[foolios]

What are some ways I can password protect or user protect files and directories?

Do I need to set up a domain to do so? Can I get some recommendations please?

I am guessing that this could get crazy intense, so I hope someone will have some patience with me. I am interested in methods for both XP and Vista.

Thanks in advance for the ideas/suggestions/explanations, etc...

[Arie]

Simply set the NTFS rights the way you want.

[TheFlash428]

For files saved locally, I'm not sure of anyway to set a password protection--you could do that if you have the files on a remote computer and require a username and password to connect to it.

Yeah, you can set the NTFS file permissions to accomplish user protection (the security tab under file or folder properties), but any users who are admins of the computer will be able to access the files regardless, so if you want to keep users from accessing certain files and directories, make sure they don't have the rights to modify the security settings! (i.e. don't put the users you want to restrict in the "Administrators" group).

[IcemanND]

We need some more information from you on this.

[foolios]

Thank you for the info, I will look into ntfs permissions and see if I can figure it out. I have some files on my main pc that I want some users on other pc's to access. But I want some users to access and some not to.

I was also thinking about adding multiple log-ins to my main pc and that each user shouldn't see files from other users.

Thanks for getting me started. I heard about domains but have no clue about how to set one up and didn't know if that would be the best solution.

I hope I provided enough information. Thanks again.

[foolios]

Thanks guys, very helpful explanations. I am giving it a go and hopefully it will work out.
So, I can either place an account on each pc that I want to control shares on. Each pc will have the same number of accounts, this makes accessing easier. Or I can just add user permissions to a folder and then when trying to access from another pc, it will prompt me for a username and password.

Is that about correct?

I think it might be that I'm not sure how to add objects? Don't I just add a username? But then I don't get a prompt for password so I'm confused. I think the only way I see it working is if I make accounts on every computer that are the same and the password is already integrated for me. But what about the second scenario I mentioned above where I don't want to create all those matching accounts? Or will I have to?

[foolios]

I either can't add an object that isn't already existing. User?
And then even if I do add a user and add that object. When I try to connect, I get can't access the folder. It doesn't even prompt me for a username and password.

Ugh, I am so confused now.

[Idontwantspam]

First off, which version of Windows XP are you using? If it's XP Home, you're out of luck. If it's XP Pro or Media Center, then go open My computer, click Tools > Folder options. Click on the view tab. Uncheck "Use simple file sharing". Now, go to the folder you want to share. Right-click it and choose properties. Go to the sharing tab. Give it a share name. Remember that if you want it to be a hidden share, you can add a $ to the end of the name and it'll be hidden.

Now, go click on "permissions". Add/remove users as necessary, and change their rights (view/modify/both) as you wish. Now click ok. When you type in the computer name across the network (i.e. \\computername\sharename) it should prompt for a username and password. These are accounts on the computer that has the shares on it. The user will see whatever shares they have permission to access.

As far as vista, no idea, but it might be similar. Perhaps?


Oh and for local folders: no way to set passwords, however, you can set permissions on folders so only certain user accounts can access them. After turning off simple file sharing as stated above, right-click a folder, choose properties. Go to the security tab. Edit permissions as needed. Click OK a couple times. Voila.

This post has been edited by Idontwantspam: 02 February 2008 - 12:00 AM

[foolios]

Thanks for the information. So, I add user accounts to each pc for each share that I am going to use advanced sharing with. Then I will make sure that the accounts on the pc with the share are enabled under permissions, or not if I want a particular folder to not be accessed by a particular user even though they might have an account on the system. Right so far? Then if I want someone who doesn't have an account on the computer to access a share via advanced sharing, then add a user called everyone? or is it guest? Not sure, and then how does it know what password, do I just enable guest account under users and make it passworded and then all the odd-balls will use that password(guest password)? Do they need to type guest as username or will any username work as long as they have the right password?

Thanks so much!

By the way, what is happening when I add a user and then the Everyone, but then deny access to everyone? It seems like even permissible users get blocked from having access. Thanks again for further explanations.

[Idontwantspam]

Well, you sort of have it.

