locked
Share Permissions RRS feed

  • Question

  •  

    Now that I have been using WHS for a few days now I must say I absolutlely LOVE it.  I have built 2 other vista machines and I did full updates and installed a few programs and HSC and ran a backup of that and when i got home from work i shut it down put in a different hard disk and ran restore cd and volia it was just like it was.  PERFECT!!

     

    One of my goals for whs was the above and the other was to store my media in one place which i have done.  I can put the files in the respective places and set permissions for remote users etc. but since the connect software installs on all my home computers and logs in as administrator then the shares in windows explorer are with full access for those computers.  Did I miss something or is there another setting that has to be set?  I would like family members to put files in public for me to move to the media folders or to their own folders for me to move later.  I am more worried about them deleting the files though as i am only storing on WHS machine now.  I have spent countless hrs organizing the music directories and tags and don't want them changed or deleted is what brings this all up.  The remote access part works fine as I had a friend try to delete something.  Do I have everything wrong or does every computer with WHSC software connect as an admin and give those permissions of full access?  It never asks me if I want to create another account with the logon info for the maching i am installing the connector software on.

     

    Thank you,

     

    Matt Morgano   

    Wednesday, December 19, 2007 2:55 AM

Answers

  •  MrMatt68 wrote:
    Now that I have been using WHS for a few days now I must say I absolutlely LOVE it.  I have built 2 other vista machines and I did full updates and installed a few programs and HSC and ran a backup of that and when i got home from work i shut it down put in a different hard disk and ran restore cd and volia it was just like it was.  PERFECT!!

     

    One of my goals for whs was the above and the other was to store my media in one place which i have done.  I can put the files in the respective places and set permissions for remote users etc. but since the connect software installs on all my home computers and logs in as administrator then the shares in windows explorer are with full access for those computers.

     

    The connector software has nothing to do with share permissions (other than creating the permissions in the first place).  You need to create additional users in the console (using the logon names of your family members) and set their permissions accordingly.  Then, when they log in to their computers with their usernames and passwords and access the server, they will only have whatever permissions you assigned them in the console.  There is no reason to give anyone in your family the administrator password for the console.

     

     MrMatt68 wrote:
    Did I miss something or is there another setting that has to be set?  I would like family members to put files in public for me to move to the media folders or to their own folders for me to move later.  I am more worried about them deleting the files though as i am only storing on WHS machine now.  I have spent countless hrs organizing the music directories and tags and don't want them changed or deleted is what brings this all up.  The remote access part works fine as I had a friend try to delete something.  Do I have everything wrong or does every computer with WHSC software connect as an admin and give those permissions of full access?  It never asks me if I want to create another account with the logon info for the maching i am installing the connector software on.

     

    Thank you,

     

    Matt Morgano   

    Wednesday, December 19, 2007 3:18 AM
    Moderator
  • The Administrator account (on WHS) has nothing to do with it.
    By default, the the account used to log-on to the local machine (provided that there's a matching account set up in WHS > User Accounts) is used to authenticate to the shares.  Said account's access is determined by the share properties (also controlled in the Console, under the Shared Folders tab.)
    If, however, said account doesn't have a match on WHS, it's accorded Guest access (if you've enabled the Guest account.)  I can't recall off the top of my head if MS gave Guest full control or read-only access (as default) on the Public and Media shares.

    In any event, you can tweak the permissions on the shares to your liking from the console (as mentioned earlier, in the Shares tab.)

     

    If you have your own machine (one that only you use), from how you say you want to set things up, it sounds like you'd be best off giving everyone full control on their own shares (of course), read-only on the Media and Software shares, and full control on Public.  Give your account full control on everything (you are, of course, the network admin.) 
    Do with Guest access as you see fit (for me, Guest has read-only on Public, Software, and the media shares, no access to the Users shares.  Each user has full control on their own shares, as well as on all of the Media shares; my account has full control on everything - I AM the admin, after all.)

    Wednesday, December 19, 2007 3:24 AM
  •  

    I found this http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=2575857&SiteID=50 and followed the directions and it worked perfectly and now all it right in the world.

     

    when i do a complete restore do i have to have the exact same size hd or just something bigger?

     

    thanks again,

     

    Matt

    Wednesday, December 19, 2007 10:45 PM

All replies

  •  MrMatt68 wrote:
    Now that I have been using WHS for a few days now I must say I absolutlely LOVE it.  I have built 2 other vista machines and I did full updates and installed a few programs and HSC and ran a backup of that and when i got home from work i shut it down put in a different hard disk and ran restore cd and volia it was just like it was.  PERFECT!!

     

    One of my goals for whs was the above and the other was to store my media in one place which i have done.  I can put the files in the respective places and set permissions for remote users etc. but since the connect software installs on all my home computers and logs in as administrator then the shares in windows explorer are with full access for those computers.

