XP Pro limited users can not share files/folders ?

[Mike Fields]

OK, I have snooped around, googled around and still managed
to miss the answer to this one. Multiple computers, running
XP Pro, SP2 all in a workgroup on my LAN (behind router).
Admins can share folders by right click, "sharing" ... as expected.
The limited users don't have that option (nor can they get to
the "sharing" tab via properties for that folder/file). I thought
a limited user could share a file/folder they owned. Simple
file sharing is UN-checked, drives are NTFS. Limited user
can create a file or folder, and security shows they are the
owner, but they do not have access to the "sharing" option.
An admin can share any folders/files on the same machine
and they are visible to other machines with no problems.
This is NOT a case of the share is not visible, they simply
do not have the option of sharing the file/folder. What
incantation am I missing ??? Thanks !!

 

[Mike Fields]

OK, I have snooped around, googled around and still managed
to miss the answer to this one. Multiple computers, running XP Pro,
SP2 all in a workgroup on my LAN (behind router).
Admins can share folders by right click, "sharing" ... as expected.
The limited users don't have that option (nor can they get to the
"sharing" tab via properties for that folder/file). I thought
a limited user could share a file/folder they owned. Simple
file sharing is UN-checked, drives are NTFS. Limited user
can create a file or folder, and security shows they are the
owner, but they do not have access to the "sharing" option.
An admin can share any folders/files on the same machine
and they are visible to other machines with no problems.
This is NOT a case of the share is not visible, they simply
do not have the option of sharing the file/folder. What
incantation am I missing ??? Thanks !!

If anyone else is interested, I guess I found the answer in the
XP Pro Resource Kit (2nd edition) where they say that

[begin quote (pg 265)]
In Windows SP Professional, members of the Administrators,
Power Users and Server Operators groups can share folders.
Other users who have been granted the Create Permanent
Shared Objects user right can also share folders. If a folder
resides on an NTFS volume, you must have at least Read
permission to share the folder.
[end quote]

There is also a comment on the next page that says
"Users who have been granted the Create Permanent
Shared Objects user right can also assign shared folder
permissions"

Hope this helps others who were looking for the same
information.

mikey

 

[Steven L Umbach]

Have you verified that works? My understanding and experience shows that
will not work regardless of what the RK says and the explanation of that
user right does not indicate the ability to share folders for network
access. --- Steve

Create permanent shared objects
This policy setting determines whether users can create directory objects in
the object manager. Users who have this capability can create permanent
shared objects, including devices, semaphores, and mutexes. This user right
is useful to kernel-mode components that extend the object namespace, and
they have this user right inherently. Therefore, it is typically not
necessary to specifically assign this user right to any users.

OK, I have snooped around, googled around and still managed
to miss the answer to this one. Multiple computers, running XP Pro, SP2
all in a workgroup on my LAN (behind router).
Admins can share folders by right click, "sharing" ... as expected.
The limited users don't have that option (nor can they get to the
"sharing" tab via properties for that folder/file). I thought
a limited user could share a file/folder they owned. Simple
file sharing is UN-checked, drives are NTFS. Limited user
can create a file or folder, and security shows they are the
owner, but they do not have access to the "sharing" option.
An admin can share any folders/files on the same machine
and they are visible to other machines with no problems.
This is NOT a case of the share is not visible, they simply
do not have the option of sharing the file/folder. What
incantation am I missing ??? Thanks !!

If anyone else is interested, I guess I found the answer in the
XP Pro Resource Kit (2nd edition) where they say that

[begin quote (pg 265)]
In Windows SP Professional, members of the Administrators,
Power Users and Server Operators groups can share folders.
Other users who have been granted the Create Permanent
Shared Objects user right can also share folders. If a folder
resides on an NTFS volume, you must have at least Read
permission to share the folder.
[end quote]

There is also a comment on the next page that says
"Users who have been granted the Create Permanent
Shared Objects user right can also assign shared folder
permissions"

Hope this helps others who were looking for the same
information.

mikey

 

[Mike Fields]

Interesting -- No, I have not verified it works, that is just what
I found in the RK (and nobody here had responded). If you
say your experience says that does NOT work, I will skip
testing that road -- saves me a bunch of time and fiddling. I had
thought the users were able to share, however, that does not
seem to be the case and the RK comments seem to confirm
that. I was looking to set up an easy way for the people in
our house (workgroup) to be able to share stuff between the
various computers. I guess the easiest is to simply create
a shared folder on each one and have them use that as a
transfer location. I think I will look into configuring the default
for drive mapping to NOT reconnect at login so we don't end
up with a bunch of links between the computers (I don't have
a central server ... but at this rate, I may have to get one !)

mikey

Have you verified that works? My understanding and experience shows
that will not work regardless of what the RK says and the explanation
of that user right does not indicate the ability to share folders for
network access. --- Steve

Create permanent shared objects
This policy setting determines whether users can create directory
objects in the object manager. Users who have this capability can
create permanent shared objects, including devices, semaphores, and
mutexes. This user right is useful to kernel-mode components that
extend the object namespace, and they have this user right inherently.
Therefore, it is typically not necessary to specifically assign this
user right to any users.

