Re: Share 2 different networks at the same time?
- From: Chuck <none@xxxxxxxxxxx>
- Date: Sun, 16 Jul 2006 11:26:28 -0700
On Sun, 16 Jul 2006 10:23:02 -0700, Ken W <KenW@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
"Chuck" wrote:
On Thu, 13 Jul 2006 04:05:01 -0700, Ken W <KenW@xxxxxxxxxxxxxxxxxxxxxxxxx>Chuck:
wrote:
"Chuck" wrote:
On Tue, 11 Jul 2006 20:06:01 -0700, Ken W <KenW@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
"Chuck" wrote:
On Tue, 11 Jul 2006 04:16:01 -0700, Ken W <KenW@xxxxxxxxxxxxxxxxxxxxxxxxx>Chuck:
wrote:
"Chuck" wrote:
On Sun, 9 Jul 2006 18:04:01 -0700, Ken W <KenW@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
This is continuation of the thread 5/30/06. Chuck, I hope you found this.
I've played around with the permissions on WOLFEKE. The SHARE folder that XP
created is accessible by the other computer, JANET. However, the other shared
folders that I created on WOLFEKE were not accessible. I looked at the SHARE
folder on WOLFEKE to try and determine what was different about it, and I
noticed that it had permission to EVERYONE. I created a test folder on
WOLFEKE and gave it permission to EVERYONE. That folder was then accessible
by JANET.
The conclusion that I reached was if EVERYONE is not included on a shared
folder on WolfEKE, JANET cannot access it.
OK, Ken.
Generally, Everyone IS included in the share permissions for a given folder.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html
I'm sort of at a loss what we were investigating the last time we communicated,
so be patient with me. And read the above 2 articles. I've made a few changes
here and there recently.
Chuck:
I have a laptop work computer (WOLFEKE) running XP Pro that's part of a
domain at work and I'm trying to network it at home to a home computer
running WME. We've solved the visibility problem and are now working on the
accessibility problem. The home computer (JANET) is unable to access any
folder on the work computer (WOLFEKE) that doesn't grant access to EVERYONE.
When you say that generally everyone has access to shared folders, I don't
understand that because I give specific authority to different users in the
domain to my shared folders.
The work computer (WOLFEKE) has one folder that I want to share at home
only, and I don't want anyone else at work when I'm attached to the domain to
have access to that folder. My concern is that if I give EVERYONE access to
that folder, files in that folder will be accessible to anyone on the domain
at work.
Ken
Ken,
The term "Everyone" means access to all authenticated users. All users are
members of "Everyone". If you have some files / folders permitted to
"Everyone", you can have others permitted to specific users.
With NTFS, you have 2 sets of permissions:
# Share Permissions ("Sharing - Permissions").
# NTFS Permissions ("Security").
NTFS permissions (assuming you are running NTFS) apply to local and network
access, and Share permissions apply to network access only. What most people do
is permit share access to Everyone, and use more granular settings for NTFS.
Share permissions are not as detailed as NTFS permissions anyway. I've tried to
explain it in my article.
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html
Now you have a challenge, in that you have a workgroup, but you are trying to
open it to a computer that comes from a domain. That's an ongoing challenge
here - folks who need to mix domains and workgroups, permitting what needs to be
permitted, and not expose too much to what should not be permitted.
So you're right, if you have a server (the laptop) that provides shares to folks
at work, using Everyone as a filter isn't granular enough. But if you have a
domain, why are you using a client as a server anyway? If you have a domain,
you should use the domain resources as servers. It's way better to have formal
roles in a domain - servers store and share data, and clients access the data.
Do you have a local account on WOLFEKE, to match the local account on JANET?
That's where you start.
Obviously, setting up a workgroup gives folks bad habits that shouldn't be
repeated in a domain. OK, I feel another article being written.
--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
For WOLFEKE, my work computer, which is a client in the domain at work, I
also share some directories with another person at work because I want the
files to reside on my computer and not the server. However, to be clear,
WOLFEKE is not the server for the domain at work.
I have an account called WOLFEKE on WOLFEKE and an account called MOM & DAD
on JANET. They have identical, nonblank passwords. Does that suffice? I
gathered from reading that it was.