First of all, avoid "deny" permissions as much as possible, since they over-ride "allow" permissions.
Secondly, keep in mind that users authenticating across the network must have a password - passwordless network logons are not permitted.

You do NOT need to have the same user accounts on each PC, although you may if you want to. Any user account on the computer that has the shared files on it will do, as long as it has a password. As I said earlier, they will only see shares you have given them access to. Avoid using "everyone". Just remove it completely from the permissions list. Instead, if you want any logged in user to be able to see a certain share, use the "Authenticated Users" group, which is any user which has provided a valid username and password.

If somebody doesn't have an account, they could use the guest account. You will need to give the guest account a password of course for this to work. Also, remember that even if you disable the guest account in the user control panel, you it can still log in across the network.

If you have any more questions, feel free to post them!

[foolios]

Couple of things I'm still fuzzy on:

For Authenticated Users, do I just type Authenticated Users, and this will allow users that have an account on the local pc and logged into it to see the share from another account/user on this particular pc?

Guest accounts seem simple enough, turn it on, give it a password, now anyone can access that share as long as they use the right pass. But still being able to access even though the guest account is disabled is confusing. Will anyone still see the files?

"You do NOT need to have the same user accounts on each PC, although you may if you want to. Any user account on the computer that has the shared files on it will do, as long as it has a password. "
This is the really confusing part. I have tried to set up a share before to users that don't have an account, but I can't figure it out. Each time I create an object with a name like walter, it just doesn't seem to do anything as I can't seem to give it a password. It seems to only work if I actually create a user named walter and create a password for it.

Thanks so much.

[Idontwantspam]

foolios, on Feb 3 2008, 08:03 AM, said:

For Authenticated Users, do I just type Authenticated Users, and this will allow users that have an account on the local pc and logged into it to see the share from another account/user on this particular pc?

No, not really. If you click "Add", then "Advanced" then "Find Now" it'll give you a list of all the accounts on the computer, and all the groups, including built-in groups, such as Authenticated Users. If you give permissions to "Authenticated Users" then anyone who has a user account on that PC can view it - when they type in the PC's computer name, they will get a username/password dialog. Any enabled user account on the computer may get in with their username and password. IF the account on the machine sharing the files and the account accessing the files have the same password and username, no prompt will be given, and it will log in as that user.

E.g: my name is "bob". I have two computers, computer1 and computer2. On computer1 i have an account called "Bob" with the password "123". On computer2 I have an account called "Bob" and the password "123". If while on computer2, I open \\computer1, i will see any shares on computer1 that Bob has access to. But if my friend "Joe" has an account on computer1 but is using the guest account on computer2, then he will be prompted for a username and password, which he can then enter and get files from computer1.

Quote

Guest accounts seem simple enough, turn it on, give it a password, now anyone can access that share as long as they use the right pass. But still being able to access even though the guest account is disabled is confusing. Will anyone still see the files?

Well, there are two levels of "disabled". There is disabled and then there is cannot-log-in-locally. When you "disable" the guest account in the control panel, it is not really disabled, it just can't log in locally. It can still log in over the network. If it were actually disabled, which has to be done through lusrmgr.msc, then it can't log in over the network at all.

Quote

"You do NOT need to have the same user accounts on each PC, although you may if you want to. Any user account on the computer that has the shared files on it will do, as long as it has a password. "
This is the really confusing part. I have tried to set up a share before to users that don't have an account, but I can't figure it out. Each time I create an object with a name like walter, it just doesn't seem to do anything as I can't seem to give it a password. It seems to only work if I actually create a user named walter and create a password for it.

Yes, there needs to actually be an account on the machine that is sharing. Share permissions are based of of windows accounts. So if you click add and type "walter" but there is no "walter" account, then you can't log in across the network as "walter" because there IS no "walter".

yah? If you want, PM me and I can maybe try to help you over remote assistance.

[foolios]

Thank you for the explanations.

I am curious about the line:

"But if my friend "Joe" has an account on computer1 but is using the guest account on computer2, then he will be prompted for a username and password, which he can then enter and get files from computer1."

