Folder sharing Best answer on the web
What you need to do is use the share permissions of in XP. They're pretty much identical in 2000 if that's the system that is sharing files, so don't worry. The share permissions allow you to grant different levels of access to different users.
Rather than describing in detail all the steps that you'll need to go through, I'm going to point you to an excellent article here http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm at Practically Networked called Windows XP Professonal File Sharing. It lays out the steps I'll describe in more detail and has nice pictures you can use to follow along.
First thing you'll need to do is create user account on Betty's computer for Mike, Bob, and Linda as described in step 2 in the article. Make sure you set the account types to "Limited".
Next you need to create the share permissions for each folder. Folder1 is accessible to everyone, which is the default permission for shares, so you can leave that as it is. But the other folders will need to have permissions set. Right-click on folder2 and select "sharing". If it's not already shared then give it a share name, otherwise click "permissions". Here is where you can control who gets access and who doesn't. By default it shows the EVERYONE group, but that's not what you want, so select it and click "remove".
Now you need to add the users who will have permission to access the folder. Clickt the "add" button. This opens a window that allows you to select the users or groups with access to this folder. Click the "object types" and uncheck "built in security principles" and "groups", then click OK. "from this location" should show the name of your computer . Click "advanced" then "find now" and you'll get a list of the users on your system. Select the ones you want to grant folder access to and then click OK. You can select multiple names by holding the control key down and clicking.
The reason you have to use accounts set up on Betty's computer is that with a peer to peer network XP doesn't have a global catalog of user names (that requires a server). So if Mike is logged in to terminal1 then his user name on the network is terminal1Mike. But if he logs in to terminal2 it's terminal2Mike. Betty's computer sees that as two different users, even though they're both the same person. In order for him to be able to access your shares from any computer you have to have a local user account. However, if you only ever want Mike to be able to log in from his own computer and never from anywhere else you could choose his computer from the location box and pick his user name. This will grant permission to, for instance, terminal1Mike or whatever it is that his computer name is. He would then be able be able to access files ONLY when he's logged in as Mike and ONLY at terminal1. Usually this can create more frustration then benefit so it's usually best to just stick with creating local user accounts and setting the share permissions based on those.
When you're done adding users click OK in the Select Users and Groups window and then you'll be back to the permisions window. By default the users you add will have read only permission to the shared folder. You can leave it that way, but if you want to allow permission to write and modify files as well you must check off the "allow" box beside "change". Don't give them full control since this would allow those users to change the permissions for the folder.
That's it. Now you'll need to do that for each of the folders you want to restrict access to. You can simplify the process a bit by creating a user group and then granting access to the group instead of to individual users. That's probably more trouble than it's worth if there are only a few people accessing these folders. But there is an explanation of how to set up groups in the article I linked to.
If there are a lot of folders that you want to share and you don't want to set the permissions for each one, you might want to place them all in a separate folder. They would then be subfolders of a folder called "Shares" or whatever you want. The advantage is that you can set the permissions just for the "Shares" folder. You would no longer need to share each of the subfolders because they would inherit the permissions of the "Shares" folder. Again, this may be more trouble than it's worth if there are only a few folders to share, but if you have a large number of folders you want to share this can save you some time.
I hope this helps you out. It's not really overly complicated, but there are a number of steps involved. If you have trouble feel free to ask for clarification.
Hibiscus
Search strategy: win2k creating shares, windows xp share permissions, windows xp "access control list"
Thanks for your detailed reply. I knew most of what you described. The shared folders are on the Win 2000 machine. You advice to "Click the "object types"" does not apply to Win 2000 apparently. I had already removed Everyone, added users and denied permission to appropriate users but even the denied users still had access to the folder. The link you gave advises to remove "simple file sharing" but on Win 2000 there is no such thing as I can see and the help says that the file and printer sharing in the stack is necessary to share folders.
swisscheese
Network is peer to peer. I want to restrict access for the computer (any user on that computer). Your example is correct.
swisscheese
Sorry, I was under the impression it was the XP system that was sharing the files. My mistake.
In W2K there's no simple file sharing option. You must have file and printer sharing enabled, but that's it. The object type button also doesn't apply under 2K but it's still just a matter of selecting the users. It just means you can't filter the list to remove the groups or the built in accounts.
As far as granting access goes there are a few things you should check out. First, check that the local accounts on the 2K machine aren't being given administrator access. Under Users and Passwords in the control panel you can configure that (which I imagine you already figured out). If they have administrator rights it might be overriding any folder rights that you have set up. Next, you shouldn't need to specifically deny access to any users. Grant permission only to the users you want to have access to the folder and leave everyone else off, including every group. Unless the rights are specified the system should deny all rights. Finally, if for some reason that doesn't work, try adding the user to the permissions and specifically denying everything. This shouldn't be necessary, but who knows, sometimes these things get cranky. You might also adding the EVERYONE group account and specifically denying rights for it, then enabling rights only for those you want to give access to.
Let me know if this still doesn't solve your problem.
Hibiscus
Well, I found the problem. I was doing something rather dumb. I was logging into the W2K the way I usually do as myself rather than as the name of the XP user. Now all is OK. So you helped indirectly. Thanks.
swisscheese
What sort of network configuration is this? Are these machines set up on a peer to peer network (i.e. no central server)? How many users are there on the network?
Also, when you say you want to restrict access for one computer, do you mean the computer or do you mean the user that's logged in to the computer?
And finally, just to clarify, do you mean that you want to allow access to every shared folder by every other user on the network, while refusing access to all but one shared folder for one particular user?
So for instance something like this:
4 users - Betty, John, Mike, Linda. Betty's computer has five shared folders, named folder1 through folder5. You want Linda only to have access to folder1 and nothing else, but you want John and Mike to have access to folder1, 2, 3, 4, and 5.
Thanks,
hibiscus
#If you have any other info about this subject , Please add it free.# |