none
Create shared folder with access to specific users RRS feed

  • Question

  • My company uses windows server 2012 without active directory. On the server's C drive we have a folder named "Shared Space". Inside this folder there are various subfolders for different departments, e.g Marketing Folder, Management folder, Procurement folder etc. 

    We want users to be able to access all folders except some folders, like "Management folder". If they try to access it then we want the system to ask a username and password. What is the simplest way to achieve this?
     

    Tuesday, September 24, 2019 2:04 PM

Answers

  • And we can not make it work.

    No one can help you if you do not tell us the details of what specifically "does not work". 

    Your reply is hard to read. Please edit it and remove the HTML markup.

    You need to tell us more about the user accounts and the share and folder permissions.  For starters, I do not recommend creating a share with spaces in the name. It's easier for users if you call it "SharedSpace" or "SharedData" or just "Data". 

    Since you are not using Active Directory, then you need to define local accounts with the same name and  password on both the server and on the workstation where the user logs in. Have you set up the accounts that way?

    What share permission have you defined? Open an admin command prompt and run the net share command. Copy and paste the results. Here is an example where I query the Utils share on my test VM.

    C:\WINDOWS\system32>net share utils
    Share name        Utils
    Path              C:\Utils
    Remark
    Maximum users     No limit
    Users
    Caching           Manual caching of documents
    Permission        Everyone, FULL

    The command completed successfully.

    Next we need to examine the permissions the folder. My Utils share points to C:\Utils.

    C:\WINDOWS\system32>icacls C:\utils
    C:\utils BUILTIN\Users:(OI)(CI)(F)
             BUILTIN\Administrators:(I)(OI)(CI)(F)
             NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
             BUILTIN\Users:(I)(OI)(CI)(RX)
             NT AUTHORITY\Authenticated Users:(I)(M)
             NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
    Successfully processed 1 files; Failed processing 0 files

    To verify that your clients can connect to the server, open a Powershell window on a client. Run these 2 commands. Replace 'test10b' with your server name.


    PS C:\> Test-NetConnection -ComputerName test10b -CommonTCPPort smb
    ComputerName     : test10b
    RemoteAddress    : 192.168.1.7
    RemotePort       : 445
    InterfaceAlias   : Wi-Fi
    SourceAddress    : 192.168.1.2
    TcpTestSucceeded : True

    PS C:\> net view test10b   
    Shared resources at test10b

    Share name     Type  Used as  Comment
    -------------------------------------------------------------------------------
    AdvancedShare  Disk
    SimpleShare    Disk
    Snafu          Disk
    Utils          Disk
    The command completed successfully.


    • Edited by MotoX80 Wednesday, October 16, 2019 5:03 PM
    • Marked as answer by dfalireas Sunday, October 27, 2019 6:08 PM
    Wednesday, October 16, 2019 4:55 PM

All replies

  • Hi,

    Thanks for your question.

    Yes, you could do this implementation as you want. We could share the parent folder “Shared Space” to everyone. then “disable inheritance” for the subfolders. Then we can share the subfolder to specific users and group.

    Since we didn’t include AD, simply share to local users and group who use credentials to access.

    We can refer to the following docs,

    How To Share Files and Folders over a Network for Workgroups

    https://support.microsoft.com/en-sg/help/323420/how-to-share-files-folders-over-a-network-for-workgroups-in-windows

    How to Give Permissions to a Shared Drive

    https://www.techwalla.com/articles/how-to-give-permissions-to-a-shared-drive

    How to manage shared folder permissions

    https://help.dropbox.com/files-folders/share/set-folder-permissions

    Hope above information can help you.

    Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, September 25, 2019 2:43 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, September 26, 2019 8:39 AM
    Moderator
  • Michael hi,

    thank you for your prompt and excellent reply. Unfortunately I am out of the office and I was not able to put your instructions to use, yet. I will do so the coming Wednesday, 2 October.

    Best regards,
    Dionisis

    Thursday, September 26, 2019 1:41 PM
  • Hi,

    How are things going on?

