Workgroup Folder Access

  • Thread starter Thread starter OzPat
  • Start date Start date
O

OzPat

I am running a Workgroup with one computer (my computer) storing our company
folders/files. I want to be able to allow the company Directors access to all
relevant folders. but other Staff should only have access to some of these
folders.
I have turned off Simple File Sharing and set up a Power Users Group called
Directors PUG on my computer and assigned my user account to this group. The
problem is that I can't work out how to assign the other Directors to this
Directors PUG since they are not obviously not users of my computer, just
fellow workgroup members.
Perhaps there is an easier way to achieve this file/folder access
restriction and I'm just making life hard for myself.

Cheers
 
OzPat said:
I am running a Workgroup with one computer (my computer) storing our
company folders/files. I want to be able to allow the company Directors
access to all relevant folders. but other Staff should only have access to
some of these folders.
I have turned off Simple File Sharing and set up a Power Users Group
called Directors PUG on my computer and assigned my user account to this
group. The problem is that I can't work out how to assign the other
Directors to this Directors PUG since they are not obviously not users of
my computer, just fellow workgroup members.
Perhaps there is an easier way to achieve this file/folder access
restriction and I'm just making life hard for myself.
Click to expand...

In a Workgroup authentication is done on the local machine. Add your
directors' usernames/passwords to your pseudo server. Then you can set your
permissions on those directories accordingly. There is no need to make the
users who will have access Power Users. Better not to use the Power User
group at all and just keep them standard users.

Also make sure you aren't going to bump into the inbound concurrent
connections limitations on the pseudo server. The limitation is on
*connections* and not computers or users. One computer can and often does
make more than one connection to a pseudo server.

Inbound connections limit in XP - http://support.microsoft.com/?id=314882

5 - XP Home/Vista Home Basic
10 - Vista Home Premium/Vista Ultimate/XP Pro
49 - SBS 2000
74 - SBS 2003
Unlimited for full Server O/Ses

Malke
 
Thanks Malke, that worked well.

Only one slight problem and that is that those users without access to the
restricted folders are still able to view them when they look in My Network
Places.
What I need is for the folder to be visible for the Directors so that they
are able to access this folder, but hidden for the Staff. My theory is: if
they don't know it's there then they won't try to find out what is inside it.

Thanks in Advance
 
OzPat said:
Thanks Malke, that worked well.

Only one slight problem and that is that those users without access to the
restricted folders are still able to view them when they look in My
Network Places.
What I need is for the folder to be visible for the Directors so that they
are able to access this folder, but hidden for the Staff. My theory is: if
they don't know it's there then they won't try to find out what is inside
it.
Click to expand...

I don't think you can do that. And I think that Steve Winograd already said
that in the other newsgroup to which you posted. Of course I may be
mistaken.

If your other users can't access the folders and you have properly set them
up as standard users and not power users or administrators, it won't matter
that they can see the folders. They will not be able to access them anyway.

Malke
 
If you want to hide a folder from view in My Network Places in a workgroup
then you need to name the folder with the $ after it as in share$. Then the
use who needs access to the folder would need to know the name or a drive
could be mapped to the hidden folder. Note that a hidden folder is not a
real security feature and that share and NTFS permissions are the final
barrier to access because there are ways to enumerate hidden shares.

With a Windows 2008 or Windows 2003R2 server ACE [Access Based Enumeration]
can be used to hide folders within a share that a user does not have read
access to.

Steve
 
Back
Top