OK, I have snooped around, googled around and still managed
to miss the answer to this one. Multiple computers, running XP Pro,
SP2 all in a workgroup on my LAN (behind router).
Admins can share folders by right click, "sharing" ... as expected.
The limited users don't have that option (nor can they get to the
"sharing" tab via properties for that folder/file). I thought
a limited user could share a file/folder they owned. Simple
file sharing is UN-checked, drives are NTFS. Limited user
can create a file or folder, and security shows they are the
owner, but they do not have access to the "sharing" option.
An admin can share any folders/files on the same machine
and they are visible to other machines with no problems.
This is NOT a case of the share is not visible, they simply
do not have the option of sharing the file/folder. What
incantation am I missing ??? Thanks !!

If anyone else is interested, I guess I found the answer in the
XP Pro Resource Kit (2nd edition) where they say that

[begin quote (pg 265)]
In Windows SP Professional, members of the Administrators,
Power Users and Server Operators groups can share folders.
Other users who have been granted the Create Permanent
Shared Objects user right can also share folders. If a folder
resides on an NTFS volume, you must have at least Read
permission to share the folder.
[end quote]

There is also a comment on the next page that says
"Users who have been granted the Create Permanent
Shared Objects user right can also assign shared folder
permissions"

Hope this helps others who were looking for the same
information.

mikey

 

[Steven Umbach]

Having an administrator create the necessary shares makes sense. That way he can
make sure that permissions are what they should be. I would not worry about the
links between computer at logon unless it would result in a non server computer
having more then ten connections at once since that is the limit of the non
server operating system such as XP. --- Steve

Interesting -- No, I have not verified it works, that is just what
I found in the RK (and nobody here had responded). If you
say your experience says that does NOT work, I will skip
testing that road -- saves me a bunch of time and fiddling. I had
thought the users were able to share, however, that does not
seem to be the case and the RK comments seem to confirm
that. I was looking to set up an easy way for the people in
our house (workgroup) to be able to share stuff between the
various computers. I guess the easiest is to simply create
a shared folder on each one and have them use that as a
transfer location. I think I will look into configuring the default
for drive mapping to NOT reconnect at login so we don't end
up with a bunch of links between the computers (I don't have
a central server ... but at this rate, I may have to get one !)

mikey

Have you verified that works? My understanding and experience shows
that will not work regardless of what the RK says and the explanation
of that user right does not indicate the ability to share folders for
network access. --- Steve

Create permanent shared objects
This policy setting determines whether users can create directory
objects in the object manager. Users who have this capability can
create permanent shared objects, including devices, semaphores, and
mutexes. This user right is useful to kernel-mode components that
extend the object namespace, and they have this user right inherently.
Therefore, it is typically not necessary to specifically assign this
user right to any users.

OK, I have snooped around, googled around and still managed
to miss the answer to this one. Multiple computers, running XP Pro,
SP2 all in a workgroup on my LAN (behind router).
Admins can share folders by right click, "sharing" ... as expected.
The limited users don't have that option (nor can they get to the
"sharing" tab via properties for that folder/file). I thought
a limited user could share a file/folder they owned. Simple
file sharing is UN-checked, drives are NTFS. Limited user
can create a file or folder, and security shows they are the
owner, but they do not have access to the "sharing" option.
An admin can share any folders/files on the same machine
and they are visible to other machines with no problems.
This is NOT a case of the share is not visible, they simply
do not have the option of sharing the file/folder. What
incantation am I missing ??? Thanks !!

--
Mikey aka "mr.gadget"


If anyone else is interested, I guess I found the answer in the
XP Pro Resource Kit (2nd edition) where they say that

[begin quote (pg 265)]
In Windows SP Professional, members of the Administrators,
Power Users and Server Operators groups can share folders.
Other users who have been granted the Create Permanent
Shared Objects user right can also share folders. If a folder
resides on an NTFS volume, you must have at least Read
permission to share the folder.
[end quote]

There is also a comment on the next page that says
"Users who have been granted the Create Permanent
Shared Objects user right can also assign shared folder
permissions"

Hope this helps others who were looking for the same
information.

mikey

 

[Guest]

Sometimes the defaults have a degree of wisdom to them. If you allow users to
create shares ad-lib, you'll end-up with 'squirrel-caches' of data all over
the place. You may even find documents with embedded links spanning multiple
shares, such that changing any share creates a domino-effect of problems..
One thing is certain, the data won't be backed-up, and will thus be a
security risk.

My advice... don't.

 

[Mike Fields]

Sometimes the defaults have a degree of wisdom to them. If you allow
users to
create shares ad-lib, you'll end-up with 'squirrel-caches' of data all
over
the place. You may even find documents with embedded links spanning
multiple
shares, such that changing any share creates a domino-effect of
problems..
One thing is certain, the data won't be backed-up, and will thus be a
security risk.

My advice... don't.

Probably good advice. I guess I will set up a shared folder on all the
machines they can put things in to move around when they want.
Shared folder will have open permissions and they understand that
folder is not backed up and is only to be used to transfer stuff around.

mikey