workgroup environment--shared access

[s_hcl]

i have a workgroup enviornment as the users are around 20 numbers.Client systems are windows 2000 proff and win xp proff .

I have a windows 2000 server acting as a DHCP server and not configured as a domain controller .I also use it as a backup server .

i have created folders .viz accounts ,prod ,etc and assignes user access to them.The users are created in the windows 2000 server .

USERNAME
accounts-- acc
prod-- prod
common--- all access to everyone


If accounts guys want to access accounts folder ,,they access it as

file:\\192.168.1.3
It prompts for a user name and password say acc .Hence only the accounts guys can access the folders.

Now the problem is that ,if the account guy wants to access another shared folder ..for which he has been given access rights ,then he can't acccess it .

The reason being that the user acc is still active.Inorder to access another shared folder ,i need to logof and logon again.

hence is ther some way wherin i can login as a different user everytime in a workgroup envirnment.

[nquest]

Hi, I'm not sure I understand or have been given all the relevant
info about your situation, but it seems you should not have to log
off to access other resources, if you have set the proper permissions.

There are two levels of perms that are relevant, share and NTFS
(file system). Maybe you need to review how they work and be
sure to set them so they work together to provide access as
needed.

It's not clear to me from your description of the problem, what
you've set up as accounts and file shares. So look at both account
properties and also the properties of the network shares.

I don't want to speculate too much without knowing the specifics
but it seems you may not have perms set for relevant users?
In a non-domain setting, you may need to set up user accounts
on the machine serving the shares.

Maybe that helps get you thinking. If not, please clearly provide
more specifics.

Dr. David

--

Get Your "Treasure Chest" of Security Tools!
http://wealthfunnel.com/securitybook

[s_hcl]

As u had mentioned in my reply that

In a non-domain setting, you may need to set up user accounts
on the machine serving the shares.
i have done exactly that .I can access the shares with the said user account and password.

But if i login to say share A with username tech and password tech ,i can do it successfully.

But if i need to login to another share B ,with username test and user test .It by default opens all the shares and i can't access share B,as it assumes that user tech is still logged on.

Is there some way wherin i can login to share B ,with the user name and password.

[s_hcl]

I can access the shares with the said user account and password, from the network.

is there a option wherein i m prompted for a user name and password ,everytime i access a shared folder.

[nquest]

Sorry you have trouble. But I think it is the result of not setting
perms correctly on your shares. I think this is a matter of
needing to manage the combination of share and file perms,
to be able to achieve the desired access.

YES your settings can cause you to be prompted to enter
username and password every time you access a share.
In fact, that is preferable for an environment where
security is important.

But if your environment consists of trusted users, and you
don't want to impose additional login burden for users,
it should be possible to configure access without login
prompt to the shares.

In your example, I wonder why you should need to login as
another user?

Whatever username and password you are logged into on the
system in your example, that is the username and password
you need to use in configuring the perms on your server, for
share A and B.

Please read that again, it's an important answer for non-critical
peer-to-peer networks with trusted users.

I am assuming you are using NTFS for the server file system.

I understand yours is not a domain environment, and that you
have set up the user accounts and passwords on your server
that are also set up on the workstations. That is a very
important phase and you should double-check that.

Once that's done, you also have to contend with both the
share and file perms. Many people set share perms to show
Full Control for the Everyone group, on the share perms.
Then they set granular controls for the NTFS perms. I do
recommend this in the case where you have trusted users
and a small network. However, if this is not your situation,
you can increase the stringency on your share perms.

But the most important thing is to learn how share perms
and NTFS perms combine to produce the final, actual perms
for your users. This may be the problem....

I think the short summary I found at

http://www.velocityreviews.com/forum...ermission.html

may be useful (if others find any problem with this, please
provide correction so we can all learn):

"deny takes precedence over
allow and that the least restrictive from share and least
restrictive from NTFS will give two results which then
you will take the most restrictive even it has a full
deny control"

The other thing mentioned on the page referenced above,
is the effect of your users belonging to multiple groups.
That can be REALLY important in domains, but should not
be something for you to worry about, if I understand your
situation correctly.

If you don't understand this, you need to refer to some
sources that explain it in detail. A web search should provide
multiple good free tutorials.

Look, if you give Full Control for the Everyone group with the
Share perms, then you just need to be sure the relevant user
accounts and passwords are set up on the server, then set
the NTFS perms on the shares. That's the best specific
answer I can give to you.... and I hope that helps.

Dr. David

--

Get Your "Treasure Chest" of Security Tools!
http://wealthfunnel.com/securitybook

[s_hcl]

Its a good explanation.i will go thru it and let u know.

[10ECsoon]

...if i login to say share A with username tech and password tech ,i can do it successfully.

But if i need to login to another share B ,with username test and user test .It by default opens all the shares and i can't access share B,as it assumes that user tech is still logged on.

Is there some way wherin i can login to share B ,with the user name and password.

What's wrong with giving "tech" permissions to share B?

Honestly, this is where a domain setting with proper user and security group permissions would be useful, especially as concerned about resource access as you seem to be. Besides, logging onto each resource/share every time you want to use it is less secure than a domain setting. I'm pretty sure those login dialog boxes send your usernames and passwords in plain text (no encryption) by default.

[s_hcl]

AS per ur query
In your example, I wonder why you should need to login as
another user?

**
There is a common folder which consists of softwares and data which can be accessed by everyone and hence the permissions for this share is set for everyone.


There is another folder (share b) which needs to be accessed only by particular users ,hence the permissons for this share is restricted to a particluar usr(configured in the windows 200 server) and the everyone permission is removed.

****

Hence if a usr accees the common folder it works fine .But after sometime if he needs to acces the Share b folder ,he can't since it by default opens the earlier folder.


hence i think it's not the issue of NTFS permissions ,but in the local system of the user ,i need to find an option of removing the already cached username and password .

[s_hcl]

AS per ur query
In your example, I wonder why you should need to login as
another user?

**
There is a common folder which consists of softwares and data which can be accessed by everyone and hence the permissions for this share is set for everyone.


There is another folder (share b) which needs to be accessed only by particular users ,hence the permissons for this share is restricted to a particluar usr(configured in the windows 200 server) and the everyone permission is removed.

****

Hence if a usr accees the common folder it works fine .But after sometime if he needs to acces the Share b folder ,he can't since it by default opens the earlier folder.


hence i think it's not the issue of NTFS permissions ,but in the local system of the user ,i need to find an option of removing the already cached username and password .