Sooo, it would seem what I can do is create 10 users on just one pc, and then users from 9 other computers can access shares on that one pc without my having to create 10 user accounts on all 10 computers. So if Joe, Mike, Ted, Mark, Tim, etc. have an account on pc1. Then those people can access shares on pc1 from any of the other 9 pc's.
Now my question would also be, would they all have to be logged in as a guest, or could there be only one account on those 9 named George? What if George wasn't a valid user on pc1? What if he is?

[Idontwantspam]

Umm.... do you have 10 computers? If so, you may want to consider a domain. Also keep in mind that a computer running XP pro or MCE can have a max of 10 connections at once, this means any computers it connects to to access shares or any shares being accessed on it. XP home only gets 5. So be warned.

Anyhow, to answer your question: You can have whatever users on one computer, and from any other computer on the network, you can log in as any user on that other machine and access the 1st computer over the network as a user on the computer being accessed over the network. Get it?

They can log in to any account on the other PC and still access their own account on the sharing PC. If the account on the PC accessing the share has the same username and password as any account on the sharing PC, then it will assume that it should log in as that user.

At some point i'll make a diagrammy sort of thing to better explain it, but not right now.

On a sort-of side note: Vista. I have been experimenting with vista lately () and it appears that if you just right-click a folder, choose the sharing tab, then click like advanced sharing or something, that you'll get the same exact dialog as you do in xp when you click sharing. You don't appear to need to turn on or off any settings; that's the default behavior. This was tested on home premium, I assume the same applies to other versions as well.

[foolios]

Thanks for the explanations. They have helped me understand this a great deal. After playing with it, I think I have a hang of the user access control now.

Thanks so much!

[anish_annu]

Hey Dear can u help me regarding this..

We have 3 PC's in our office running xp pro, they all are connected via ZXDSL 531B B/B modem and are sharing internet connection and few folders on each PC..(by simple file sharing)

If any guests visit and want to connect to net through his laptop he can hv access via GUEST account which i hv created in modem..
But my problem is he can also get access to all the shared folders between our 3 PC's..
My question is how can i restrict other persons/guests getting into our network..and by only allowing him to access internet
Plz. do explain it thoroughly..
I hope u can do..
thanks in adv..

Idontwantspam, on Feb 3 2008, 12:53 PM, said:

Well, you sort of have it.

First of all, avoid "deny" permissions as much as possible, since they over-ride "allow" permissions.
Secondly, keep in mind that users authenticating across the network must have a password - passwordless network logons are not permitted.

You do NOT need to have the same user accounts on each PC, although you may if you want to. Any user account on the computer that has the shared files on it will do, as long as it has a password. As I said earlier, they will only see shares you have given them access to. Avoid using "everyone". Just remove it completely from the permissions list. Instead, if you want any logged in user to be able to see a certain share, use the "Authenticated Users" group, which is any user which has provided a valid username and password.

If somebody doesn't have an account, they could use the guest account. You will need to give the guest account a password of course for this to work. Also, remember that even if you disable the guest account in the user control panel, you it can still log in across the network.

If you have any more questions, feel free to post them!

This post has been edited by anish_annu: 10 March 2008 - 02:38 AM

[Idontwantspam]

The easiest way would be to turn off simple file sharing on all of the computers, thus requiring a password. Without a password and without a domain, there's no way to keep unauthorized users out since there is nothing to stop them.

[anish_annu]

Ok, but can u please explore it in more detail..
I mean y will it ask for password, how to set up the pass..
and how to set up for sharing in such a way that other users can see the folders but wen they open it, it will ask for password..

One more thing if i disabled file sharing how can i see shared folders on any other computer becoz from network places, if i clik on workgroup computers it wont show anything..isn't so..

Idontwantspam, on Mar 11 2008, 10:01 AM, said:

The easiest way would be to turn off simple file sharing on all of the computers, thus requiring a password. Without a password and without a domain, there's no way to keep unauthorized users out since there is nothing to stop them.

[Idontwantspam]

I think I explain pretty clearly how it works up above. Do you have any specific questions?

[tbs010]

I would like to do the opposite. I am running Windows Server 2003 and I am trying to share a folder, I set permission to everyone and when I try to open it on another computer it asks for "Username and password" is there anyway I can prevent this?

Thanks