locked
Why do I need to create a user account on the server that matches the user on the client? RRS feed

  • Question

  • This seems to me to be too complex for the target user. Why not just craete a guest account for each attached machine or take the credentials for each user that connects or some such strategy. The current process looks overly geekey to me.
    Tuesday, July 3, 2007 4:20 PM

All replies

  • Without an account you can't control who has access to the shared folders (amongst other reasons)

     

    Gordon

    Tuesday, July 3, 2007 4:55 PM
  • WHS having the same username on it is to the home like an AD Domain login is at a business.

     

    You have to have a record of the accounts at the server level in order to administrate permissions.

     

    Think of it this way:

     

    On a Domain you sign in with a domain login on a member machine which inherits it's permissions from the domain policies on the box.

     

    On WHS, you aren't running a domain, instead it's no different than having multiple boxes in a workgroup, where you have to have login credentials/profile stored on each member of the workgroup and then you have the trouble of synchronizing that password amongst the members.

     

    When you create an account on the WHS, you make it the same as your local password and the password is synchronized so that when you sign onto a workgroup member box with that login information, you can access the WHS transparently instead of having to also apply a different set of login credentials to WHS every time you want to connect to it.

    Tuesday, July 3, 2007 7:10 PM
  • It's a security thing.  Take this scenario - imagine your server holds lots of photos and home videos which you've painstakingly collected, sorted and stored on the server.  Now picture your child, using the media centre in the lounge, is scanning through the pictures and deletes some of them, either inadvertently or on purpose.  It's a simple thing to do with a chunky remote control and a nice intuitive interface.  Now place yourself in front of the share and spot, to your abject horror, that this has happened.

     

    Yes, that happened to me, because I neglected to control which users had access to these folders, or more specifically the one which my media center logs on with.

     

    It's not the sort of thing which is easily controlled using simple shares with no individual user access rights.  I want my wife and kids to look at the pictures, play the music and watch the videos, but I don't want them to delete them.  That said, I still want to control that myself, which would require one account at least.  HS makes the process a lot easier than the normal method of poking around in shares, setting up user accounts and so on, which would be the norm on any other OS.

     

    I don't consider security to be geeky.  I like the idea of being able to stop the kids deleting stuff.

    Friday, July 6, 2007 11:17 AM
  • I think also it is a little bit complex for the average end user - and they won't like to change their passwords of the local client if the server requests higher complexity (which would break also autologon for them as a surprise). Also some users may not even be aware, that they have a stupid OEM preconfigured user name for their desktop autologon like User or Owner, which they don't want to use as their account name on the home server. (Btw. how - if - home server is distinguishing between different users having the same predefined name on different PCs? That could become another source of trouble.)

     

    Maybe the limitations of Windows Home editions do jump in again, otherwise the Stored User Names and Passwords feature from the Pro versions could (in my opinion should) be used to connect the client user to the server with different passwords or even account names.

    Best greetings from Germany

    Olaf

    Friday, July 6, 2007 12:41 PM
    Moderator
  • Perhaps the connector install could handle this task?  When installing the connector, it could look to see if the user has a password for their account.  If so, then it could setup the user automatically on the server.  If not, maybe it could create an account on the server, request a password from the user, and set it up as a managed network password.  I know that you can manage network passwords on Vista Ultimate and XP Pro, but I'm not sure about other versions.  My laptop has XP Pro and my user account on it does not have a password.  I saved my userid and password for the server as a managed network password and it automatically connects me to the server without having to enter a password.
    Friday, July 6, 2007 4:13 PM
  • This was one of the decisions, clunky as it is, that is forced on WHS when workgroup was chosen over Active Directory. 

     

    Each PC is really its own island, and the only way to access the WHS island is with a user/password.  If you set the Desktop PC/User to the same as the WHS user/password, then WHS automatically accepts the credentials and allows access. 

     

    If the user/passwords get out of sync, then WHS will ask for a user/password combination because it does not match any credentials on the WHS.

     

    This handling of credentials goes deep into Windows and there is no way to avoid it. 

     

    If MS had chosen AD as the base for security, then user/passwords and accounts would be controlled across all machines from the WHS.  They made a clear decision NOT to handle things this way.  Probably had to do with Windows XP home and lack of AD awareness.

     

    In SBS, the connect computer wizard works VERY well to take local user accounts, convert them to AD, add the PC to the domain, and add user accounts if needed.  This actually works far better than I would have imagined before seeing it.

     

    Could MS add a create user and migrate profile? I would think so, the wizard is already created for SBS.

     

    Ken

     

     

     

    Saturday, August 4, 2007 5:17 PM
  • I do not think it is necessasry to do so!  I have not (for Beta and RC1) set "matching" user names and/or passwords - although on iniital boot I get a message on the client computer that the server user account does not martch the client, however connection proceeds.

     

    Also when the server boots it does ask for the "contol-Alt-delete" combo - however I ignore the message and do not proceed beyond that point, however the clients - Vista, XP and laptop- sucessfully connect and all functions, including access to shared folders is available.

     

    So,. if WHS functions by simply "turning on"  - completely headless - in fact the only indication of a successful boot is a "green" icon in task tray of the clients - creates a functional server it would seem that the only reason for a password would be to  actually work on the server.

    Saturday, August 4, 2007 7:46 PM
  • The reason why the usernames/password should match is so that they don't need to enter a second set of credentials when a user logs on to their own pc and wants to access WHS resources. Keeping them in sync lets each user have the option of only needing to remember one username and password rather than multiple ones. Of course you can simply set the password complexity to low and have your local users with no password.
    Sunday, August 5, 2007 5:52 PM
  • Regarding "The reason why the usernames/password should match is so that they don't need to enter a second set of credentials when a user logs on to their own pc and wants to access WHS resources...." - as I mentioned in my previous reply - I do not "use" usernames or passwords and am not required to provide them when logging on from any client.

    Monday, August 6, 2007 12:56 AM
  • Have you activated the Guest account on WHS? Or are you using auto-login on your client PCs? Either can allow what you describe to work.
    Monday, August 6, 2007 3:00 AM
    Moderator