Jump to content

File Sharing; Access Denied (REPOST)

Guest Zakhary

By Guest Zakhary
in Windows XP

 Share

Recommended Posts

Guest Zakhary

Guest Zakhary

Posted
Posted

EXECUTIVE SUMMARY:

Two computers (Computer1 and Computer2) share a workgroup that other

computers on the same subnet have access to. Computer1 and Computer2

initially shared a folder on Computer1, “My Document.” That shared folder

was the target for “My Documents” on both computers. I attempted to

eliminate “simple sharing” so that only I would have access. But because

there isn’t a common domain, this couldn’t occur. I also tried to make the

shared folder hidden by adding a dollar symbol ($), but then couldn’t use it

as a target for “My Documents.” Upon returning everything back to how I

originally had it, several files became inaccessible on BOTH COMPUTERS

because access to the given folder or file was denied. Interestingly, on

Computer2, when away from the network, some of these files are accessible,

but not when connected to Computer1.

 

How do I (a) get everything back to being accessible, and (b) is there a way

to make shared folders only accessible by me in a workgroup environment?

 

 

 

 

FULL DETAILS:

 

To allow "My Documents" to be shared between two computers, I set one of the

computers' (\\zm01) "My Documents" folder to be shared on the Workgroup. I

then redefine the other computer's (\\zm02) "My Documents" target to the

share name of the "My Documents" folder on \\zm01.

 

It recently came to me that I may want to restrict access since a few people

share this home network. So, I tried by disabling "simple sharing" and

setting permissions, but realized that \\zm02\username could not be given

permissions since a common domain doesn't exist. I then changed the share

name to include a dollar symbol ($) at the end so that it would be hidden and

went back to "simple sharing."

 

After I mapped that hidden folder as a network drive on \\zm02, I tried to

set the network drive as my "My Documents" target on \\zm02, but Windows

wouldn't let me. So, I changed everything back to original settings. But

then, now nothings accessible; \\zm02 isn't able to properly read from

\\zm01. I restart both computers and that seems to fix it. So, I'm now back

at square one with the shared folder being accessible by anyone on the

network and it being set as my "My Documents" target on \\zm02, EXCEPT...

 

1 - ON BOTH COMPUTERS several files and folders are not accessible; access

is denied. Some are PDF's or Compressed (Zipped) folders with passwords; but

Windows and accessibility shouldn't care about that.

2 - In Windows Media Player ON BOTH COMPUTERS, several files are suddenly

not able to be played. I get the message "Windows Media Player cannot access

the file. The file might be in use, you might not have access to the computer

where the file is stored, or your proxy settings might not be correct."

Interestingly, this message goes away when I am on my laptop (\\zm02) and not

connected to \\zm01 – implying access is not denied on some files if I am not

connected to \\zm01.

3 - Because of this "Access Denied" error, many files are not able to be

made available offline.

 

What has been tried is redefining permissions, but that doesn't matter

anymore (right?) since simple sharing is enabled again. I also did a system

restore on both computers and the problem continues. I even reset the share

settings and that also did not seem to fix the problem. Also, removing file

sharing setting did not allow me to access the files on the primary computer,

\\zm01.

 

So, how do I (a) fix the problems detailed above, and (b) if possible,

create a hidden or permission/password restricted shared folder on a

workgroup (NOT a domain)?

 

NOTE: I did notice that the initial (and returned to) share name was never

able to be unmarked for being made available offline on \\ZM02. As a result,

even when it didn't exist, the folder showed on \\zm02 without any files and

only one or two subfolders (both with no files).

 

Thanks many to whoever can help on this,

Zakhary

  • Replies 15
  • Created
  • Last Reply

Popular Days

Popular Days

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

XP Home or XP Pro?

 

Take ownership of the files and folders or grant yourself full

permissions on the folder with the CACLS commnad:

 

cacls "c:\My Document" /E /G "your username":F

 

Use NTFS permissions to control access to the folders.

