Re: Multiple Individual permissions.


"PrvtBacon" <PrvtBacon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D5FAF9D9-7082-48DE-897F-7306835EEFE5@xxxxxxxxxxxxxxxx
>
> Hi,
>
> I have a small home network consisting of 4 clients and 1 server
> (Configured
> as a Workgroup). They are all running XP Pro. The server acts as a file,
> print, game and internet server. As it is for my family, internal security
> is
> not really a problem. I do however want to protect some folders from my
> younger brother. So on the server I have used folder permissions to
> protect
> folders from his user name, and I have done the same to protect him and my
> Dad from folders on the clients (eg. Windows dir).
>
> Currently the only way I know how to achieve that is by having 5 separate
> user accounts on each machine.
>
> Accounts:
> M
> R
> D
> P
> Administrator
>
> However, now I have 5 different login names at the Welcome screen and all
> the associated folders that come with each profile, not to mention the
> pain
> of going to 5 computers to change a single permission.
>
> All I want is for Client D to boot to windows automatically using D's
> profile, Client M to boot to M etc. I don't need roaming profiles.
>
> ------------
>
> I am trying to set the permissions to do this:
>
> Client D = Admin rights on all machines
> Client R = Admin rights on all machines
>
> Client M = Admin rights on self, user rights (read/write) on all machines.
> Client P = Admin rights on self, user rights (read/write) on all machines.
>
> Server = Admin rights on all machines
>
> ------------
>
> From my various reading on the subject, it seems I need to upgrade my
> server
> to a Domain server. It seems that that is overkill (and expensive) just to
> remove users from the log-in screen and centralize permissions handling.
> Plus, I don't think my game's (Americas Army, RB63, C&C, HL2, Far-Cry)
> various server programs work under 2K, NT or 2003.
>
> I had this idea:
> I have noticed in the Computer Management>Local Users and
> Groups>Groups>*Select Group>Properties>Add> Location> that it asks you to
> select a location of the object, but will only let my search the local
> machine, not the entire network. Can I do this and thus centralize the
> whole
> process?
>
> In conclusion, is there a better way to do what I am doing?
>
> Thanks for the help,
> Bacon
> P.S: Sorry about the long post, thought its better to give as much info as
> possible.
>


As Chuck says, the only way to have anything else other than the local
machine appear in the Location box is to have a domain.

Within a workgroup, you need to create a local account on each machine for
each user you want to grant access to. This will usually mean maintining
simultaneous accounts on each machine for all the users.

It is possible however to configure each machine to boot up straight to it's
assigned user account, and not have to deal with a welcome screen with
several users.

There's a couple of ways to do this:

First, you could hide users from the Welcome Screen:
Go to Start - Run - Regedit, hit Enter.

Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList.

Add the username you wish to hide as a DWORD value. Set the value to 0
(zero).
This will prevent the user from showing up on the welcome screen.

Tha machine will boot to the welcome screen, with only the accounts you want
displayed.
The user can then enter their password, if one is defined.

( If you ever need to log onto one of the 'hidden' accounts, you can press
CTRL-ALT-DEL twice at the welcome screen to get the standard logon dialog. )

Alternatively, you can download TweakUI and use the Autologon feature.
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

You can enter a Username and Password for the account you wish to auto logon
with.
This time, the machine will boot straight to the user's desktop, and will
not wait at the welcome screen for a password.

--
Ron


.

Relevant Pages

  • Re: How to set up DCOM properly to allow server and client connect remotely
    ... their accounts if said accounts have the same username ... I need to know how to set up DCOM properly so the OPC server and client ... local user ...
    (microsoft.public.win32.programmer.ole)
  • Re: E-mail filtering recommendations needed.
    ... company's server and send outgoing e-mail through the same server. ... You could put up a local mail server which will poll the ISPs ... Then the user pop accounts would be removed from ... SS numbers and protected client information? ...
    (comp.unix.sco.misc)
  • Re: SMS site server HDD allocation
    ... Keep in mind that the SMS server is a database server. ... >>The Client Installation Wizard is used to remotely install, or push, the ... >>Connection accounts to allow the clients to connect and write to the ...
    (microsoft.public.sms.admin)
  • Re: It must be simple, but...
    ... I assume you have added both workstations to the new domain. ... using the DOMAIN user accounts ONLY. ... >I understand why I shouldn't share the client drives, etc., and in general ... > the server shared drive), again, using the same credentials. ...
    (microsoft.public.windows.server.sbs)
  • Re: XP & W2K server User rights need help
    ... accounts. ... This narrows the issue, since any admin ... > Here is another fact, this domain server had to be> replaced so a new one was created, in the old domain> server non of the users had accounts only the computers ... >>> Accounts in AD Power users with admin rights to local ...
    (microsoft.public.windowsxp.security_admin)