Setting permissions for non-local users? No one knows???? Can't be done????

  • Thread starter Thread starter Blue
  • Start date Start date
B

Blue

Does anyone know if it can be done, and if so how?

I frequently plug my work notebook computer into my home network and
would like to give myself (and only myself) access to my home XP Pro
files on my home network.

From the home XP computer, In Network Places, I can see my home
workgroup and I can see an icon for my work domain, inside of which is
my work computer. However, when I am in the permissions settings
dialog, I can't seem to find the work computer, no matter how I try.

Everyone keeps saying that you don't need folder passwords in XP, but
this sure seems like a case where you do, since I don't see anyone
speaking up on how to overcome this limitation...

Come on Microsoft. There must be thousands of people who connect work
computers to their home networks and want to be able to do this.
 
File permissions are set on the folder itself. For computers not part of a
domain, only user accounts that are local to the comptuer can be specified
for computer access. Second, if you don't have file sharing enabled and a
file shared then none will show up (this is also done from the computer
that has the data you want to share). The only other thing to check is that
the firewall is properly configured to allow access for File and Printer
Sharing; I would recommend using XPSP2 and the new firewall settings as you
can choose to allow the local network but not the whole internet, which can
not be controled with the pre-SP2 firewall.
--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Thanks for the response. I think your second sentence gives me my
answer: it can't be done.

My home computer is part of a workgroup, not a domain, and you are
telling me that in this situation only local user accounts can be
specified for folder access. Is that correct? My laptop is part of
domain when I am at work, but obviously not connected to that domain
when I am plugged in to my home network... and anyway, the files I
want to access are on the home computer which is not part of a domain
ever... and I can't MAKE it part of a domain without a server on the
network, which I do not have. Right?

So - I am able to open up a folder for access to the whole world by
giving EVERYONE access rights, or I am able to keep it private and
specify local user access rights, but I am not able to open it
selectively to the outside world to only some specified users. Is that
right? There is no way to set password access to folders within XP
Pro? Maybe this is a situation where I would WANT to do that and it
would add functionality NOT PRESENT in Win XP Pro. This used to be
possible in previous versions of windows... why is it not part of XP?
 
It can be done, but you would have to supply the credentials of an account
on the home machine (from the work machine) when accessing a share on the
home machine or allow fully open public access.

If you have SP2 this is not such an issue (access to everyone) as you an
open file and printer shareing for the firewall to local users only (thus
the internet still can not access). Essentially everyone on your local
network could access it.

As for the last part, yes previous versions had this. Part of moving to the
shared code that existed in the NT development tree and away from teh 9x
code meant that this was given up for greater security. We have heard
complaints on this and are working on better sharing models but I would not
expect them to be added to XP soon if ever. Its more likely that this would
appear in later Operating Systems. So the best I can say is no.

There are 2 solutions:
1) Specify the machine name and account you wish to use when accessing a
share. (net use * \\machine_name\share_name /u:machine_name\user_name)
where machine name is the target machine and username is the target user
account on that machine.

2) This is the one I prefer. Use SP2, on the firewall allow file and
printer sharing for the local network only. Then create shares that allow
the guest account (the default sharing account for everyone on an XP
non-domain computer). This will allow access with out the account info
being specified but will only work for computers on your local network.


--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Back
Top