 

John

 

Zakhary wrote:

> EXECUTIVE SUMMARY:

> Two computers (Computer1 and Computer2) share a workgroup that other

> computers on the same subnet have access to. Computer1 and Computer2

> initially shared a folder on Computer1, “My Document.” That shared folder

> was the target for “My Documents” on both computers. I attempted to

> eliminate “simple sharing” so that only I would have access. But because

> there isn’t a common domain, this couldn’t occur. I also tried to make the

> shared folder hidden by adding a dollar symbol ($), but then couldn’t use it

> as a target for “My Documents.” Upon returning everything back to how I

> originally had it, several files became inaccessible on BOTH COMPUTERS

> because access to the given folder or file was denied. Interestingly, on

> Computer2, when away from the network, some of these files are accessible,

> but not when connected to Computer1.

>

> How do I (a) get everything back to being accessible, and (b) is there a way

> to make shared folders only accessible by me in a workgroup environment?

>

>

>

>

> FULL DETAILS:

>

> To allow "My Documents" to be shared between two computers, I set one of the

> computers' (\\zm01) "My Documents" folder to be shared on the Workgroup. I

> then redefine the other computer's (\\zm02) "My Documents" target to the

> share name of the "My Documents" folder on \\zm01.

>

> It recently came to me that I may want to restrict access since a few people

> share this home network. So, I tried by disabling "simple sharing" and

> setting permissions, but realized that \\zm02\username could not be given

> permissions since a common domain doesn't exist. I then changed the share

> name to include a dollar symbol ($) at the end so that it would be hidden and

> went back to "simple sharing."

>

> After I mapped that hidden folder as a network drive on \\zm02, I tried to

> set the network drive as my "My Documents" target on \\zm02, but Windows

> wouldn't let me. So, I changed everything back to original settings. But

> then, now nothings accessible; \\zm02 isn't able to properly read from

> \\zm01. I restart both computers and that seems to fix it. So, I'm now back

> at square one with the shared folder being accessible by anyone on the

> network and it being set as my "My Documents" target on \\zm02, EXCEPT...

>

> 1 - ON BOTH COMPUTERS several files and folders are not accessible; access

> is denied. Some are PDF's or Compressed (Zipped) folders with passwords; but

> Windows and accessibility shouldn't care about that.

> 2 - In Windows Media Player ON BOTH COMPUTERS, several files are suddenly

> not able to be played. I get the message "Windows Media Player cannot access

> the file. The file might be in use, you might not have access to the computer

> where the file is stored, or your proxy settings might not be correct."

> Interestingly, this message goes away when I am on my laptop (\\zm02) and not

> connected to \\zm01 – implying access is not denied on some files if I am not

> connected to \\zm01.

> 3 - Because of this "Access Denied" error, many files are not able to be

> made available offline.

>

> What has been tried is redefining permissions, but that doesn't matter

> anymore (right?) since simple sharing is enabled again. I also did a system

> restore on both computers and the problem continues. I even reset the share

> settings and that also did not seem to fix the problem. Also, removing file

> sharing setting did not allow me to access the files on the primary computer,

> \\zm01.

>

> So, how do I (a) fix the problems detailed above, and (b) if possible,

> create a hidden or permission/password restricted shared folder on a

> workgroup (NOT a domain)?

>

> NOTE: I did notice that the initial (and returned to) share name was never

> able to be unmarked for being made available offline on \\ZM02. As a result,

> even when it didn't exist, the folder showed on \\zm02 without any files and

> only one or two subfolders (both with no files).

>

> Thanks many to whoever can help on this,

> Zakhary

Guest Zakhary

Guest Zakhary

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

Thanks for your reply.

I am assuming that I should take ownership on Computer1, where the "My

Documents" target is housed?

 

Also, upon taking ownership on the given computer (assumed to be Computer1),

will I be able to synchronize to have the files made available offline on

Computer2 without having 170+ messages of not being able to synchronize a

file because access to the file or its folder is denied?

 

--

-Zakhary

 

 

"John John (MVP)" wrote:

> XP Home or XP Pro?

>

> Take ownership of the files and folders or grant yourself full

> permissions on the folder with the CACLS commnad:

>

> cacls "c:\My Document" /E /G "your username":F

>

> Use NTFS permissions to control access to the folders.

