Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Limit access to windows 7 shares - how do I do this?


  • Please log in to reply
4 replies to this topic

#1 ledbleeping

ledbleeping

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 16 June 2016 - 09:20 AM

Hi guys,

This is my first topic in this section, and I'm also new here on the forums, so nice to meet you!

 

Here is the thing I'm struggling with.

 

I have this small LAN, with a bunch of Windows 7 Pro computers (11 PCs), each of wich, has a single user account (admin rights) with no password, user is called user1. Each pc has a shared folder with documents, something like this

 

PC1 is called PC01 has a shared folder FOLDER and it has a user called user1

PC2 is called PC02 has a shared folder FOLDER and it has a user called user1

PC3 is called DVRPC  has a shared folder FOLDER and it has a user called user1

PC3 is called PC03  has a shared folder FOLDER and it has a user called user1

etc. 

 

Each PC has as as I said, a single user account with admin rights and no password (I know, I know, bad) + shared folders in the workgroup called WORK.

 

Now, what my client wants, is that via his laptop wich also runs Windows 7 (let's call it Supervisor) with a single user with no password and a MacPro Yosemite (call it MacSupervisor).

 

He wants to be able to access all the shares on these workgrouped computers from his Windows laptop and from his MacPro, but only him, the other users should not be able to browse and access the files in the shared folders! How do I do this using Windows 7 workgrouped computers, with no servers and AD and such. Can I use the Network and Sharing settings? Maybe set "Use password protected sharing ON" and specify on each computer, on the shared folder's options in the Users tab my client's username on his MacPro and Windows laptop? Will this work?

 

 



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 16 June 2016 - 01:05 PM

Users should never be admins on the pcs.  You can't restrict admins.  End of story.

 

Start of a new story is to make users users not admins with the boss being the one of three admins [always have a backup admin account and don't use the default administrator account!]



#3 Kilroy

Kilroy

  • BC Advisor
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:08:27 AM

Posted 16 June 2016 - 01:08 PM

First off, this network needs to move to a client server model.  Microsoft recommends moving to the client server model at 10 machines because it is very difficult to manage this number of machines in a workgroup model.  The most likely reason for not having passwords is that it quickly became apparent that when you change a password you have to change it on every machine.

 

So, he doesn't want the local user to be able to access files on their own machine when that user is logged on as an Admin?  If the share is hosted on their machine, they can access the files.  It can't be done. It can technically be done, but a user with admin rights can view the files if they have the knowledge or desire.

 

I've never dealt with Apple products, so I don't know what hoops you would need to jump through for the Mac.  You could create a new account on each machine, with a password, then give that account access to the share.  Then on the Supervisor machine create a batch file to map the shares using the new user and password.

 

I'm not really sure I have a clear view of what you need to accomplish.  I do know that the current environment isn't helpful.



#4 ledbleeping

ledbleeping
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 16 June 2016 - 03:54 PM

Hi,

Yes I know the layout is extremely bad, and I've told them not once that it should be changed as soon as possible.

 

No, I don't want to restrict the user on each PC (with admin rights) to access its own shared folder, what I want is him, let's say user of PC01 to not be able to access the shared folder of PC02 and so on. 

The only user who can access the shared folder on all PCs should be this Supervisor user.

 

I will try tomorrow something with the built in Windows 7 sharing options. When sharing a folder you can add users and assign what permission each user have, read only, read write etc. I believe that I can add a user there that would have Read Write permission, and that user would be the Supervisor user, but I don't know if the name of this user have to be the username on the Supervisor PC, being a Workgroup enviroment. 

 

Will return with results.



#5 Kilroy

Kilroy

  • BC Advisor
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:08:27 AM

Posted 17 June 2016 - 02:51 PM

When sharing you have to take two things into consideration, the share permissions and the NTFS (hopefully) permissions.  Even if you locked people out of the share anyone logged in locally is only restricted by the NTFS permissions.  Since the people logged in locally have Admin rights they can take ownership of the drive and over ride the NTFS permissions.

 

You can connect to shares without having the name match the name of user from the connecting machine.  I've had all kinds of issues getting shares to work without passwords.  So, create an account on the sharing machine and give it a password.  Give that account access to the share. Then make a batch file for the "Supervisor" to run to connect to the machine, no idea on how to do this from the Mac, but you should be able.

 

The batch file would look something like this:  Create in Notepad and save with a .BAT file extension.

 

REM Disconnect Network Drives
NET USE * /D /Y
REM Connect Network Drives
NET USE H: \\Computer1\Share /User:USER PASSWORD
NET USE I: \\Computer2\Share /User:USER PASSWORD
NET USE J: \\Computer3\Share /User:USER PASSWORD
NET USE K: \\Computer4\Share /User:USER PASSWORD

 

Where you would replace Computer 1 with the first computer name and Share with the name of the share.  USER would be the user account you created with the PASSWORD being the password you assigned.

 

There should be a similar way to may a script for the Mac.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users