     

    The connector software has nothing to do with share permissions (other than creating the permissions in the first place).  You need to create additional users in the console (using the logon names of your family members) and set their permissions accordingly.  Then, when they log in to their computers with their usernames and passwords and access the server, they will only have whatever permissions you assigned them in the console.  There is no reason to give anyone in your family the administrator password for the console.

     

     MrMatt68 wrote:
    Did I miss something or is there another setting that has to be set?  I would like family members to put files in public for me to move to the media folders or to their own folders for me to move later.  I am more worried about them deleting the files though as i am only storing on WHS machine now.  I have spent countless hrs organizing the music directories and tags and don't want them changed or deleted is what brings this all up.  The remote access part works fine as I had a friend try to delete something.  Do I have everything wrong or does every computer with WHSC software connect as an admin and give those permissions of full access?  It never asks me if I want to create another account with the logon info for the maching i am installing the connector software on.

     

    Thank you,

     

    Matt Morgano   

    Wednesday, December 19, 2007 3:18 AM
    Moderator
  • The Administrator account (on WHS) has nothing to do with it.
    By default, the the account used to log-on to the local machine (provided that there's a matching account set up in WHS > User Accounts) is used to authenticate to the shares.  Said account's access is determined by the share properties (also controlled in the Console, under the Shared Folders tab.)
    If, however, said account doesn't have a match on WHS, it's accorded Guest access (if you've enabled the Guest account.)  I can't recall off the top of my head if MS gave Guest full control or read-only access (as default) on the Public and Media shares.

    In any event, you can tweak the permissions on the shares to your liking from the console (as mentioned earlier, in the Shares tab.)

     

    If you have your own machine (one that only you use), from how you say you want to set things up, it sounds like you'd be best off giving everyone full control on their own shares (of course), read-only on the Media and Software shares, and full control on Public.  Give your account full control on everything (you are, of course, the network admin.) 
    Do with Guest access as you see fit (for me, Guest has read-only on Public, Software, and the media shares, no access to the Users shares.  Each user has full control on their own shares, as well as on all of the Media shares; my account has full control on everything - I AM the admin, after all.)

    Wednesday, December 19, 2007 3:24 AM
  •  

    Ok I did that.....but i can still delete files from the server.....I guess i have to reboot and not log into in console on that machine?

     

    Matt

    Wednesday, December 19, 2007 3:25 AM
  •  MrMatt68 wrote:
    Ok I did that.....but i can still delete files from the server.....I guess i have to reboot and not log into in console on that machine?

     

    Matt

     

    Opening/not opening the console makes no difference.  The console is only for admin functions (and backups).  It's based strictly on username account permission.  But yes, you need to reboot the client PC (actually, log off will be enough).

    Wednesday, December 19, 2007 3:39 AM
    Moderator
  • And, re-reading your first post has jogged my memory a bit.
    By default, Guest gets full control on the Public and media shares.  Since you haven't created any user accounts on the WHS (via the console), all of your users are getting the Guest account's access permissions (read:  full control) to the shares.
    Create your user accounts on the WHS, tweak the share permissions as you see fit (simple click-n-go operation:  Shared Folders tab > right-click share > properties, select 'full control', 'read', or 'none' for each user), and your problems (and fears) will go away.
    Also, if you give your users strong passswords (reminder that the usernames & passwords need to match exactly on both WHS & workstation, and are both case-sensitive), you can give them offsite (internet) access to the shares, as well.  No password (or weak password) = no access from the interwebs.

     

    And, kariya:  Nice tag-team!  Smile

     

    *Edit:  took too long to type again...  Sad

    Wednesday, December 19, 2007 3:41 AM
  •  cuppie wrote:
    The Administrator account (on WHS) has nothing to do with it.
    By default, the the account used to log-on to the local machine (provided that there's a matching account set up in WHS > User Accounts) is used to authenticate to the shares.  Said account's access is determined by the share properties (also controlled in the Console, under the Shared Folders tab.)
    If, however, said account doesn't have a match on WHS, it's accorded Guest access (if you've enabled the Guest account.)  I can't recall off the top of my head if MS gave Guest full control or read-only access (as default) on the Public and Media shares.

     

    Guest account is disabled by default.

     

     cuppie wrote:
    In any event, you can tweak the permissions on the shares to your liking from the console (as mentioned earlier, in the Shares tab.)

     

    If you have your own machine (one that only you use), from how you say you want to set things up, it sounds like you'd be best off giving everyone full control on their own shares (of course), read-only on the Media and Software shares, and full control on Public.  Give your account full control on everything (you are, of course, the network admin.) 
    Do with Guest access as you see fit (for me, Guest has read-only on Public, Software, and the media shares, no access to the Users shares.  Each user has full control on their own shares, as well as on all of the Media shares; my account has full control on everything - I AM the admin, after all.)