>

> John

>

> Zakhary wrote:

>

> > EXECUTIVE SUMMARY:

> > Two computers (Computer1 and Computer2) share a workgroup that other

> > computers on the same subnet have access to. Computer1 and Computer2

> > initially shared a folder on Computer1, “My Document.” That shared folder

> > was the target for “My Documents” on both computers. I attempted to

> > eliminate “simple sharing” so that only I would have access. But because

> > there isn’t a common domain, this couldn’t occur. I also tried to make the

> > shared folder hidden by adding a dollar symbol ($), but then couldn’t use it

> > as a target for “My Documents.” Upon returning everything back to how I

> > originally had it, several files became inaccessible on BOTH COMPUTERS

> > because access to the given folder or file was denied. Interestingly, on

> > Computer2, when away from the network, some of these files are accessible,

> > but not when connected to Computer1.

> >

> > How do I (a) get everything back to being accessible, and (b) is there a way

> > to make shared folders only accessible by me in a workgroup environment?

> >

> >

> >

> >

> > FULL DETAILS:

> >

> > To allow "My Documents" to be shared between two computers, I set one of the

> > computers' (\\zm01) "My Documents" folder to be shared on the Workgroup. I

> > then redefine the other computer's (\\zm02) "My Documents" target to the

> > share name of the "My Documents" folder on \\zm01.

> >

> > It recently came to me that I may want to restrict access since a few people

> > share this home network. So, I tried by disabling "simple sharing" and

> > setting permissions, but realized that \\zm02\username could not be given

> > permissions since a common domain doesn't exist. I then changed the share

> > name to include a dollar symbol ($) at the end so that it would be hidden and

> > went back to "simple sharing."

> >

> > After I mapped that hidden folder as a network drive on \\zm02, I tried to

> > set the network drive as my "My Documents" target on \\zm02, but Windows

> > wouldn't let me. So, I changed everything back to original settings. But

> > then, now nothings accessible; \\zm02 isn't able to properly read from

> > \\zm01. I restart both computers and that seems to fix it. So, I'm now back

> > at square one with the shared folder being accessible by anyone on the

> > network and it being set as my "My Documents" target on \\zm02, EXCEPT...

> >

> > 1 - ON BOTH COMPUTERS several files and folders are not accessible; access

> > is denied. Some are PDF's or Compressed (Zipped) folders with passwords; but

> > Windows and accessibility shouldn't care about that.

> > 2 - In Windows Media Player ON BOTH COMPUTERS, several files are suddenly

> > not able to be played. I get the message "Windows Media Player cannot access

> > the file. The file might be in use, you might not have access to the computer

> > where the file is stored, or your proxy settings might not be correct."

> > Interestingly, this message goes away when I am on my laptop (\\zm02) and not

> > connected to \\zm01 – implying access is not denied on some files if I am not

> > connected to \\zm01.

> > 3 - Because of this "Access Denied" error, many files are not able to be

> > made available offline.

> >

> > What has been tried is redefining permissions, but that doesn't matter

> > anymore (right?) since simple sharing is enabled again. I also did a system

> > restore on both computers and the problem continues. I even reset the share

> > settings and that also did not seem to fix the problem. Also, removing file

> > sharing setting did not allow me to access the files on the primary computer,

> > \\zm01.

> >

> > So, how do I (a) fix the problems detailed above, and (b) if possible,

> > create a hidden or permission/password restricted shared folder on a

> > workgroup (NOT a domain)?

> >

> > NOTE: I did notice that the initial (and returned to) share name was never

> > able to be unmarked for being made available offline on \\ZM02. As a result,

> > even when it didn't exist, the folder showed on \\zm02 without any files and

> > only one or two subfolders (both with no files).

> >

> > Thanks many to whoever can help on this,

> > Zakhary

>

>

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

Yes, take ownership of the files on the host and then use NTFS

permissions to control access to the files. If this is an XP Pro

machine right click on the folder and look at the Properties | Security.

 

John

 

Zakhary wrote:

> Thanks for your reply.

> I am assuming that I should take ownership on Computer1, where the "My

> Documents" target is housed?

>

> Also, upon taking ownership on the given computer (assumed to be Computer1),

> will I be able to synchronize to have the files made available offline on

> Computer2 without having 170+ messages of not being able to synchronize a

> file because access to the file or its folder is denied?

>

Guest Zakhary

Guest Zakhary

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

I use XP Pro...

