Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, September 24, 2019 2:04 PM
My company uses windows server 2012 without active directory. On the server's C drive we have a folder named "Shared Space". Inside this folder there are various subfolders for different departments, e.g Marketing Folder, Management folder, Procurement folder etc.
We want users to be able to access all folders except some folders, like "Management folder". If they try to access it then we want the system to ask a username and password. What is the simplest way to achieve this?
All replies (13)
Wednesday, October 16, 2019 4:55 PM ✅Answered
And we can not make it work.
No one can help you if you do not tell us the details of what specifically "does not work".
Your reply is hard to read. Please edit it and remove the HTML markup.
You need to tell us more about the user accounts and the share and folder permissions. For starters, I do not recommend creating a share with spaces in the name. It's easier for users if you call it "SharedSpace" or "SharedData" or just "Data".
Since you are not using Active Directory, then you need to define local accounts with the same name and password on both the server and on the workstation where the user logs in. Have you set up the accounts that way?
What share permission have you defined? Open an admin command prompt and run the net share command. Copy and paste the results. Here is an example where I query the Utils share on my test VM.
C:\WINDOWS\system32>net share utils
Share name Utils
Path C:\Utils
Remark
Maximum users No limit
Users
Caching Manual caching of documents
Permission Everyone, FULL
The command completed successfully.
Next we need to examine the permissions the folder. My Utils share points to C:\Utils.
C:\WINDOWS\system32>icacls C:\utils
C:\utils BUILTIN\Users:(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
Successfully processed 1 files; Failed processing 0 files
To verify that your clients can connect to the server, open a Powershell window on a client. Run these 2 commands. Replace 'test10b' with your server name.
PS C:\ Test-NetConnection -ComputerName test10b -CommonTCPPort smb
ComputerName : test10b
RemoteAddress : 192.168.1.7
RemotePort : 445
InterfaceAlias : Wi-Fi
SourceAddress : 192.168.1.2
TcpTestSucceeded : True
PS C:\ net view test10b
Shared resources at test10b
Share name Type Used as Comment
AdvancedShare Disk
SimpleShare Disk
Snafu Disk
Utils Disk
The command completed successfully.
Wednesday, September 25, 2019 2:43 AM
Hi,
Thanks for your question.
Yes, you could do this implementation as you want. We could share the parent folder “Shared Space” to everyone. then “disable inheritance” for the subfolders. Then we can share the subfolder to specific users and group.
Since we didn’t include AD, simply share to local users and group who use credentials to access.
We can refer to the following docs,
How To Share Files and Folders over a Network for Workgroups
How to Give Permissions to a Shared Drive
https://www.techwalla.com/articles/how-to-give-permissions-to-a-shared-drive
How to manage shared folder permissions
https://help.dropbox.com/files-folders/share/set-folder-permissions
Hope above information can help you.
Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, September 26, 2019 8:39 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, September 26, 2019 1:41 PM
Michael hi,
thank you for your prompt and excellent reply. Unfortunately I am out of the office and I was not able to put your instructions to use, yet. I will do so the coming Wednesday, 2 October.
Best regards,
Dionisis
Tuesday, October 8, 2019 10:39 AM
Hi,
How are things going on?
Please feel free to let me know if you need further assistance.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, October 11, 2019 2:24 PM
Michael hi again,
and please <g class="gr_ gr_21 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="21" id="21">fogrive</g> my delayed answer. We are facing the following problem <g class="gr_ gr_24 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="24" id="24">in</g> the solution you proposed. The solution works INSIDE the server. For example, when a user is logged on to the server, he can create a folder and restrict access as you say. Then, if another user logs in the server then he will be prompted to enter credentials.
But that is not exactly what we want. We want the users to be allowed (or denied access) when they try to access the shared folder from their LAN <g class="gr_ gr_23 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="23" id="23">PC's</g>. And we can not make it work. Although we followed the instructions, we have not managed this to work. We will keep trying to achieve this, however, please advise us, in case you can.
I can give you access to with <g class="gr_ gr_20 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="20" id="20">anydesk</g>, in case you want to help us any further, or please advise further -if possible- on the issue. As I said, we can not make it work.