It sounds like having WOLFEKE part of a domain at work and a workgroup at
home isn't doable - at least it's not known how to do it yet. Should I give
up on this idea? I guess the next best thing would be to try to secure
individual files with password protection.
Ken
Ken,
To make it simple, you need either account "Wolfeke", or "Mom & Dad", on BOTH
computers, activated for NETWORK use, with identical, non-blank passwords. It's
perfectly doable to have a computer have a double life.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#NonGuest>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#NonGuest
Now to the server bit. If Wolfeke is sharing files TO another person at work,
it's running as a server. Any computer running File and Printer Sharing for
Microsoft Networks is running as a server. If that's a domain at work, then
Wolfeke trusts the domain to tell it who can access the shared data.
<http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html#WindowsServer>
http://nitecruzr.blogspot.com/2005/09/server-access-authorisation.html#WindowsServer
With all of that said, if you're going to move between domain and workgroup
authentication, there will be challenges.
<http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html>
http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html
And if you're going to move a server, physically, between 2 networks, there will
be more challenges.
<http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html>
http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html
Now if the above articles don't help, or if they contains too much information
to deal with, we can get this working. We'll just have to take it one step at a
time, and try not to wait for a month between discussions.
Windows Networking is a lot of fun. But it can be a hair pulling experience
too. See my photo, if you don't believe me (click on the MVP logo in any of the
above articles).
Chuck:
I clicked on your picture and I've really just started down that road, but I
don't think I like where this could lead! Actually, now that I think about
it, I don't have to pull my hair at all as it just seems to fall out on its
own!
Anyway, I'll be out the next two days and I'm not sure exactly when I'll be
able to try your suggestions. Thank you, and if I don't respond promptly it's
not because of desire.
Ken
Thanks for the update, Ken. This thread should be visible for a few days, so
just post back here, when you get back. We'll be here.
--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
I'm back. I've read the articles and tried to follow the directions, but I
still have the same accessibility problem when JANET tries to read certain
folders in WOLFEKE. It is a lot and I could easily have made a mistake.
WOLFEKE was set to simple file sharing, so I changed it to advanced file
sharing. JANET was also set this way, so I made the change, although from
your instructions I don't think it was necessary to change JANET. What are
the implications of doing this for each computer, especially since WOLFEKE is
part of a domain at work?
I created identical accounts on each machine (wolfeke) with identical
nonblank passwords.
I think I need to do some more troubleshooting with permissions and
security. Since the default shared folder works on both computers, it seems
to me the answer could be here.
I really could use some more words of wisdom!
Ken
Ken,
If you just have 2 computers, and you are the only person involved, the Simple
File Sharing (with Guest properly enabled for network access) makes sense. As
long as you don't try to share data that can't be shared. Read about Advanced
vs Simple File Sharing.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Simple>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Simple
Now if Wolfeke is part of a domain, it's running with Advanced File Sharing.
Period.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#DomainClient>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#DomainClient
Even under Advanced File Sharing, you can use Guest authentication. Just be
aware of the limitations.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Guest>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Guest
My guess is you'll want to use Advanced File Sharing, with Guest authentication.
But see where you put the shared data. Read the article, then let's see what we
do next. Would you like to try IM?
--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.
- References:
- Re: Share 2 different networks at the same time?
- From: Chuck
- Re: Share 2 different networks at the same time?
- From: Chuck
- Re: Share 2 different networks at the same time?
- From: Ken W
- Re: Share 2 different networks at the same time?
- From: Chuck
- Re: Share 2 different networks at the same time?
- From: Ken W
- Re: Share 2 different networks at the same time?
- From: Chuck
- Re: Share 2 different networks at the same time?
- From: Ken W
- Re: Share 2 different networks at the same time?
- Prev by Date: Re: Can't browse, can't ping, can't tracert?
- Next by Date: "MS Windows network" very slow
- Previous by thread: Re: Share 2 different networks at the same time?
- Next by thread: Re: Network Connection dropping after 10 minutes
- Index(es):
Relevant Pages
|
