Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 EXECUTIVE SUMMARY: Two computers (Computer1 and Computer2) share a workgroup that other computers on the same subnet have access to. Computer1 and Computer2 initially shared a folder on Computer1, “My Document.” That shared folder was the target for “My Documents” on both computers. I attempted to eliminate “simple sharing” so that only I would have access. But because there isn’t a common domain, this couldn’t occur. I also tried to make the shared folder hidden by adding a dollar symbol ($), but then couldn’t use it as a target for “My Documents.” Upon returning everything back to how I originally had it, several files became inaccessible on BOTH COMPUTERS because access to the given folder or file was denied. Interestingly, on Computer2, when away from the network, some of these files are accessible, but not when connected to Computer1. How do I (a) get everything back to being accessible, and (b) is there a way to make shared folders only accessible by me in a workgroup environment? FULL DETAILS: To allow "My Documents" to be shared between two computers, I set one of the computers' (\\zm01) "My Documents" folder to be shared on the Workgroup. I then redefine the other computer's (\\zm02) "My Documents" target to the share name of the "My Documents" folder on \\zm01. It recently came to me that I may want to restrict access since a few people share this home network. So, I tried by disabling "simple sharing" and setting permissions, but realized that \\zm02\username could not be given permissions since a common domain doesn't exist. I then changed the share name to include a dollar symbol ($) at the end so that it would be hidden and went back to "simple sharing." After I mapped that hidden folder as a network drive on \\zm02, I tried to set the network drive as my "My Documents" target on \\zm02, but Windows wouldn't let me. So, I changed everything back to original settings. But then, now nothings accessible; \\zm02 isn't able to properly read from \\zm01. I restart both computers and that seems to fix it. So, I'm now back at square one with the shared folder being accessible by anyone on the network and it being set as my "My Documents" target on \\zm02, EXCEPT... 1 - ON BOTH COMPUTERS several files and folders are not accessible; access is denied. Some are PDF's or Compressed (Zipped) folders with passwords; but Windows and accessibility shouldn't care about that. 2 - In Windows Media Player ON BOTH COMPUTERS, several files are suddenly not able to be played. I get the message "Windows Media Player cannot access the file. The file might be in use, you might not have access to the computer where the file is stored, or your proxy settings might not be correct." Interestingly, this message goes away when I am on my laptop (\\zm02) and not connected to \\zm01 – implying access is not denied on some files if I am not connected to \\zm01. 3 - Because of this "Access Denied" error, many files are not able to be made available offline. What has been tried is redefining permissions, but that doesn't matter anymore (right?) since simple sharing is enabled again. I also did a system restore on both computers and the problem continues. I even reset the share settings and that also did not seem to fix the problem. Also, removing file sharing setting did not allow me to access the files on the primary computer, \\zm01. So, how do I (a) fix the problems detailed above, and (b) if possible, create a hidden or permission/password restricted shared folder on a workgroup (NOT a domain)? NOTE: I did notice that the initial (and returned to) share name was never able to be unmarked for being made available offline on \\ZM02. As a result, even when it didn't exist, the folder showed on \\zm02 without any files and only one or two subfolders (both with no files). Thanks many to whoever can help on this, Zakhary
Guest John John (MVP) Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) XP Home or XP Pro? Take ownership of the files and folders or grant yourself full permissions on the folder with the CACLS commnad: cacls "c:\My Document" /E /G "your username":F Use NTFS permissions to control access to the folders. John Zakhary wrote: > EXECUTIVE SUMMARY: > Two computers (Computer1 and Computer2) share a workgroup that other > computers on the same subnet have access to. Computer1 and Computer2 > initially shared a folder on Computer1, “My Document.” That shared folder > was the target for “My Documents” on both computers. I attempted to > eliminate “simple sharing” so that only I would have access. But because > there isn’t a common domain, this couldn’t occur. I also tried to make the > shared folder