none
WHS vs Vista64 permissions weirdness RRS feed

  • Question

  • I have a server set up with WHS, a desktop with Vista home premium 64bit, and a laptop with Win7 beta.

    Everything has been working fine for months, but recently I have decided to create some "private" shares on the server that I can access from my desktop or laptop, but guests cannot.  I installed access-based enumeration on the server and configured a new folder to only be accessible to two new user accounts with the same names and passwords as the accounts on my desktop and laptop.

    The laptop can access the new folder, but the desktop cannot.  The desktop can still access the regular, public shares, but not the new limited-access folder or the new user folder that WHS created with the desktop's login name.  I have tried changing the user name on the desktop (including changing it to the same name as on my laptop) and on the WHS user account and triple checked the password.  I have tried logging off and back on several times, and power cycled both the desktop and the server.

    Just to make this extra weird, I tried creating a brand new user account on my desktop with the same user name as my laptop, and it worked

    Any thoughts?
    Thursday, August 6, 2009 12:27 AM

Answers

  • I have a server set up with WHS, a desktop with Vista home premium 64bit, and a laptop with Win7 beta.

    Everything has been working fine for months, but recently I have decided to create some "private" shares on the server that I can access from my desktop or laptop, but guests cannot.  I installed access-based enumeration on the server and configured a new folder to only be accessible to two new user accounts with the same names and passwords as the accounts on my desktop and laptop.

    FYI, installing anything from the server desktop is unsupported.  Besides, ABE doesn't do anything in terms of hiding shares (only folders and files).

    The laptop can access the new folder, but the desktop cannot.  The desktop can still access the regular, public shares, but not the new limited-access folder or the new user folder that WHS created with the desktop's login name.  I have tried changing the user name on the desktop (including changing it to the same name as on my laptop) and on the WHS user account and triple checked the password.  I have tried logging off and back on several times, and power cycled both the desktop and the server.

    Just to make this extra weird, I tried creating a brand new user account on my desktop with the same user name as my laptop, and it worked

    Any thoughts?
    Please check the FAQ post:  How to fix share access issues where user name and password are requested.  Although it's not your exact scenario, the solution steps might work.  If it doesn't help, what are the complete share and security permissions shown in the Properties?
    • Marked as answer by candre23 Thursday, August 6, 2009 2:49 AM
    Thursday, August 6, 2009 1:54 AM
    Moderator

All replies

  • I have a server set up with WHS, a desktop with Vista home premium 64bit, and a laptop with Win7 beta.

    Everything has been working fine for months, but recently I have decided to create some "private" shares on the server that I can access from my desktop or laptop, but guests cannot.  I installed access-based enumeration on the server and configured a new folder to only be accessible to two new user accounts with the same names and passwords as the accounts on my desktop and laptop.

    FYI, installing anything from the server desktop is unsupported.  Besides, ABE doesn't do anything in terms of hiding shares (only folders and files).

    The laptop can access the new folder, but the desktop cannot.  The desktop can still access the regular, public shares, but not the new limited-access folder or the new user folder that WHS created with the desktop's login name.  I have tried changing the user name on the desktop (including changing it to the same name as on my laptop) and on the WHS user account and triple checked the password.  I have tried logging off and back on several times, and power cycled both the desktop and the server.

    Just to make this extra weird, I tried creating a brand new user account on my desktop with the same user name as my laptop, and it worked

    Any thoughts?
    Please check the FAQ post:  How to fix share access issues where user name and password are requested.  Although it's not your exact scenario, the solution steps might work.  If it doesn't help, what are the complete share and security permissions shown in the Properties?
    • Marked as answer by candre23 Thursday, August 6, 2009 2:49 AM
    Thursday, August 6, 2009 1:54 AM
    Moderator
  • That FAQ post fixed the access problem, but not the overall issue of protecting certain folders from prying eyes.  Apparently, any permissions for one of the root shared folders are true for the children as well.  You cannot "share" a folder that is inside a shared folder (actually you can, but it acts very strangely), and without sharing a folder you cannot enable ABE or even hide it by appending a $ to the share name.  I could simply create a new root share and modify permissions for that, but manually created shares don't show up in the WHS console and therefore can't have redundancy turned on.

    I've solved the problem for myself by enabling ABE and modifying permissions for the "Recorded TV" share (which was empty, as I do not use it).  From now on I will keep non-public files in there.  It seems bizarre to me that MS would not consider the possibility that people might want to manage permissions (including file and folder visibility) at the folder level.
    Thursday, August 6, 2009 3:01 AM
  • That FAQ post fixed the access problem, but not the overall issue of protecting certain folders from prying eyes.  Apparently, any permissions for one of the root shared folders are true for the children as well.  You cannot "share" a folder that is inside a shared folder (actually you can, but it acts very strangely), and without sharing a folder you cannot enable ABE or even hide it by appending a $ to the share name.

    That's correct.

    I could simply create a new root share and modify permissions for that, but manually created shares don't show up in the WHS console and therefore can't have redundancy turned on.

    I've solved the problem for myself by enabling ABE and modifying permissions for the "Recorded TV" share (which was empty, as I do not use it).  From now on I will keep non-public files in there.  It seems bizarre to me that MS would not consider the possibility that people might want to manage permissions (including file and folder visibility) at the folder level.
    Not really.  The target market of the product (a non-technical user) wouldn't really know how to configure in depth sharing and security permissions at all (hence the simple Console interface).  Besides, changing the permissions at the folder level is not supported and (as you found out) can cause issues because of the way the groups are handled in the background.  However, you can always file your suggestion on Connect.
    Thursday, August 6, 2009 3:31 AM
    Moderator
  • Not really.  The target market of the product (a non-technical user) wouldn't really know how to configure in depth sharing and security permissions at all (hence the simple Console interface).  Besides, changing the permissions at the folder level is not supported and (as you found out) can cause issues because of the way the groups are handled in the background.  However, you can always file your suggestion on Connect .
    Providing a simple interface with basic options for non-technical users makes sense.  Ignoring common-sense features for the more technically-orientated does not.  One of the primary uses of WHS is for whole-house media serving.  Not all media is family friendly.  I can't be the only guy who wants to control what his kids can and can't access on his own server.  Access control should be a no-brainer.
    Thursday, August 6, 2009 3:56 AM
  • Providing a simple interface with basic options for non-technical users makes sense.  Ignoring common-sense features for the more technically-orientated does not.  One of the primary uses of WHS is for whole-house media serving.  Not all media is family friendly.  I can't be the only guy who wants to control what his kids can and can't access on his own server.  Access control should be a no-brainer.

    It already is.  Create a share through the Console for it and only allow your user account access to that share.  What can be simpler than that?
    Friday, August 7, 2009 4:01 AM
    Moderator