Hi swisscheese,
What you need to do is use the share permissions of in XP. They're
pretty much identical in 2000 if that's the system that is sharing
files, so don't worry. The share permissions allow you to grant
different levels of access to different users.
Rather than describing in detail all the steps that you'll need to go
through, I'm going to point you to an excellent article here
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
at Practically Networked called Windows XP Professonal File Sharing.
It lays out the steps I'll describe in more detail and has nice
pictures you can use to follow along.
First thing you'll need to do is create user account on Betty's
computer for Mike, Bob, and Linda as described in step 2 in the
article. Make sure you set the account types to "Limited".
Next you need to create the share permissions for each folder.
Folder1 is accessible to everyone, which is the default permission for
shares, so you can leave that as it is. But the other folders will
need to have permissions set. Right-click on folder2 and select
"sharing". If it's not already shared then give it a share name,
otherwise click "permissions". Here is where you can control who gets
access and who doesn't. By default it shows the EVERYONE group, but
that's not what you want, so select it and click "remove".
Now you need to add the users who will have permission to access the
folder. Clickt the "add" button. This opens a window that allows you
to select the users or groups with access to this folder. Click the
"object types" and uncheck "built in security principles" and
"groups", then click OK. "from this location" should show the name of
your computer . Click "advanced" then "find now" and you'll get a
list of the users on your system. Select the ones you want to grant
folder access to and then click OK. You can select multiple names by
holding the control key down and clicking.
The reason you have to use accounts set up on Betty's computer is that
with a peer to peer network XP doesn't have a global catalog of user
names (that requires a server). So if Mike is logged in to terminal1
then his user name on the network is terminal1\Mike. But if he logs
in to terminal2 it's terminal2\Mike. Betty's computer sees that as
two different users, even though they're both the same person. In
order for him to be able to access your shares from any computer you
have to have a local user account. However, if you only ever want
Mike to be able to log in from his own computer and never from
anywhere else you could choose his computer from the location box and
pick his user name. This will grant permission to, for instance,
terminal1\Mike or whatever it is that his computer name is. He would
then be able be able to access files ONLY when he's logged in as Mike
and ONLY at terminal1. Usually this can create more frustration then
benefit so it's usually best to just stick with creating local user
accounts and setting the share permissions based on those.
When you're done adding users click OK in the Select Users and Groups
window and then you'll be back to the permisions window. By default
the users you add will have read only permission to the shared folder.
You can leave it that way, but if you want to allow permission to
write and modify files as well you must check off the "allow" box
beside "change". Don't give them full control since this would allow
those users to change the permissions for the folder.
That's it. Now you'll need to do that for each of the folders you
want to restrict access to. You can simplify the process a bit by
creating a user group and then granting access to the group instead of
to individual users. That's probably more trouble than it's worth if
there are only a few people accessing these folders. But there is an
explanation of how to set up groups in the article I linked to.
If there are a lot of folders that you want to share and you don't
want to set the permissions for each one, you might want to place them
all in a separate folder. They would then be subfolders of a folder
called "Shares" or whatever you want. The advantage is that you can
set the permissions just for the "Shares" folder. You would no longer
need to share each of the subfolders because they would inherit the
permissions of the "Shares" folder. Again, this may be more trouble
than it's worth if there are only a few folders to share, but if you
have a large number of folders you want to share this can save you
some time.
I hope this helps you out. It's not really overly complicated, but
there are a number of steps involved. If you have trouble feel free
to ask for clarification.
Hibiscus
Search strategy: win2k creating shares, windows xp share permissions,
windows xp "access control list" |
Clarification of Answer by
hibiscus-ga
on
17 Apr 2003 17:04 PDT
Hi swisscheese,
Sorry, I was under the impression it was the XP system that was
sharing the files. My mistake.
In W2K there's no simple file sharing option. You must have file and
printer sharing enabled, but that's it. The object type button also
doesn't apply under 2K but it's still just a matter of selecting the
users. It just means you can't filter the list to remove the groups
or the built in accounts.
As far as granting access goes there are a few things you should check
out. First, check that the local accounts on the 2K machine aren't
being given administrator access. Under Users and Passwords in the
control panel you can configure that (which I imagine you already
figured out). If they have administrator rights it might be
overriding any folder rights that you have set up. Next, you
shouldn't need to specifically deny access to any users. Grant
permission only to the users you want to have access to the folder and
leave everyone else off, including every group. Unless the rights are
specified the system should deny all rights. Finally, if for some
reason that doesn't work, try adding the user to the permissions and
specifically denying everything. This shouldn't be necessary, but who
knows, sometimes these things get cranky. You might also adding the
EVERYONE group account and specifically denying rights for it, then
enabling rights only for those you want to give access to.
Let me know if this still doesn't solve your problem.
Hibiscus
|
,
0 Comments
)