 

I'm not yet at the location to test this out, but an immediate consideration

is that for a "Security" tab to be available in my folder's properties,

"simple sharing" needs to be turned off. When I first turned that off (which

directly preceeded this catastrophy), I was not able to allow my account on

\\Computer2 to have access to the folder because there is not a common

domain; only a shared workgroup. I attempted to set permissions as

\\Computer1\username and \\Computer2\username, but that wouldn't work since

there isn't a common server in-front of the computers.

 

Is the above what NTSF permissions relates to? If so, it either isn't going

to work or I am missing a link in how to manipulate the permissions.

 

--

-Zakhary

 

 

"John John (MVP)" wrote:

> Yes, take ownership of the files on the host and then use NTFS

> permissions to control access to the files. If this is an XP Pro

> machine right click on the folder and look at the Properties | Security.

>

> John

>

> Zakhary wrote:

>

> > Thanks for your reply.

> > I am assuming that I should take ownership on Computer1, where the "My

> > Documents" target is housed?

> >

> > Also, upon taking ownership on the given computer (assumed to be Computer1),

> > will I be able to synchronize to have the files made available offline on

> > Computer2 without having 170+ messages of not being able to synchronize a

> > file because access to the file or its folder is denied?

> >

>

>

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

Set identical user accounts on the host PC as the user on the client PC

that wants access to the files, that is accounts with the same name and

same password.

 

If JohnDoe on zm02 wants to access files on zm01 create a user named

JohnDoe on zm01 and give it the same password as JohnDoe one on zm02.

 

John

 

Zakhary wrote:

> I use XP Pro...

>

> I'm not yet at the location to test this out, but an immediate consideration

> is that for a "Security" tab to be available in my folder's properties,

> "simple sharing" needs to be turned off. When I first turned that off (which

> directly preceeded this catastrophy), I was not able to allow my account on

> \\Computer2 to have access to the folder because there is not a common

> domain; only a shared workgroup. I attempted to set permissions as

> \\Computer1\username and \\Computer2\username, but that wouldn't work since

> there isn't a common server in-front of the computers.

>

> Is the above what NTSF permissions relates to? If so, it either isn't going

> to work or I am missing a link in how to manipulate the permissions.

>

Guest Zakhary

Guest Zakhary

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

That command didn't do the trick.

 

On the host computer, \\zm01, I opened Command Prompt and typed as follows

CACLS "C:\Documents and Settings\zmallett\My Documents" /E /G "zmallett":F

 

I received the response "processed dir: C:\Documents and

Settings\zmallett\My Documents"

 

But when I went to open suspect files, the message "Access Denied" continued.

 

I attempted that command both when the two computers were connected with

each other through the network and when \\zm02 was turned off and

unassociated with the network.

 

Just in case the command didn't affect sub-folders and files, I tried it

with a suspect sub-folder and suspect sub-file with no success.

 

--

-Zakhary

 

 

"John John (MVP)" wrote:

> Yes, take ownership of the files on the host and then use NTFS

> permissions to control access to the files. If this is an XP Pro

> machine right click on the folder and look at the Properties | Security.

>

> John

>

> Zakhary wrote:

>

> > Thanks for your reply.

> > I am assuming that I should take ownership on Computer1, where the "My

> > Documents" target is housed?

> >

> > Also, upon taking ownership on the given computer (assumed to be Computer1),

> > will I be able to synchronize to have the files made available offline on

> > Computer2 without having 170+ messages of not being able to synchronize a

> > file because access to the file or its folder is denied?

> >

>

>

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

Does zmallett have an account on zm01? Take ownership of the folder and

files and look at the NTFS permissions, take a look in the Advanced

permissions to make sure that there are no explicitly denied

permissions. Make sure that your user group is not denied access to the

folder, denied permissions take precedence over allowed permissions.

 

You can also grant permissions to groups with the CACLS command: (by

the way the "quotation marks" are only needed when there are spaces in

the path, user name or group name):

 

cacls "C:\Docs & Setngs...\My Docs" /t /e /g Administrators:f

 

The /t switch changes ACLs of specified files in the current directory

and all subdirectories.

 

John

 

Zakhary wrote:

> That command didn't do the trick.

>

> On the host computer, \\zm01, I opened Command Prompt and typed as follows

> CACLS "C:\Documents and Settings\zmallett\My Documents" /E /G "zmallett":F

>

> I received the response "processed dir: C:\Documents and

> Settings\zmallett\My Documents"

>

> But when I went to open suspect files, the message "Access Denied" continued.