hidden by adding a dollar symbol ($), but then couldn’t use it > as a target for “My Documents.” Upon returning everything back to how I > originally had it, several files became inaccessible on BOTH COMPUTERS > because access to the given folder or file was denied. Interestingly, on > Computer2, when away from the network, some of these files are accessible, > but not when connected to Computer1. > > How do I (a) get everything back to being accessible, and (b) is there a way > to make shared folders only accessible by me in a workgroup environment? > > > > > FULL DETAILS: > > To allow "My Documents" to be shared between two computers, I set one of the > computers' (\\zm01) "My Documents" folder to be shared on the Workgroup. I > then redefine the other computer's (\\zm02) "My Documents" target to the > share name of the "My Documents" folder on \\zm01. > > It recently came to me that I may want to restrict access since a few people > share this home network. So, I tried by disabling "simple sharing" and > setting permissions, but realized that \\zm02\username could not be given > permissions since a common domain doesn't exist. I then changed the share > name to include a dollar symbol ($) at the end so that it would be hidden and > went back to "simple sharing." > > After I mapped that hidden folder as a network drive on \\zm02, I tried to > set the network drive as my "My Documents" target on \\zm02, but Windows > wouldn't let me. So, I changed everything back to original settings. But > then, now nothings accessible; \\zm02 isn't able to properly read from > \\zm01. I restart both computers and that seems to fix it. So, I'm now back > at square one with the shared folder being accessible by anyone on the > network and it being set as my "My Documents" target on \\zm02, EXCEPT... > > 1 - ON BOTH COMPUTERS several files and folders are not accessible; access > is denied. Some are PDF's or Compressed (Zipped) folders with passwords; but > Windows and accessibility shouldn't care about that. > 2 - In Windows Media Player ON BOTH COMPUTERS, several files are suddenly > not able to be played. I get the message "Windows Media Player cannot access > the file. The file might be in use, you might not have access to the computer > where the file is stored, or your proxy settings might not be correct." > Interestingly, this message goes away when I am on my laptop (\\zm02) and not > connected to \\zm01 – implying access is not denied on some files if I am not > connected to \\zm01. > 3 - Because of this "Access Denied" error, many files are not able to be > made available offline. > > What has been tried is redefining permissions, but that doesn't matter > anymore (right?) since simple sharing is enabled again. I also did a system > restore on both computers and the problem continues. I even reset the share > settings and that also did not seem to fix the problem. Also, removing file > sharing setting did not allow me to access the files on the primary computer, > \\zm01. > > So, how do I (a) fix the problems detailed above, and (b) if possible, > create a hidden or permission/password restricted shared folder on a > workgroup (NOT a domain)? > > NOTE: I did notice that the initial (and returned to) share name was never > able to be unmarked for being made available offline on \\ZM02. As a result, > even when it didn't exist, the folder showed on \\zm02 without any files and > only one or two subfolders (both with no files). > > Thanks many to whoever can help on this, > Zakhary
Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) Thanks for your reply. I am assuming that I should take ownership on Computer1, where the "My Documents" target is housed? Also, upon taking ownership on the given computer (assumed to be Computer1), will I be able to synchronize to have the files made available offline on Computer2 without having 170+ messages of not being able to synchronize a file because access to the file or its folder is denied? -- -Zakhary "John John (MVP)" wrote: > XP Home or XP Pro? > > Take ownership of the files and folders or grant yourself full > permissions on the folder with the CACLS commnad: > > cacls "c:\My Document" /E /G "your username":F > > Use NTFS permissions to control access to the folders. > > John > > Zakhary wrote: > > > EXECUTIVE SUMMARY: > > Two computers (Computer1 and Computer2) share a workgroup that other > > computers on the same subnet have access to. Computer1 and Computer2 > > initially shared a folder on Computer1, “My Document.” That shared folder > > was the target for “My Documents” on both computers. I attempted to > > eliminate “simple sharing” so that only I would have access. But because > > there isn’t