PDA

View Full Version : How do I limit network sharing?


Greg
10-06-07, 05:04 AM
I have a tiny home network for the family. It is just a few WinXP and WinVista machines connected to a router/switch. I need to share some folder eg. \Drivers so from any PC I can update drivers and another eg. is a \Transfer folder for conveneintly sharing files between PCs.

What I'd like to do is make some limited access shares eg. \Backup where one PC can put personal or business backup files, but not show or allow access to that share across the whole network.

I don't believe I can set up a domain server to govern all LAN access and when I try to put user restrictions on a share, the dialogs only allow me to enter Local users, not Remote users. I also have limited experience with Network managment.

The ideal result would either be:
1) Shared folder only visible and/or accessible by certain Remote and Local users. Or
2) Shared folder accessible by entering password.

I'd like to keep this cheap and not have to set up more PCs and buy or maintain more OSes. Any ideas folks?

crainger
10-06-07, 06:53 AM
OK. This isn't really my thing, but I think I can help. OK. So you have a folder on a machine you want to restrict access? Well firstly you'll have to create a user account for every person you want to have access on that machine (with passwords), or a special user account you don't mind giving out the password for. Then when sharing set the permission so only the users you want to give access are listed. All users will see the folders, but to gain access they will either need to be on the shares permissions or have the username and password to enter upon accessing the folder.

Of course to hide the folders you just use the normal $ at the start of the share name then map the share or type it in manually.

I'm terrible at explaining this stuff. But I hope I'm at least pointing you in the right direction.

Greg
10-06-07, 07:52 AM
Thanks for responding crainger. I think I follow most of what you say, however I am not sure how Local and Remote user accounts relate to eachother.

For example, I can create an account called 'Bob' on each PC, and those user accounts look like Box1\\Bob Box2\\Bob, but AFAIK they don't relate to eachother and cannot be used on eachothers PC since they are not local. I am only using Workgroups to share networking. I have a vague understanding of how a shared Domain network could be configured to achieve what I'm after, but I would need a copy of Windows Server or Linux on a PC that is always on to manage those permissions.

I was hoping to find some syntax to enter a remote user name in the 'Select Users or Groups' when I Add to the Share Permission dialog.

crainger
10-06-07, 10:19 PM
You can't add remote users AFAIK, but when a 'remote' user accesses a share hosted on a machine that also has an account set up for them they share the permissions. So Box1 hosts the share. You give permission for box1\\bob to access the folder. Then when box2\\bob access the share, he will have the same permissions as box1\\bob aslong as the username AND password match.

OR on box1 setup a user like box1\\share Then when box2\\box tries to access the folder he will have to input both the username box1\\share and the password to access the folder.

The two methods are essential the same. The difference is the first removes the need to enter a username and pass everytime the folder is accessed. The second removes the need to make a local account on the host machine.

My experience with this was when I had my Xbox setup to play movies of my PC. I didn't want my flatmates to access my xbox share. So I setup an account called xbox on my PC with a password. Then setup the xbox to access the share with that username and password. That way the xbox could access it. However when my flatmates tried to access that particular folder from their PCs, they required a username and password. Sure it's an xbox, but essentially the networking is the same.

Greg
10-07-07, 12:02 AM
I think you're saying:
1) You can't add permissions for remote users.
2) You need local users configured on a sharing machine.
3) A remote user can either a) login to a remote computer as one of the local users listed on that machine or b) if the remote user has exactly the same name and password, the login is automatically attempted so the user doesn't need to manually re-enter those login details. Both of these are simply accessing a local account on the sharing machine.

Thanks, I will have to experiment with this.

crainger
10-07-07, 02:55 AM
Yeah that pretty much sums it up. :D

Let us know how it goes. :)