    Wednesday, December 19, 2007 3:42 AM
    Moderator
  • True.
    But, IIRC, once enabled, it's given full control on the Public & media shares?
    So many other things dealt with since server was set up 2-ish months ago, memory gets a little hazy sometimes....  Indifferent

    Wednesday, December 19, 2007 3:45 AM
  • I have done exactly as described......I rebooted and it said passwords didn't match i completed wizard and rebooted and i can still go to windows explorer and delete a file in the software directory which is set as read only for that account.  I noticed that my account on this machine is set as admin.  Would that have any effect?

     

    Thanks alot guys,

     

    Matt

    Wednesday, December 19, 2007 3:51 AM
  • I just put a monitor and stuff on the WHS machine and went to network in windows explorer and see that there are 4 computers listed and i only have 3 - 2 clients and one 1 - WHS machine.......this other machine is listed as oc8861710986153 and if i click to browse it asks for username and password.  Do I have a virus?  BTW guest account is off and directory permissions on the server match what i set from within the console.  I can't see the other user account folders though which is how i have them set.  Should i delete that account and try again?

    Wednesday, December 19, 2007 4:08 AM
  •  cuppie wrote:
    True.
    But, IIRC, once enabled, it's given full control on the Public & media shares?

     

    Hmmmmm, could be (I don't remember now)

     

     cuppie wrote:
    So many other things dealt with since server was set up 2-ish months ago, memory gets a little hazy sometimes.... 

     

    Same here (I can't even remember what I had for breakfast this morning Wink  )

    Wednesday, December 19, 2007 5:22 AM
    Moderator
  •  MrMatt68 wrote:
    I just put a monitor and stuff on the WHS machine and went to network in windows explorer and see that there are 4 computers listed and i only have 3 - 2 clients and one 1 - WHS machine.......this other machine is listed as oc8861710986153 and if i click to browse it asks for username and password.  Do I have a virus?

     

    I don't think so.  Do you have a wireless network?  If so, do you have security set up on it?  Do you have another networked device (Wii, XBox 360, PS3)?

     

     MrMatt68 wrote:
    BTW guest account is off and directory permissions on the server match what i set from within the console.  I can't see the other user account folders though which is how i have them set.  Should i delete that account and try again?

     

    You can try it, but it shouldn't be necessary.  I would start by creating one user on WHS for you (and match the username and password to whatever you use to logon to your client PC).  Then modify the permissions for that user to the setup you want.  Then reboot both server and client.  Then try accessing the server and see if it works....

     

    Wednesday, December 19, 2007 5:26 AM
    Moderator
  •  MrMatt68 wrote:
    I have done exactly as described......I rebooted and it said passwords didn't match i completed wizard and rebooted and i can still go to windows explorer and delete a file in the software directory which is set as read only for that account.  I noticed that my account on this machine is set as admin.  Would that have any effect?

     

    Thanks alot guys,

     

    Matt

     

    No, the server credentials are based on what you use to logon to the client PC.  In other words, if you logon to your client PC as Matt with password 1234 (I know, really secure Wink ) and have a user account on the server called Matt with password 1234, the server should automatically grant you access based on the share permissions you created for Matt in the WHS console.  You can try rebooting the server and client once you have everything set up, but it shouldn't be necessary.

    Wednesday, December 19, 2007 5:30 AM
    Moderator
  • That other computer that was listed on the network was coming from this machine.....when i double clicked it from this computer it took me to my public documents for whatever reason but after a reboot that computer name disappeared from the network on all the computers.....problem solved i guess.

     

     

    Ok I understand and have figured out that the login credentials are used for the server also.  Problem now is on my other computer;  i'll call it matt-kitchen;  when i log in now that i have an account called matt-kitchen on server it says passwords don't match and i run the wizard and it says that they match then I try to delete a file from a read only share and i still can so then i reboot or log off makes no difference and it says passwords don't match again.....i have tried keeping the server one and the local one......just keeps going through this loop.  I am guessing that this may be causing my problem.  Also i have deleted all user accounts from the server and recreated them and still the same effect.  This computer (matt-livingroom) works right.....obeys the permissions i set in the console.

     

    I have run out of ideas,

     

    Matt

    Wednesday, December 19, 2007 10:15 PM
  •  

    I found this http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=2575857&SiteID=50 and followed the directions and it worked perfectly and now all it right in the world.

     

    when i do a complete restore do i have to have the exact same size hd or just something bigger?

     

    thanks again,

     

    Matt

    Wednesday, December 19, 2007 10:45 PM