a common domain, this couldn’t occur. I also tried to make the > > shared folder hidden by adding a dollar symbol ($), but then couldn’t use it > > as a target for “My Documents.” Upon returning everything back to how I > > originally had it, several files became inaccessible on BOTH COMPUTERS > > because access to the given folder or file was denied. Interestingly, on > > Computer2, when away from the network, some of these files are accessible, > > but not when connected to Computer1. > > > > How do I (a) get everything back to being accessible, and (b) is there a way > > to make shared folders only accessible by me in a workgroup environment? > > > > > > > > > > FULL DETAILS: > > > > To allow "My Documents" to be shared between two computers, I set one of the > > computers' (\\zm01) "My Documents" folder to be shared on the Workgroup. I > > then redefine the other computer's (\\zm02) "My Documents" target to the > > share name of the "My Documents" folder on \\zm01. > > > > It recently came to me that I may want to restrict access since a few people > > share this home network. So, I tried by disabling "simple sharing" and > > setting permissions, but realized that \\zm02\username could not be given > > permissions since a common domain doesn't exist. I then changed the share > > name to include a dollar symbol ($) at the end so that it would be hidden and > > went back to "simple sharing." > > > > After I mapped that hidden folder as a network drive on \\zm02, I tried to > > set the network drive as my "My Documents" target on \\zm02, but Windows > > wouldn't let me. So, I changed everything back to original settings. But > > then, now nothings accessible; \\zm02 isn't able to properly read from > > \\zm01. I restart both computers and that seems to fix it. So, I'm now back > > at square one with the shared folder being accessible by anyone on the > > network and it being set as my "My Documents" target on \\zm02, EXCEPT... > > > > 1 - ON BOTH COMPUTERS several files and folders are not accessible; access > > is denied. Some are PDF's or Compressed (Zipped) folders with passwords; but > > Windows and accessibility shouldn't care about that. > > 2 - In Windows Media Player ON BOTH COMPUTERS, several files are suddenly > > not able to be played. I get the message "Windows Media Player cannot access > > the file. The file might be in use, you might not have access to the computer > > where the file is stored, or your proxy settings might not be correct." > > Interestingly, this message goes away when I am on my laptop (\\zm02) and not > > connected to \\zm01 – implying access is not denied on some files if I am not > > connected to \\zm01. > > 3 - Because of this "Access Denied" error, many files are not able to be > > made available offline. > > > > What has been tried is redefining permissions, but that doesn't matter > > anymore (right?) since simple sharing is enabled again. I also did a system > > restore on both computers and the problem continues. I even reset the share > > settings and that also did not seem to fix the problem. Also, removing file > > sharing setting did not allow me to access the files on the primary computer, > > \\zm01. > > > > So, how do I (a) fix the problems detailed above, and (b) if possible, > > create a hidden or permission/password restricted shared folder on a > > workgroup (NOT a domain)? > > > > NOTE: I did notice that the initial (and returned to) share name was never > > able to be unmarked for being made available offline on \\ZM02. As a result, > > even when it didn't exist, the folder showed on \\zm02 without any files and > > only one or two subfolders (both with no files). > > > > Thanks many to whoever can help on this, > > Zakhary > >
Guest John John (MVP) Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) Yes, take ownership of the files on the host and then use NTFS permissions to control access to the files. If this is an XP Pro machine right click on the folder and look at the Properties | Security. John Zakhary wrote: > Thanks for your reply. > I am assuming that I should take ownership on Computer1, where the "My > Documents" target is housed? > > Also, upon taking ownership on the given computer (assumed to be Computer1), > will I be able to synchronize to have the files made available offline on > Computer2 without having 170+ messages of not being able to synchronize a > file because access to the file or its folder is denied? >
Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) I use XP Pro... I'm not yet at the location to test this out, but an immediate consideration is that for a "Security" tab to be available in my folder's properties, "simple sharing" needs to be turned off. When I first turned that off (which directly preceeded this catastrophy), I was not able to allow my account on \\Computer2 to have access to the folder because there is not a common domain; only a shared workgroup. I attempted to set permissions as \\Computer1\username and \\Computer2\username, but that wouldn't work since there isn't a common server in-front of the computers. Is the above what NTSF permissions relates to? If so, it either isn't going to work or I am missing a link in how to manipulate the permissions. -- -Zakhary "John John (MVP)" wrote: > Yes, take ownership of the files on the host and then use NTFS > permissions to control access to the files. If this is an XP Pro > machine right click on the folder and look at the Properties | Security. > > John > > Zakhary wrote: > > > Thanks for your reply. > > I am assuming that I should take ownership on Computer1, where the "My > > Documents" target is housed? > > > > Also, upon taking ownership on the given computer (assumed to be Computer1), > > will I be able to synchronize to have the files made available offline on > > Computer2 without having 170+ messages of not being able to synchronize a > > file because access to the file or its folder is denied? > > > >
Guest John John (MVP) Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) Set identical user accounts on the host PC as the user on the client PC that wants access to the files, that is accounts with the same name and same password. If JohnDoe on zm02 wants to access files on zm01 create a user named JohnDoe on zm01 and give it the same password as JohnDoe one on zm02. John Zakhary wrote: > I use XP Pro... > > I'm not yet at the location to test this out, but an immediate consideration > is that for a "Security" tab to be available in my folder's properties, > "simple sharing" needs to be turned off. When I first turned that off (which > directly preceeded this catastrophy), I was not able to allow my account on > \\Computer2 to have access to the folder because there is not a common > domain; only a shared workgroup. I attempted to set permissions as > \\Computer1\username and \\Computer2\username, but that wouldn't work since > there isn't a common server in-front of the computers. > > Is the above what NTSF permissions relates to? If so, it either isn't going > to work or I am missing a link in how to manipulate the permissions. >
Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) That command didn't do the trick. On the host computer, \\zm01, I opened Command Prompt and typed as follows CACLS "C:\Documents and Settings\zmallett\My Documents" /E /G "zmallett":F I received the response "processed dir: C:\Documents and Settings\zmallett\My Documents" But when I went to open suspect files, the message "Access Denied" continued. I attempted that command both when the two computers were connected with each other through the network and when \\zm02 was turned off and unassociated with the network. Just in case the command didn't affect sub-folders and files, I tried it with a suspect sub-folder and suspect sub-file with no success. -- -Zakhary "John John (MVP)" wrote: > Yes, take ownership of the files on the host and then use NTFS > permissions to control access to the files. If this is an XP Pro > machine right click on the folder and look at the Properties | Security. > > John > > Zakhary wrote: > > > Thanks for your reply. > > I am assuming that I should take ownership on Computer1, where the "My > > Documents" target is housed? > > > > Also, upon taking ownership on the given computer (assumed to be Computer1), > > will I be able to synchronize to have the files made available offline on > > Computer2 without having 170+ messages of not being able to synchronize a > > file because access to the file or its folder is denied? > > > >
Guest John John (MVP) Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) Does zmallett have an account on zm01? Take ownership of the folder and files and look at the NTFS permissions, take a look in the Advanced permissions to make sure that there are no explicitly denied permissions. Make sure that your user group is not denied access to the folder, denied permissions take precedence over allowed permissions. You can also grant permissions to groups with the CACLS command: (by the way the "quotation marks" are only needed when there are spaces in the path, user name or group name): cacls "C:\Docs & Setngs...\My Docs" /t /e /g Administrators:f The /t switch changes ACLs of specified files in the current directory and all subdirectories. John Zakhary wrote: > That command didn't do the trick. > > On the host computer, \\zm01, I opened Command Prompt and typed as follows > CACLS "C:\Documents and Settings\zmallett\My Documents" /E /G "zmallett":F > > I received the response "processed dir: C:\Documents and > Settings\zmallett\My Documents" > > But when I went to open suspect files, the message "Access Denied" continued. > > I attempted that command both when the two computers were connected with > each other through the network and when \\zm02 was turned off and > unassociated with the network. > > Just in case the command didn't affect sub-folders and files, I tried it > with a suspect sub-folder and suspect sub-file with no success. >
Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) Hi, Yes, zmallett is a user on both computers AND uses the same password on both computers. Additionally, zmallett (me) is the exclusive user of the two computers, so is by default, a member of the Adminsitators group on both computers, RESPECTIVELY (no common domain). I went ahead and added the "/t" and it gave me info, as follows... processed dir: C:\Documents and Set... processed file: 1 processed file: 2 etc., etc... processed file : 5 Access is denied The same string was provided when "zmallett" was changed to "Adminsitrators". A phone conversation may work better. If you are in the US, I can call for free. To protect my private email on this internet, use this anonymous email to send your details if you like (hous-803139620@craigslist.org). -- -Zakhary "John John (MVP)" wrote: > Does zmallett have an account on zm01? Take ownership of the folder and > files and look at the NTFS permissions, take a look in the Advanced > permissions to make sure that there are no explicitly denied > permissions. Make sure that your user group is not denied access to the > folder, denied permissions take precedence over allowed permissions. > > You can also grant permissions to groups with the CACLS command: (by > the way the "quotation marks" are only needed when there are spaces in > the path, user name or group name): > > cacls "C:\Docs & Setngs...\My Docs" /t /e /g Administrators:f > > The /t switch changes ACLs of specified files in the current directory > and all subdirectories. > > John > > Zakhary wrote: > > > That command didn't do the trick. > > > > On the host computer, \\zm01, I opened Command Prompt and typed as follows > > CACLS "C:\Documents and Settings\zmallett\My Documents" /E /G "zmallett":F > > > > I received the response "processed dir: C:\Documents and > > Settings\zmallett\My Documents" > > > > But when I went to open suspect files, the message "Access Denied" continued. > > > > I attempted that command both when the two computers were connected with > > each other through the network and when \\zm02 was turned off and > > unassociated with the network. > > > > Just in case the command didn't affect sub-folders and files, I tried it > > with a suspect sub-folder and suspect sub-file with no success. > > >
Guest John John (MVP) Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) And when you right click on the folder and look at Properties | Security does everything look ok there? Are you (zmalett) listed as the Owner of the folder? Make sure that the folder is not inheriting permissions from a parent folder. John Zakhary wrote: > Hi, > Yes, zmallett is a user on both computers AND uses the same password on both > computers. Additionally, zmallett (me) is the exclusive user of the two > computers, so is by default, a member of the Adminsitators group on both > computers, RESPECTIVELY (no common domain). > > I went ahead and added the "/t" and it gave me info, as follows... > processed dir: C:\Documents and Set... > processed file: 1 > processed file: 2 > etc., etc... > processed file : 5 > Access is denied > > The same string was provided when "zmallett" was changed to "Adminsitrators". > > A phone conversation may work better. If you are in the US, I can call for > free. To protect my private email on this internet, use this anonymous email > to send your details if you like (hous-803139620@craigslist.org). >
Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) Yes, zmallett was the owner. After digging more into it, though, it seems like the problem has been fixed. Within Properties --> Security --> Advanced --> Owner I selected the checkbox "Replace owner on subcontainers and objects." And it did exactly that - took ownership of all subfolders and files of the directory C:\Documents and Set...". Now, as for inheriting permissions from a parent folder, that is under Properties --> Security --> Advanced --> Owner Both "zmallett" and "Administrators" had Full Control inherented from two avenues - "C:\Documents and Set..." and "Parent Object." The checkbox "Inherent from parent..." is now unchecked. When