Windows 7 share permissions

[canuckerfan]

I've been searching around google for a while and can't seem to figure this one out.

 

My current setup has the main desktop PC which shares all the music, movies and photos. All the other machines connect to the desktop PC to access these files. As of now, all users over the network have read access. However, I want to give one user, and this one user only, write access to a particular shared drive. How do I go about doing this?

 

Sharing files otherwise works fine amongst all the machines. And the desktop PC is running Windows 7. The network is a workgroup.

 

Edit: Just to clarify, the user I want to give write permissions to is accessing the drive over the network - not locally.

[manroweb]

 

From here you can allow write access to one user

[Mando]

As with previous windows versions, ensure that the "account" is identical on both PCs.

 

Lets say for sake of argument that the "share" in on Main-Desk and Main-desk\Mark has full R/W to the shared folder.

 

e.g. Main-Desk\Mark

pwd= password

 

Marks-laptop\Mark

pwd= password

 

you can then add Mark (with pwd= password) to the ACL and it will allow laptop mark to R/W on "desktop Marks" profile using the user prompt that opens in the share, due to the passwords being the same it will allow remote connectivity using the "alternate" login. (actually using main-desktop\Mark via laptop "mark")

 

Job done.

[Aergan]

You're likely using Guest / Public access. You would need to either look into

 

Homegroup

1. http://windows.microsoft.com/en-us/windows/homegroup-help#homegroup-start-to-finish=windows-7&v1h=win8tab1&v2h=win7tab1

 

Traditional user share

1. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
2. Create a user account on host PC e.g. HOSTPCNAME\UserWhoWrites
3. Give user permissions at NTFS level to directory to modify or full access
4. Set share permissions to Users -> Full control
5. On the client PC, add the credentials to the credential manager for your host PC: HOSTPCNAME\UserWhoWrites
6. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
7. Reboot both

[canuckerfan]

you can then add Mark (with pwd= password) to the ACL and it will allow laptop mark to R/W on "desktop Marks" profile using the user prompt that opens in the share, due to the passwords being the same it will allow remote connectivity using the "alternate" login. (actually using main-desktop\Mark via laptop "mark")

Both machines have an account with the same username and password. But what do you mean by "ACL"?

 

 

 

You're likely using Guest / Public access. You would need to either look into

 

Homegroup

1. http://windows.microsoft.com/en-us/windows/homegroup-help#homegroup-start-to-finish=windows-7&v1h=win8tab1&v2h=win7tab1

 

Traditional user share

1. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
2. Create a user account on host PC e.g. HOSTPCNAME\UserWhoWrites
3. Give user permissions at NTFS level to directory to modify or full access
4. Set share permissions to Users -> Full control
5. On the client PC, add the credentials to the credential manager for your host PC: HOSTPCNAME\UserWhoWrites
6. Change Network sharing to "Use windows user accounts" rather than 'let windows handle it'
7. Reboot both

 

Window user accounts are used for network sharing ("Use user accounts and passwords to connect to other computers"). I've tried adding the Windows Credentials this way and it doesn't seem to work:

 

Server: 192.168.1.100 (local IP of desktop PC)

User: Navin

Password: *** (this is the account password which is also the same as the account on the desktop PC)

 

 

This is the share and security settings for the drive:

 

 

 

[+BudMan MVC]

Well seems you have multiple groups on your ntfs, and you have share permissions with everyone - what are those set too.. If read does not matter what ntfs you set, most restrictive wins between share and ntfs.

Normally you only have share everyone set to full, and control your actual access with ntfs.

If you have a user that is member of multiple groups you can run into conflicting permissions.

I would clean up your ntfs permissions to say system and admins, keep in might that you can run into UAC issues across the network and admin membership.

You need to fix up your ntfs and share permissions so that his account has write. While not giving anyone in ntfs write, etc.

[canuckerfan]

Well seems you have multiple groups on your ntfs, and you have share permissions with everyone - what are those set too.. If read does not matter what ntfs you set, most restrictive wins between share and ntfs.

Normally you only have share everyone set to full, and control your actual access with ntfs.

If you have a user that is member of multiple groups you can run into conflicting permissions.

I would clean up your ntfs permissions to say system and admins, keep in might that you can run into UAC issues across the network and admin membership.

You need to fix up your ntfs and share permissions so that his account has write. While not giving anyone in ntfs write, etc.

I only added Everyone - which has read only permission and Navin, who has full control. All the other entries were there by default.