>

> I attempted that command both when the two computers were connected with

> each other through the network and when \\zm02 was turned off and

> unassociated with the network.

>

> Just in case the command didn't affect sub-folders and files, I tried it

> with a suspect sub-folder and suspect sub-file with no success.

>

Guest Zakhary

Guest Zakhary

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

Hi,

Yes, zmallett is a user on both computers AND uses the same password on both

computers. Additionally, zmallett (me) is the exclusive user of the two

computers, so is by default, a member of the Adminsitators group on both

computers, RESPECTIVELY (no common domain).

 

I went ahead and added the "/t" and it gave me info, as follows...

processed dir: C:\Documents and Set...

processed file: 1

processed file: 2

etc., etc...

processed file : 5

Access is denied

 

The same string was provided when "zmallett" was changed to "Adminsitrators".

 

A phone conversation may work better. If you are in the US, I can call for

free. To protect my private email on this internet, use this anonymous email

to send your details if you like (hous-803139620@craigslist.org).

 

--

-Zakhary

 

 

"John John (MVP)" wrote:

> Does zmallett have an account on zm01? Take ownership of the folder and

> files and look at the NTFS permissions, take a look in the Advanced

> permissions to make sure that there are no explicitly denied

> permissions. Make sure that your user group is not denied access to the

> folder, denied permissions take precedence over allowed permissions.

>

> You can also grant permissions to groups with the CACLS command: (by

> the way the "quotation marks" are only needed when there are spaces in

> the path, user name or group name):

>

> cacls "C:\Docs & Setngs...\My Docs" /t /e /g Administrators:f

>

> The /t switch changes ACLs of specified files in the current directory

> and all subdirectories.

>

> John

>

> Zakhary wrote:

>

> > That command didn't do the trick.

> >

> > On the host computer, \\zm01, I opened Command Prompt and typed as follows

> > CACLS "C:\Documents and Settings\zmallett\My Documents" /E /G "zmallett":F

> >

> > I received the response "processed dir: C:\Documents and

> > Settings\zmallett\My Documents"

> >

> > But when I went to open suspect files, the message "Access Denied" continued.

> >

> > I attempted that command both when the two computers were connected with

> > each other through the network and when \\zm02 was turned off and

> > unassociated with the network.

> >

> > Just in case the command didn't affect sub-folders and files, I tried it

> > with a suspect sub-folder and suspect sub-file with no success.

> >

>

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

And when you right click on the folder and look at Properties | Security

does everything look ok there? Are you (zmalett) listed as the Owner of

the folder? Make sure that the folder is not inheriting permissions

from a parent folder.

 

John

 

Zakhary wrote:

> Hi,

> Yes, zmallett is a user on both computers AND uses the same password on both

> computers. Additionally, zmallett (me) is the exclusive user of the two

> computers, so is by default, a member of the Adminsitators group on both

> computers, RESPECTIVELY (no common domain).

>

> I went ahead and added the "/t" and it gave me info, as follows...

> processed dir: C:\Documents and Set...

> processed file: 1

> processed file: 2

> etc., etc...

> processed file : 5

> Access is denied

>

> The same string was provided when "zmallett" was changed to "Adminsitrators".

>

> A phone conversation may work better. If you are in the US, I can call for

> free. To protect my private email on this internet, use this anonymous email

> to send your details if you like (hous-803139620@craigslist.org).

>

Guest Zakhary

Guest Zakhary

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

Yes, zmallett was the owner. After digging more into it, though, it seems

like the problem has been fixed.

 

Within Properties --> Security --> Advanced --> Owner

I selected the checkbox "Replace owner on subcontainers and objects." And

it did exactly that - took ownership of all subfolders and files of the

directory C:\Documents and Set...".

 

Now, as for inheriting permissions from a parent folder, that is under

Properties --> Security --> Advanced --> Owner

Both "zmallett" and "Administrators" had Full Control inherented from two

avenues - "C:\Documents and Set..." and "Parent Object." The checkbox

"Inherent from parent..." is now unchecked. When prompted the warning, I

selected to "Copy the permission entries ... from the parent to this object."

