Windows XP Permission/s ...

[Cider]

Hey Guys,

We run a domain here with basically no GPO polices besides a password complexity one.

On my PC which connects to the domain I am running some virtual machines which I do not connect to the domain, they all run under workgroup.

If I share a folder on my computer I generally give everyone read on sharing and then set security with ntfs permissions to lock it down. Works great. However jsut a few questions.

1) For sharing , is the read permission sufficient or must i grant full control and then lock it down with NTFS?
2) From my VM or any PC on the lan that connects locally and not to the domain, I cant seem to connect to the shares? What permissions do I give to the shared folder on my PC in order for the workgroup machines to access it? Which account do I add as I can only add domain accounts?
3) If I navigate via UNC to my PC via a workgroup PC (\\PCname\Sharename or \\PCname to view the shares) I recieve a the trust issue between the workgroup PC and the domain controller failed. However we dont have any policies that I know of in place.
4) However if I try to connect to our server from a workgroup PC then a username / password dialog box pops up which is what I am looking for.

Any shares on my network regardless if a domain PC or workgroup PC is connecting, I would love the pop-up dialog box.

Could the windows fundis shed some light on this?

Is it totally different in Vista?q

Thanks

[morganlefay]

Full control on Shares....then lock down on NTFS.

User will need to connect to a local account...with permissions to access the share...a dialog box should pop up asking for username and password

use machinename\username and password to connect.

There are default GPOs created with a domain...

MLF

[Cider]

Hey MLF, thanks for the reply.

User will need to connect to a local account...with permissions to access the share

If they are not on the domain?? A dialog box does not pop up at all.

I can either give them NTFS permission which then they will be allowed through, if they do not have NTFS permission it will disallow it, no pop-up dialog box

Think im abit confused here.

[morganlefay]

Create local accounts on the machine hosting the shares...and give EVERYONE full contol access to the share...and then give NTFS permissions to lock down...read\write\fullcontrol using the machines local accounts...

Check your firewall settings...file and print sharing allowed??

MLF

[Cider]

Hey MLF ,

I have done so with the same results.

If I try to access my c$ from another machine, I recieve a dialog popup box asking for username / password.

Firewall is off and conenctivity is fine. Is it even possible to have a pop-up box or is it allowed or denied on NTFS? Surely you can add a generic account "where they have to put in details" or am I offcourse here.

[morganlefay]

You need an admin account to access the C$

I dont understand your issue or question???

I thought you had created shares for a workgroup to access??

MLF

[Cider]

Hey MLF,

sorry for the confusion.

Okay , if I access c$ on my PC from another PC without any admin privledge , I get the prompt for username / password before continuing.

How can I do that for a normal folder share? The only options I have with folder sharing is either denied or allow. If they are allowed with my NTFS permissions they can access the folder, if not then they recive a not accessible message.

I would like it to popup , regardless of what user is trying to access teh share and ask for a username / password. And then upon enterning the credentials it must auth against my NTFS permissions.

I.E the user is allowed or denied access.

Hope this makes sense ...

Lets leave the Workgroup out for now, just work on a domain.

[dinowuff]

I get what you are saying.

You have a workgroup share lets say "dino"
You want to connect to "dino" but first want to be prompted for a userid and pass.

Add a user to the local machine say "MLF"
give the local "MLF" account access to the share, Remove all other accounts.

When ever someone wants to connect to "dino" they will have to enter the userID "MLF" and it's password.

[morganlefay]

ahhh yeap ...thats what I said.

In a domain the credential are passed automatically...thats the way domains work..I am sure you can create a GPO that prompts for password for accessing a share.............but why.??

Now my understanding was you had a domain and a workgroup and the workgroup computers want access to a share residing on a member of the domain??? When the workgroup user wants to access the share....it should get prompted for a username and password where you can use a domain account or a local account (local of the machine hosting the share).

What exactly are you trying to do???

MLF

[Cider]

Guys MLF,

Basically I would like a pop-up dialog box whether it is inside the domain that the request is coming from or from a workgroup on the same lan? Is this possible as I understand people on the domain have been cleared of auth and only use the NTFS security to check ACL's.

Thanks