Sharing a folder in Windows XP to Everyone and giving specific permission to a particular user to a sub folder

Hi Dominic,

 

The issue you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.

 

TechNet Forum

http://social.technet.microsoft.com/Forums/en-US/category/windowsxpitpro

 

Hope this helps.

Hi Imran

Thank you for your response.

 

Regards

Dominic

Hi

I posted in TechNet Forum 5 days bfore. Till now i didnt get any reply from anybody. Any possible solutions from anyone ?

http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/a48fe4e2-c771-4a18-aa33-2dbaf997bfb2

 

Regards

Dominic

It sounds to me like you are doing everything right and it should work.  I could only think of a couple of issues that might cause your symptoms.

The first is that there might be a local user "User1" created on the XP or Win7 machine as well as the "domain/User1" user in the domain.  The local and domain "User1"s would be recognized as two different users as far as file access is concerned.  So when you set the file permissions, you would need to specify "domainname\User1" or "MachineA\User1" to differentiate the user and get the correct user.  You may have already done this, but it is not clear in your description.

The second is that there might be an pre-existing connection between Machine B to Machine A perhaps created by another user on Machine B.  Windows will only allow a single concurrent authenticated connection between any given two machines.  Before attempting the connection, you may want to verify that there are no existing connections by bringing up a command prompt window and entering the command:
    net  use
This will show existing connections.  Make sure to close existing connections before opening a connection with the User1 authentication.  Another way to show current connections is to do the following on the XP machine:
   Right-Click "My Computer" -> Manage -> System Tools -> Shared Folders -> Sessions
This will show current active sessions connecting to the XP machine and the authentication.  Make sure the "Guest" column does not say "Yes".

In any event, I find that generally using the command prompt window generates better errors than the GUI when connecting to another machine.  From Machine B, try bringing up a command window and connect to machine A using the "net use" syntax:
    net  use  *  \\MachineA\ShareName  password   /user:DomainName\User1
(assuming you wish to connect with domain User credentials).  If you omit the password, it should ask. If it has a problem, it should give you a descriptive error. (Caveat:  I don't have much experience with Windows 7.  I am assuming that the command line syntax hasn't changed much since XP)

Hopefully some of the above will be helpful.
-- JW


 

Hi Wunders

         Thank you for your reply.

1. There is no local user named 'User1' in Machine A and Machine B

2. There was one pre-Existing connection from Machine B to Machine A. I  cleared that connection.  I used net use * /delete

3. I used net use \\machineA\ShareName /user:DomainName\User1 

      The command completed sucessfully. It didnt ask for any password.

4. I cleared the "inheritable from parent" checkbox for that particular sub folder. [Tried in both ways, with that check box checked and unchecked]

 

 

But still i am not able to modify the file.

 

Regards

Dominic

Dominic,

Wow,  I duplicated your steps and was surprised when I had the same problem that you have.  After a bunch of experimentation, I believe I've come up with a solution (at least it worked in my duplicated case).  Apparently there are two "layers" of security at play here.  One being the file/folder security level which you have correctly set to allow User1 to write/change things in the folder.  The other layer is the networking security layer that is not quite so apparent.  This is the layer that was set when you right-clicked on the top-level folder and selected "share this folder".

The solution that worked for me:   Go to the top-level folder that you shared on your computer, right-click on it, and select:
   Sharing and Security -> Sharing (Tab) -> Permissions (button)
In the screen that pops up, you probably show only  "Everyone" with only Read permission.  At this point, click on the "Add" button and in the screen that pops up, type in:
    DomainName\User1
then "OK".  You will see User1 appear on the list.  Click on User1 and then select "Full Control" in the bottom window, then "OK" your way out.  This will not change any file or folder security on any item in the "Security" tab, but will allow User1 to make changes if the file/folder level security allows it.

It worked for me... I hope it solves your problem, too.
-- JW

Hi Wunders

 

Thank you very much for spending your precious time. I will check it and update you the status.

 

 

Regards

Dominic

Hi Wunders

Sorry for this late reply. I tried your suggestions. It will work. But I have some doubts in this.

1. If i give the full permission to User1 in Share, user1 will get the full permission to all folders under this shared folder. To restrict the permission to a particular folder, i need to go to that subfolder  and deny the permission to user1.

2. This will be more tedious if there are 100's of folders and more than 100 users.

3. In windows7 it is very easy. Ie. What i did is that, i shared the folder  to 'Everyone' with 'Read' only permission. Now all the users have only readonly  permission. But if i added one user in any subfolder and grant edit permssion, that user will get the edit permission.  If i want to deny the edit permission , just to remove the user entry from security tab[ by default 'Everyone' have read permission].

But in Windows XP, it is just opposite. I need to add 100 users [or Authenticated Users]  while sharing the folder and grant full permission. Then to make all folders read only,  i need to go to each folder and deny  all permission execpt  read permission to each user.

 

 I dont know why this difference. I thought there will be some workarounds to make it like Windows 7. Any official microsoft  documentation regarding the change in Sharing Security from Windows XP to Windows 7 ?. I coudnt find anything more specific to sharing security change.

 

Regards

Dominic

 

I don't think it's really as bad as you make it out to be.  I'm not familiar with Win7 sharing, but it doesn't sound that far off from Windows XP sharing.  What you could do (what I do) is to right-click on the top shared folder then select:
    Sharing and Security -> Sharing (Tab) -> Permissions ->
and then give "Everyone"  Full control.  This will give everyone the potential for full control, but you can easily dial that back with file/folder level security.  One day you may want to add a "suggestion box" folder that everyone might need to write to and this would allow that.

After you do the above, again right-click on the top level folder and select:
   Sharing and Security -> Security (Tab) -> Advanced
Then change the security such that "Everyone" has "Read Only" access.  Eliminate other non-desired users/groups.  Check the "Replace permission entries on all child objects...." box and click "OK".  This will restrict access to everything in and under this folder to Read-only access to Everyone.  Now you can go to a given lower-level folder and give a specific user added permission to that folder only.  Avoid the "deny" permissions as it takes precedence over "allow" which is not usually what you want.   This doesn't sound far off from what you say Win7 does.

If there is a group of users that you want to give write permission to, you can create a "maintain" Group at the domain level, add those users into the group, and simply give that Group write permission where necessary...  it eliminates the need to add tens of users to the permissions if they need to write a particular directory.

"How to set, view, change, or remove special permissions for files and folders in Windows XP"
  < http://support.microsoft.com/kb/308419 >

HTH,
   JW