 

Last question before closing this case...

Currently, permissions are set so that "Everyone" has full control. If I

change that so that "Everyone" is denied any access, "Everyone" doesn't

affect the owner, right? And based on prior strings, since the user on zm02

has the same user name and password, \\zm02\zmallett would still be able to

read and write to this folder, right?

 

Thanks a million times,

Zakhary

 

 

"John John (MVP)" wrote:

> And when you right click on the folder and look at Properties | Security

> does everything look ok there? Are you (zmalett) listed as the Owner of

> the folder? Make sure that the folder is not inheriting permissions

> from a parent folder.

>

> John

>

> Zakhary wrote:

>

> > Hi,

> > Yes, zmallett is a user on both computers AND uses the same password on both

> > computers. Additionally, zmallett (me) is the exclusive user of the two

> > computers, so is by default, a member of the Adminsitators group on both

> > computers, RESPECTIVELY (no common domain).

> >

> > I went ahead and added the "/t" and it gave me info, as follows...

> > processed dir: C:\Documents and Set...

> > processed file: 1

> > processed file: 2

> > etc., etc...

> > processed file : 5

> > Access is denied

> >

> > The same string was provided when "zmallett" was changed to "Adminsitrators".

> >

> > A phone conversation may work better. If you are in the US, I can call for

> > free. To protect my private email on this internet, use this anonymous email

> > to send your details if you like (hous-803139620@craigslist.org).

> >

>

Guest Zakhary

Guest Zakhary

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

I forgot to mention in the last....

There are two areas for "permissions" when a file or folder is shared. In

(Properties --> Sharing) there is a "Permissions" button. There are also the

permissions that we have been dealing with in (Properties --> Security).

 

Presumably, that last question asked in the previous response corresponds to

Permissions in (Properties --> Sharing). Currently, "Everyone" has "Change"

and "Read" permissions, but not "Full Control." Can I deny all access to

"Everyone" and provide "Full Control" to "zmallett" and still be able to read

and write to these files and folders as \\zm02\zmallett (who has the same

password)?

 

--

-Zakhary

 

 

"John John (MVP)" wrote:

> And when you right click on the folder and look at Properties | Security

> does everything look ok there? Are you (zmalett) listed as the Owner of

> the folder? Make sure that the folder is not inheriting permissions

> from a parent folder.

>

> John

>

> Zakhary wrote:

>

> > Hi,

> > Yes, zmallett is a user on both computers AND uses the same password on both

> > computers. Additionally, zmallett (me) is the exclusive user of the two

> > computers, so is by default, a member of the Adminsitators group on both

> > computers, RESPECTIVELY (no common domain).

> >

> > I went ahead and added the "/t" and it gave me info, as follows...

> > processed dir: C:\Documents and Set...

> > processed file: 1

> > processed file: 2

> > etc., etc...

> > processed file : 5

> > Access is denied

> >

> > The same string was provided when "zmallett" was changed to "Adminsitrators".

> >

> > A phone conversation may work better. If you are in the US, I can call for

> > free. To protect my private email on this internet, use this anonymous email

> > to send your details if you like (hous-803139620@craigslist.org).

> >

>

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

An important point to remember about NTFS permissions is that "Deny"

*always* takes priority over "Allow", always. If you deny Everyone

access no one will be allowed access, that includes the owner. Of

course, anyone with administrative privileges can simply change the

permissions again and gain access to the files or folder or allow others

to gain access. If this is a profile folder (your's or another user's)

instead of denying Everyone just remove Everyone from the Access Control

List, at the first Security tab simply highlight Everyone and click on

the Remove button. Do not remove Everyone from the parent C:\Documents

and Settings folder, this may cause problems when you create new users.

Also, use denied permissions sparingly, use them only in cases where

you cannot achieve access control by simply removing allowed

permissions, denied permissions can sometimes be hard to find or

troubleshoot and a new administrator (or one with a short memory) may

later have problems finding these explicitly denied permissions.

 

\\zm02\zmallett will still be able to access the files on \\zm01 as long

as zmallett has permissions to do so. Note that if zmallett is not

logged on to \\zm01, \\zm02\zmallett may get an Access Denied when

trying to access file on \\zm01. In those cases either logon zmallett

to \\zm01 or use the "net use \\computername /user:username" command on

\\zmo2:

 

net use \\zm01 /user:zmallett

 

John

 

Zakhary wrote:

> Yes, zmallett was the owner. After digging more into it, though, it seems

> like the problem has been fixed.