prompted the warning, I selected to "Copy the permission entries ... from the parent to this object." Last question before closing this case... Currently, permissions are set so that "Everyone" has full control. If I change that so that "Everyone" is denied any access, "Everyone" doesn't affect the owner, right? And based on prior strings, since the user on zm02 has the same user name and password, \\zm02\zmallett would still be able to read and write to this folder, right? Thanks a million times, Zakhary "John John (MVP)" wrote: > And when you right click on the folder and look at Properties | Security > does everything look ok there? Are you (zmalett) listed as the Owner of > the folder? Make sure that the folder is not inheriting permissions > from a parent folder. > > John > > Zakhary wrote: > > > Hi, > > Yes, zmallett is a user on both computers AND uses the same password on both > > computers. Additionally, zmallett (me) is the exclusive user of the two > > computers, so is by default, a member of the Adminsitators group on both > > computers, RESPECTIVELY (no common domain). > > > > I went ahead and added the "/t" and it gave me info, as follows... > > processed dir: C:\Documents and Set... > > processed file: 1 > > processed file: 2 > > etc., etc... > > processed file : 5 > > Access is denied > > > > The same string was provided when "zmallett" was changed to "Adminsitrators". > > > > A phone conversation may work better. If you are in the US, I can call for > > free. To protect my private email on this internet, use this anonymous email > > to send your details if you like (hous-803139620@craigslist.org). > > >
Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) I forgot to mention in the last.... There are two areas for "permissions" when a file or folder is shared. In (Properties --> Sharing) there is a "Permissions" button. There are also the permissions that we have been dealing with in (Properties --> Security). Presumably, that last question asked in the previous response corresponds to Permissions in (Properties --> Sharing). Currently, "Everyone" has "Change" and "Read" permissions, but not "Full Control." Can I deny all access to "Everyone" and provide "Full Control" to "zmallett" and still be able to read and write to these files and folders as \\zm02\zmallett (who has the same password)? -- -Zakhary "John John (MVP)" wrote: > And when you right click on the folder and look at Properties | Security > does everything look ok there? Are you (zmalett) listed as the Owner of > the folder? Make sure that the folder is not inheriting permissions > from a parent folder. > > John > > Zakhary wrote: > > > Hi, > > Yes, zmallett is a user on both computers AND uses the same password on both > > computers. Additionally, zmallett (me) is the exclusive user of the two > > computers, so is by default, a member of the Adminsitators group on both > > computers, RESPECTIVELY (no common domain). > > > > I went ahead and added the "/t" and it gave me info, as follows... > > processed dir: C:\Documents and Set... > > processed file: 1 > > processed file: 2 > > etc., etc... > > processed file : 5 > > Access is denied > > > > The same string was provided when "zmallett" was changed to "Adminsitrators". > > > > A phone conversation may work better. If you are in the US, I can call for > > free. To protect my private email on this internet, use this anonymous email > > to send your details if you like (hous-803139620@craigslist.org). > > >
Guest John John (MVP) Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) An important point to remember about NTFS permissions is that "Deny" *always* takes priority over "Allow", always. If you deny Everyone access no one will be allowed access, that includes the owner. Of course, anyone with administrative privileges can simply change the permissions again and gain access to the files or folder or allow others to gain access. If this is a profile folder (your's or another user's) instead of denying Everyone just remove Everyone from the Access Control List, at the first Security tab simply highlight Everyone and click on the Remove button. Do not remove Everyone from the parent C:\Documents and Settings folder, this may cause problems when you create new users. Also, use denied permissions sparingly, use them only in cases where you cannot achieve access control by simply removing allowed permissions, denied permissions can sometimes be hard to find or troubleshoot and a new administrator (or one with a short memory) may later have problems finding these explicitly denied permissions. \\zm02\zmallett will still be able to access the files on \\zm01 as long as zmallett has permissions to do so. Note that