into each. Just a note, if you want to enable everything, press "Enable all" in one tab, then hit save at the bottom of the page, then do the next tab, and so on. If you press "Enable all", then do that in each tab, and then save, nothing will stick. When I had just some of the search engines enabled, I searched “define nefarious” and results came back with the definition of “define” - obviously that was a sucky result. However, when I had everything enabled, it found dictionary pages for the word “nefarious” and even had an inline definition on the sidebar, which is quite nice too - that was delivered by WolframAlpha for anyone wondering! Probably the worst thing about this meta search engine is that the engines you select are saved with a cookie, so you must enable them on every new device you use SearXNG on, including if you decide to go into incognito mode with your web browser. Honestly, I would say this is the most annoying aspect, and perhaps if your browser lets you choose a separate private browsing search engine, then it would be best to use DuckDuckGo for this portion of your browsing. Another weakness of SearXNG is the random blocking of it by search providers. When you are on the results page, expand the “Response time” box, and it will show things like “Suspended: too many requests” or “access denied”. This is why it is good to enable several providers so that there is always a fallback to get results from. I won’t pretend SearXNG will be for everyone, however, if you enable all of the providers and put up with the slower response time, the results can be really amazing. Even if you don’t want to use it as your daily driver, keeping a bookmark handy that links to it is a good idea if you ever feel like doing a deep dive into a niche topic where other search engines are just failing to bring up any good result, due to the amount of sources it looks on. If you’re interested in radical user control over the software you use, installing SearXNG locally can also be a good idea, but be prepared to be temporarily blocked from sites if you trigger bot sensors without a VPN. Personally, I’ve opted to use a public instance, rather than install it myself. If you want to use it via a public instance, head over to searx.space to find a provider. Let us know in the comments if you have used SearXNG or its predecessor, Searx. What do you think about the quality of the results?
    • Windows 11 is getting redesigned taskbar settings in new build

      By Captain_Eric · Posted

      Dear Neowin, If it is not too much trouble, can you start using the new-ish designations for Insider Preview? "Experimental" is different than "former Dev" as it can apply to different models, eg 26H1 or 26H2 etc, right? No need to seed confusion IMHO. And, please "finally" update your graphics. OK?

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      503
    2. 2
      +Edouard
      226
    3. 3
      PsYcHoKiLLa
      158
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!