>

> Within Properties --> Security --> Advanced --> Owner

> I selected the checkbox "Replace owner on subcontainers and objects." And

> it did exactly that - took ownership of all subfolders and files of the

> directory C:\Documents and Set...".

>

> Now, as for inheriting permissions from a parent folder, that is under

> Properties --> Security --> Advanced --> Owner

> Both "zmallett" and "Administrators" had Full Control inherented from two

> avenues - "C:\Documents and Set..." and "Parent Object." The checkbox

> "Inherent from parent..." is now unchecked. When prompted the warning, I

> selected to "Copy the permission entries ... from the parent to this object."

>

> Last question before closing this case...

> Currently, permissions are set so that "Everyone" has full control. If I

> change that so that "Everyone" is denied any access, "Everyone" doesn't

> affect the owner, right? And based on prior strings, since the user on zm02

> has the same user name and password, \\zm02\zmallett would still be able to

> read and write to this folder, right?

>

> Thanks a million times,

> Zakhary

>

>

> "John John (MVP)" wrote:

>

>

>>And when you right click on the folder and look at Properties | Security

>>does everything look ok there? Are you (zmalett) listed as the Owner of

>>the folder? Make sure that the folder is not inheriting permissions

>>from a parent folder.

>>

>>John

>>

>>Zakhary wrote:

>>

>>

>>>Hi,

>>>Yes, zmallett is a user on both computers AND uses the same password on both

>>>computers. Additionally, zmallett (me) is the exclusive user of the two

>>>computers, so is by default, a member of the Adminsitators group on both

>>>computers, RESPECTIVELY (no common domain).

>>>

>>>I went ahead and added the "/t" and it gave me info, as follows...

>>>processed dir: C:\Documents and Set...

>>>processed file: 1

>>>processed file: 2

>>>etc., etc...

>>>processed file : 5

>>>Access is denied

>>>

>>>The same string was provided when "zmallett" was changed to "Adminsitrators".

>>>

>>>A phone conversation may work better. If you are in the US, I can call for

>>>free. To protect my private email on this internet, use this anonymous email

>>>to send your details if you like (hous-803139620@craigslist.org).

>>>

>>

Guest Zakhary

Guest Zakhary

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

"Everyone" has been removed both from the security and charing permissions.

 

You mention that \\zm02\zmallett will be able to access the files as long as

\\zm01\zmallett is set to have access AND is logged on on \\zm01. You did

mention the net use command for when \\zm01\zmallett is not logged on, but

would this work for when I am not connected to \\zm01 (i.e. not conencted to

the network)? Remember that the shared folder is sychronized and set to be

available offline on \\zm02 (a laptop). Will that be able to still occur?

 

--

-Zakhary

 

 

"John John (MVP)" wrote:

> An important point to remember about NTFS permissions is that "Deny"

> *always* takes priority over "Allow", always. If you deny Everyone

> access no one will be allowed access, that includes the owner. Of

> course, anyone with administrative privileges can simply change the

> permissions again and gain access to the files or folder or allow others

> to gain access. If this is a profile folder (your's or another user's)

> instead of denying Everyone just remove Everyone from the Access Control

> List, at the first Security tab simply highlight Everyone and click on

> the Remove button. Do not remove Everyone from the parent C:\Documents

> and Settings folder, this may cause problems when you create new users.

> Also, use denied permissions sparingly, use them only in cases where

> you cannot achieve access control by simply removing allowed

> permissions, denied permissions can sometimes be hard to find or

> troubleshoot and a new administrator (or one with a short memory) may

> later have problems finding these explicitly denied permissions.

>

> \\zm02\zmallett will still be able to access the files on \\zm01 as long

> as zmallett has permissions to do so. Note that if zmallett is not

> logged on to \\zm01, \\zm02\zmallett may get an Access Denied when

> trying to access file on \\zm01. In those cases either logon zmallett

> to \\zm01 or use the "net use \\computername /user:username" command on

> \\zmo2:

>

> net use \\zm01 /user:zmallett

>

> John

>

> Zakhary wrote:

>

> > Yes, zmallett was the owner. After digging more into it, though, it seems

> > like the problem has been fixed.