if zmallett is not logged on to \\zm01, \\zm02\zmallett may get an Access Denied when trying to access file on \\zm01. In those cases either logon zmallett to \\zm01 or use the "net use \\computername /user:username" command on \\zmo2: net use \\zm01 /user:zmallett John Zakhary wrote: > Yes, zmallett was the owner. After digging more into it, though, it seems > like the problem has been fixed. > > Within Properties --> Security --> Advanced --> Owner > I selected the checkbox "Replace owner on subcontainers and objects." And > it did exactly that - took ownership of all subfolders and files of the > directory C:\Documents and Set...". > > Now, as for inheriting permissions from a parent folder, that is under > Properties --> Security --> Advanced --> Owner > Both "zmallett" and "Administrators" had Full Control inherented from two > avenues - "C:\Documents and Set..." and "Parent Object." The checkbox > "Inherent from parent..." is now unchecked. When prompted the warning, I > selected to "Copy the permission entries ... from the parent to this object." > > Last question before closing this case... > Currently, permissions are set so that "Everyone" has full control. If I > change that so that "Everyone" is denied any access, "Everyone" doesn't > affect the owner, right? And based on prior strings, since the user on zm02 > has the same user name and password, \\zm02\zmallett would still be able to > read and write to this folder, right? > > Thanks a million times, > Zakhary > > > "John John (MVP)" wrote: > > >>And when you right click on the folder and look at Properties | Security >>does everything look ok there? Are you (zmalett) listed as the Owner of >>the folder? Make sure that the folder is not inheriting permissions >>from a parent folder. >> >>John >> >>Zakhary wrote: >> >> >>>Hi, >>>Yes, zmallett is a user on both computers AND uses the same password on both >>>computers. Additionally, zmallett (me) is the exclusive user of the two >>>computers, so is by default, a member of the Adminsitators group on both >>>computers, RESPECTIVELY (no common domain). >>> >>>I went ahead and added the "/t" and it gave me info, as follows... >>>processed dir: C:\Documents and Set... >>>processed file: 1 >>>processed file: 2 >>>etc., etc... >>>processed file : 5 >>>Access is denied >>> >>>The same string was provided when "zmallett" was changed to "Adminsitrators". >>> >>>A phone conversation may work better. If you are in the US, I can call for >>>free. To protect my private email on this internet, use this anonymous email >>>to send your details if you like (hous-803139620@craigslist.org). >>> >>
Guest Zakhary Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) "Everyone" has been removed both from the security and charing permissions. You mention that \\zm02\zmallett will be able to access the files as long as \\zm01\zmallett is set to have access AND is logged on on \\zm01. You did mention the net use command for when \\zm01\zmallett is not logged on, but would this work for when I am not connected to \\zm01 (i.e. not conencted to the network)? Remember that the shared folder is sychronized and set to be available offline on \\zm02 (a laptop). Will that be able to still occur? -- -Zakhary "John John (MVP)" wrote: > An important point to remember about NTFS permissions is that "Deny" > *always* takes priority over "Allow", always. If you deny Everyone > access no one will be allowed access, that includes the owner. Of > course, anyone with administrative privileges can simply change the > permissions again and gain access to the files or folder or allow others > to gain access. If this is a profile folder (your's or another user's) > instead of denying Everyone just remove Everyone from the Access Control > List, at the first Security tab simply highlight Everyone and click on > the Remove button. Do not remove Everyone from the parent C:\Documents > and Settings folder, this may cause problems when you create new users. > Also, use denied permissions sparingly, use them only in cases where > you cannot achieve access control by simply removing allowed > permissions, denied permissions can sometimes be hard to find or > troubleshoot and a new administrator (or one with a short memory) may > later have problems finding these explicitly denied permissions. > > \\zm02\zmallett will still be able to access the files on \\zm01 as long > as zmallett has permissions to do so. Note that if zmallett is not > logged on to \\zm01, \\zm02\zmallett may get an Access Denied when > trying to access file on \\zm01. In those cases either logon zmallett > to \\zm01 or use the "net use \\computername /user:username" command on > \\zmo2: > > net use \\zm01 /user:zmallett > > John > > Zakhary wrote: > > > Yes, zmallett was the owner. After digging more into it, though, it seems > > like the problem has been fixed. > > > > Within Properties --> Security --> Advanced --> Owner > > I selected the checkbox "Replace owner on subcontainers and objects." And > > it did exactly that - took ownership of all subfolders and files of the > > directory C:\Documents and Set...". > > > > Now, as for inheriting permissions from a parent folder, that is under > > Properties --> Security --> Advanced --> Owner > > Both "zmallett" and "Administrators" had Full Control inherented from two > > avenues - "C:\Documents and Set..." and "Parent Object." The checkbox > > "Inherent from parent..." is now unchecked. When prompted the warning, I > > selected to "Copy the permission entries ... from the parent to this object." > > > > Last question before closing this case... > > Currently, permissions are set so that "Everyone" has full control. If I > > change that so that "Everyone" is denied any access, "Everyone" doesn't > > affect the owner, right? And based on prior strings, since the user on zm02 > > has the same user name and password, \\zm02\zmallett would still be able to > > read and write to this folder, right? > > > > Thanks a million times, > > Zakhary > > > > > > "John John (MVP)" wrote: > > > > > >>And when you right click on the folder and look at Properties | Security > >>does everything look ok there? Are you (zmalett) listed as the Owner of > >>the folder? Make sure that the folder is not inheriting permissions > >>from a parent folder. > >> > >>John > >> > >>Zakhary wrote: > >> > >> > >>>Hi, > >>>Yes, zmallett is a user on both computers AND uses the same password on both > >>>computers. Additionally, zmallett (me) is the exclusive user of the two > >>>computers, so is by default, a member of the Adminsitators group on both > >>>computers, RESPECTIVELY (no common domain). > >>> > >>>I went ahead and added the "/t" and it gave me info, as follows... > >>>processed dir: C:\Documents and Set... > >>>processed file: 1 > >>>processed file: 2 > >>>etc., etc... > >>>processed file : 5 > >>>Access is denied > >>> > >>>The same string was provided when "zmallett" was changed to "Adminsitrators". > >>> > >>>A phone conversation may work better. If you are in the US, I can call for > >>>free. To protect my private email on this internet, use this anonymous email > >>>to send your details if you like (hous-803139620@craigslist.org). > >>> > >> >
Guest John John (MVP) Posted August 19, 2008 Posted August 19, 2008 Re: File Sharing; Access Denied (REPOST) Same as my other post, if you deny Everyone on the Share Nobody will be able to access the share. Usually it's easier or less troublesome to give Everyone full access on the share then use NTFS permissions to control access to the files and folders. That being said, you could still use a tighter control on the share to achieve a higher overall access control on your files, you could remove every one and just add the users that you want. John Zakhary wrote: > I forgot to mention in the last.... > There are two areas for "permissions" when a file or folder is shared. In > (Properties --> Sharing) there is a "Permissions" button. There are also the > permissions that we have been dealing with in (Properties --> Security). > > Presumably, that last question asked in the previous response corresponds to > Permissions in (Properties --> Sharing). Currently, "Everyone" has "Change" > and "Read" permissions, but not "Full Control." Can I deny all access to > "Everyone" and provide "Full Control" to "zmallett" and still be able to read > and write to these files and folders as \\zm02\zmallett (who has the same > password)? >
Guest John John (MVP) Posted August 20, 2008 Posted August 20, 2008 Re: File Sharing; Access Denied (REPOST) You should be able to access your offline files when you are disconnected from the network and you do not need to use additional commands to access them, the net use command wouldn't work any way because the net command won't be able to find \\zm01 when it isn't connected to it. John Zakhary wrote: > "Everyone" has been removed both from the security and charing permissions. > > You mention that \\zm02\zmallett will be able to access the files as long as > \\zm01\zmallett is set to have access AND is logged on on \\zm01. You did > mention the net use command for when \\zm01\zmallett is not logged on, but > would this work for when I am not connected to \\zm01 (i.e. not conencted to > the network)? Remember that the shared folder is sychronized and set to be > available offline on \\zm02 (a laptop). Will that be able to still occur? >
Recommended Posts