 

Both machines have the same account and same password but I'm not able to give only him write permissions.

[+BudMan MVC]

And what is the permissions on the everyone in your share permissions? If READ, then yeah he would never be able to write anything no matter what the ntfs permissions are.

And yeah the ntfs permissions would be inherited - so? Alter them.

[canuckerfan]

And what is the permissions on the everyone in your share permissions? If READ, then yeah he would never be able to write anything no matter what the ntfs permissions are.

And yeah the ntfs permissions would be inherited - so? Alter them.

I think I see what you mean. Because Navin falls in the Everyone group, the Everyone permission will conflict with whatever permission I give to him specifically, correct?

[+BudMan MVC]

Everyone falls into Everyone Group ;) So yeah if that is set to READ that that would be more restrictive than whatever specific permissions his account was given.

Normally you just leave everyone as full control in the share permissions, and control your access via NTFS permissions. Share permissions really only need to be adjusted in really odd situations.

Only thing in share should be everyone with full.. Then adjust your NTFS permissions how you see fit.

[canuckerfan]

Everyone falls into Everyone Group ;) So yeah if that is set to READ that that would be more restrictive than whatever specific permissions his account was given.

Normally you just leave everyone as full control in the share permissions, and control your access via NTFS permissions. Share permissions really only need to be adjusted in really odd situations.

Only thing in share should be everyone with full.. Then adjust your NTFS permissions how you see fit.

Ok the only thing in Share is Everyone with full. Then under Security I have the Adminstrator group, which includes Navin, and they have full control. However, he's still not able to write over the network to the drive. Actually, he can't even read now. I wonder if there's another conflict with any other groups. Here's the Admin settings:

 

[+BudMan MVC]

Look in advanced with effective permissions. Your going to have issues with Admin groups across the network because of UAC.. Give him permissions directly on the NTFS.

you also need to make sure you AUTH as him.. if you have it open to guests, etc. Then you might be authing as that. And you can only be authed to a machine with 1 account at a time.

If you auth as guest, makes not matter if your account has permissions, etc.

[Mando]

canuckerfan, on 28 Aug 2013 - 00:06, said:

Both machines have an account with the same username and password. But what do you mean by "ACL"?

 

 

Window user accounts are used for network sharing ("Use user accounts and passwords to connect to other computers"). I've tried adding the Windows Credentials this way and it doesn't seem to work:

 

Server: 192.168.1.100 (local IP of desktop PC)

User: Navin

Password: *** (this is the account password which is also the same as the account on the desktop PC)

 

 

This is the share and security settings for the drive:

 

 

 

 

ACL= Access Control List, sorry spend too much time Adminning Domino :) The above screeny is showing Photos Access Properties, the "list" s showing your Access Control List aka your ACL.

[canuckerfan]

Look in advanced with effective permissions. Your going to have issues with Admin groups across the network because of UAC.. Give him permissions directly on the NTFS.

you also need to make sure you AUTH as him.. if you have it open to guests, etc. Then you might be authing as that. And you can only be authed to a machine with 1 account at a time.

If you auth as guest, makes not matter if your account has permissions, etc.

Hmm... it looks like he has full control in Effective Permissions:

 

 

I think he may be authorizing as guest. Here is the active session for the machine I'm trying to access/write from (NETBOOK):

 

[+BudMan MVC]

Yup like I said if you auth as guest your only going to be able to read.

So auth via command line, or with the map drive option where you can put in an account.

Or easier way is to just create a different share you hit vs the public share that has guest.. So create a share that only he has permission too and just map it to the same dir, then hit that share directly and you should get prompted since guest does not have permission.

\\computername\writesharename

[canuckerfan]

Yup like I said if you auth as guest your only going to be able to read.

So auth via command line, or with the map drive option where you can put in an account.

Or easier way is to just create a different share you hit vs the public share that has guest.. So create a share that only he has permission too and just map it to the same dir, then hit that share directly and you should get prompted since guest does not have permission.

\\computername\writesharename

Thanks for all your help up to now. This issue has really been bugging me.

 

I modified my batch file for mapping the share:

net use Y: /delete /yes
net use Y: "\\PC\E - PHOTOS" /p:yes /user:Navin ***
:: where *** is the password

It maps the drive fine. However, he still can't read or write to it.

 

Edit: The open session is still being detected as Guest:

 

[+BudMan MVC]

Did you disconnect the previous session?

[canuckerfan]

Did you disconnect the previous session?

Yes, I rebooted both machines.