Best regards,
Dionisis Falireas
Wednesday, October 16, 2019 12:59 PM
Michael hi,
whenever it is possible please respond to my latest email
Best regards,
Dionisis Falireas
Monday, October 21, 2019 10:19 AM
Hi MotoX80,
thank you very much for your excellent reply. We have managed to accomplish what we want, because of your reply. The key point that we were missing was that the accounts that should exist on the server MUST necessarily have the same password as on the client Pc's. No matter how many articles we have read in the past, no one had mentioned this.
So we have managed to achieve our goal, that couldn't be done, without Michael's and your contribution. As this was a Critical task for us, I would like to thank you once more for taking some of your time to reply to us!
Best regards,
Dionisis Falireas
Tuesday, November 26, 2019 11:25 AM
Hi everyone,
as I have written on my previous reply, everything worked fine for us, after your explanations. However, we are facing a strange problem with only one of the PC's and I am wondering if you can help. One specific PC lets name it for convenience “Test PC”, for some reason can’t view a shared folder that it is shared to it from the server.
This PC is set up like all the rest, and while all the rest can see the shared folders, this PC can not. We have used exactly the same procedure to set up the shared folders like in any other PC's. It has the same local user administrator name and same local administrator name in server. We ping the server from the Test PC and everything works fine. We shared the folder to Test PC and the PC next to it because they are connected in the same switch and the PC next to it, can view the folder. perfectly.
Do you have any idea what could cause the problem?
Best regards,
Dionisis Falireas
Tuesday, November 26, 2019 1:35 PM
Accessing file shares seems to be a common problem on this forum. I am trying to develop a Powershell script to help users. You can try it and see if it helps you. Run it on both of those machines and see if produces different output.
Copy and paste it from https://social.technet.microsoft.com/Forums/en-US/f540d1fa-cd72-403c-a746-300ac1dad036/unc-path-not-able-to-access-but-able-to-rdp?forum=winserverfiles
Thursday, December 5, 2019 3:22 PM
Hi MotoX80,
Thank you for your reply. I did what you said and the result was this:
Found {0} files/folders in admin$ share." -f $files.count
SmbTest.ps1 Version 1.2
Running on GRAMMATEIA-2 as user grammateia-2\grammateia-2
You are running Powershell in administrator mode.
You are a member of the administrators group.
Please enter the name of the target machine.: GRAMMATEIA 2
FQDN =
Analyzing network adapters
Found - Wi-Fi - Dell Wireless 1705 802.11b/g/n (2.4GHZ)
Wi-Fi status is Disconnected
Found - Ethernet - Realtek PCIe GBE Family Controller
IP Address is 172.16.10.132, Gateway is 172.16.10.1
Gateway Ping successful
This computer's domain is GRAMMATEIA-2
Doing name lookup on target system GRAMMATEIA 2
Name lookup failed!!!!
Please enter the IP address of the target system.: 172.16.10.132
I will attempt to continue using the IP address in place of the computer name.
Now lets look at the target IP.
Target computer's domain is GRAMMATEIA-2
Domains match, this is good.
Your DNS Search Suffix list does not contain GRAMMATEIA-2
This is a problem and should be fixed!!!!!!!
Testing SMB access...
SMB test was successful.
Looking for shares...
Net view ran.
I found these shares.
There are no entries in the list.
Testing admin shares
Found 14 files/folders in c$ share.
Found 103 files/folders in admin$ share.
The PC "Grammateia 2" is the "Test PC" from my previous answer. the one with the problem.
Please advise
Best regards,
Dionisis Falireas
Thursday, December 5, 2019 4:40 PM
Running on GRAMMATEIA-2 as user grammateia-2\grammateia-2
You are running Powershell in administrator mode.
You are a member of the administrators group.
Please enter the name of the target machine.: GRAMMATEIA 2s
You're running on the machine named GRAMMATEIA-2 (GRAMMATEIA dash 2) and you are testing GRAMMATEIA 2 (GRAMMATEIA space 2)????? Do you really have a space in the name? I did not think that was possible. If it is possible, I highly recommend NOT doing that.
The target machine should be the server that GRAMMATEIA-2 is not able to access.
Friday, December 6, 2019 4:10 PM
Thank you MotoX80,
The problem was that I created an administrator in the server with the name Grammateia 2, and the user in the PC was Grammateia 2, but the root user (C:/Users/) of the PC was Grammateia-2.
Thanks again for your time
Best Regards
Dionisis Falireas