> >

> > Within Properties --> Security --> Advanced --> Owner

> > I selected the checkbox "Replace owner on subcontainers and objects." And

> > it did exactly that - took ownership of all subfolders and files of the

> > directory C:\Documents and Set...".

> >

> > Now, as for inheriting permissions from a parent folder, that is under

> > Properties --> Security --> Advanced --> Owner

> > Both "zmallett" and "Administrators" had Full Control inherented from two

> > avenues - "C:\Documents and Set..." and "Parent Object." The checkbox

> > "Inherent from parent..." is now unchecked. When prompted the warning, I

> > selected to "Copy the permission entries ... from the parent to this object."

> >

> > Last question before closing this case...

> > Currently, permissions are set so that "Everyone" has full control. If I

> > change that so that "Everyone" is denied any access, "Everyone" doesn't

> > affect the owner, right? And based on prior strings, since the user on zm02

> > has the same user name and password, \\zm02\zmallett would still be able to

> > read and write to this folder, right?

> >

> > Thanks a million times,

> > Zakhary

> >

> >

> > "John John (MVP)" wrote:

> >

> >

> >>And when you right click on the folder and look at Properties | Security

> >>does everything look ok there? Are you (zmalett) listed as the Owner of

> >>the folder? Make sure that the folder is not inheriting permissions

> >>from a parent folder.

> >>

> >>John

> >>

> >>Zakhary wrote:

> >>

> >>

> >>>Hi,

> >>>Yes, zmallett is a user on both computers AND uses the same password on both

> >>>computers. Additionally, zmallett (me) is the exclusive user of the two

> >>>computers, so is by default, a member of the Adminsitators group on both

> >>>computers, RESPECTIVELY (no common domain).

> >>>

> >>>I went ahead and added the "/t" and it gave me info, as follows...

> >>>processed dir: C:\Documents and Set...

> >>>processed file: 1

> >>>processed file: 2

> >>>etc., etc...

> >>>processed file : 5

> >>>Access is denied

> >>>

> >>>The same string was provided when "zmallett" was changed to "Adminsitrators".

> >>>

> >>>A phone conversation may work better. If you are in the US, I can call for

> >>>free. To protect my private email on this internet, use this anonymous email

> >>>to send your details if you like (hous-803139620@craigslist.org).

> >>>

> >>

>

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

Same as my other post, if you deny Everyone on the Share Nobody will be

able to access the share. Usually it's easier or less troublesome to

give Everyone full access on the share then use NTFS permissions to

control access to the files and folders. That being said, you could

still use a tighter control on the share to achieve a higher overall

access control on your files, you could remove every one and just add

the users that you want.

 

John

 

Zakhary wrote:

> I forgot to mention in the last....

> There are two areas for "permissions" when a file or folder is shared. In

> (Properties --> Sharing) there is a "Permissions" button. There are also the

> permissions that we have been dealing with in (Properties --> Security).

>

> Presumably, that last question asked in the previous response corresponds to

> Permissions in (Properties --> Sharing). Currently, "Everyone" has "Change"

> and "Read" permissions, but not "Full Control." Can I deny all access to

> "Everyone" and provide "Full Control" to "zmallett" and still be able to read

> and write to these files and folders as \\zm02\zmallett (who has the same

> password)?

>

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: File Sharing; Access Denied (REPOST)

 

You should be able to access your offline files when you are

disconnected from the network and you do not need to use additional

commands to access them, the net use command wouldn't work any way

because the net command won't be able to find \\zm01 when it isn't

connected to it.

 

John

 

Zakhary wrote:

> "Everyone" has been removed both from the security and charing permissions.

>

> You mention that \\zm02\zmallett will be able to access the files as long as

> \\zm01\zmallett is set to have access AND is logged on on \\zm01. You did

> mention the net use command for when \\zm01\zmallett is not logged on, but

> would this work for when I am not connected to \\zm01 (i.e. not conencted to

> the network)? Remember that the shared folder is sychronized and set to be

> available offline on \\zm02 (a laptop). Will that be able to still occur?

>

 Share
Go to topic listing
×
×
  • Create New...