Can I share folders from Win XP but not allow interactive logon ?

  • Thread starter Thread starter Chris Shearer Cooper
  • Start date Start date
C

Chris Shearer Cooper

Sorry for the cross-post, not sure which newsgroup this should go in ...

I've got a home LAN with a couple Win XP machines and a Win XP laptop and an
old Win 98 clunker. I have folders and a printer on one of the Win XP
(Professional) machines that I want to share with the other machines. What
I've done, is to set up user accounts on the "server" XP machine and then
have the other machines logon (locally, just a workgroup, no domain or
anything like that) as one of those user accounts, and that seems to work
fine. BTW, I'm calling the machine a server for the sake of this post, but
it's just my primary machine, so it's got the printer hooked to it, and the
biggest hard drive, and that kind of thing.

There are two little issues I can't find any way around, and I was hoping
someone up here might have a suggestion. The two issues are almost
certainly related.

1) When I log onto the server, it shows me a list of all the users I could
log on as, but most of those users don't really exist on that machine - they
only exist to allow the folder sharing. I want to clean that up.
2) I don't want people to be able to interactively sign onto the server - I
only want to grant them access to folders. I only want my account to be
able to log onto the server.

Can this be done? XP Pro doesn't seem to let you create new user groups, or
to modify the permissions of existing user groups ...

Can I set up a domain on this network? Does that give me more control over
users? The "server" is on 24x7 ('cuz it's got the printer) so it's not
totally unreasonable to set it up as a domain server ...

Thanks!
Chris
 
"Log on locally" is not a permissions thing, it's a user rights issue. Go to
Start -> Run. Type "gpedit.msc". Under Computer Configuration ->Windows
Settings -> Security Settings -> Local Policy -> User Rights Assignment,
there are policies for "Log on locally" and "Deny log on locally". Be VERY
careful here. If you enable the "log on locally" policy and have no users
defined, then guess what? No one can log on locally (not even you). BTW, RDP
and (I think) FTP connections are both considered local logons. That should
allow user to access shared resources but not access the computer from the
console.

...kurt
 
Kurt said:
"Log on locally" is not a permissions thing, it's a user rights issue. Go to
Start -> Run. Type "gpedit.msc". Under Computer Configuration ->Windows

Not on XP Home, I fancy :-(
 
Back
Top