    Please feel free to let me know if you need further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, October 8, 2019 10:39 AM
    Moderator
  • Michael hi again,

    and please <g class="gr_ gr_21 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="21" id="21">fogrive</g> my delayed answer. We are facing the following problem <g class="gr_ gr_24 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="24" id="24">in</g> the solution you proposed.  The solution works INSIDE the server. For example, when a user is logged on to the server, he can create a folder and restrict access as you say. Then, if another user logs in the server then he will be prompted to enter credentials.

    But that is not exactly what we want. We want the users to be allowed (or denied access) when they try to access the shared folder from their LAN <g class="gr_ gr_23 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="23" id="23">PC's</g>. And we can not make it work. Although we followed the instructions, we have not managed this to work. We will keep trying to achieve this, however, please advise us, in case you can.

    I can give you access to with <g class="gr_ gr_20 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="20" id="20">anydesk</g>, in case you want to help us any further, or please advise further -if possible- on the issue. As I said, we can not make it work.

    Best regards,

    Dionisis Falireas
    Friday, October 11, 2019 2:24 PM
  • Michael hi,

    whenever it is possible please respond to my latest email

    Best regards,

    Dionisis Falireas
    Wednesday, October 16, 2019 12:59 PM
  • And we can not make it work.

    No one can help you if you do not tell us the details of what specifically "does not work". 

    Your reply is hard to read. Please edit it and remove the HTML markup.

    You need to tell us more about the user accounts and the share and folder permissions.  For starters, I do not recommend creating a share with spaces in the name. It's easier for users if you call it "SharedSpace" or "SharedData" or just "Data". 

    Since you are not using Active Directory, then you need to define local accounts with the same name and  password on both the server and on the workstation where the user logs in. Have you set up the accounts that way?

    What share permission have you defined? Open an admin command prompt and run the net share command. Copy and paste the results. Here is an example where I query the Utils share on my test VM.

    C:\WINDOWS\system32>net share utils
    Share name        Utils
    Path              C:\Utils
    Remark
    Maximum users     No limit
    Users
    Caching           Manual caching of documents
    Permission        Everyone, FULL

    The command completed successfully.

    Next we need to examine the permissions the folder. My Utils share points to C:\Utils.

    C:\WINDOWS\system32>icacls C:\utils
    C:\utils BUILTIN\Users:(OI)(CI)(F)
             BUILTIN\Administrators:(I)(OI)(CI)(F)
             NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
             BUILTIN\Users:(I)(OI)(CI)(RX)
             NT AUTHORITY\Authenticated Users:(I)(M)
             NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
    Successfully processed 1 files; Failed processing 0 files

    To verify that your clients can connect to the server, open a Powershell window on a client. Run these 2 commands. Replace 'test10b' with your server name.


    PS C:\> Test-NetConnection -ComputerName test10b -CommonTCPPort smb
    ComputerName     : test10b
    RemoteAddress    : 192.168.1.7
    RemotePort       : 445
    InterfaceAlias   : Wi-Fi
    SourceAddress    : 192.168.1.2
    TcpTestSucceeded : True

    PS C:\> net view test10b   
    Shared resources at test10b

    Share name     Type  Used as  Comment
    -------------------------------------------------------------------------------
    AdvancedShare  Disk
    SimpleShare    Disk
    Snafu          Disk
    Utils          Disk
    The command completed successfully.


    • Edited by MotoX80 Wednesday, October 16, 2019 5:03 PM
    • Marked as answer by dfalireas Sunday, October 27, 2019 6:08 PM
    Wednesday, October 16, 2019 4:55 PM
  • Hi MotoX80,

    thank you very much for your excellent reply. We have managed to accomplish what we want, because of your reply. The key point that we were missing was that the accounts that should exist on the server MUST necessarily have the same password as on the client Pc's. No matter how many articles we have read in the past, no one had mentioned this. 

    So we have managed to achieve our goal, that couldn't be done, without Michael's and your contribution. As this was a Critical task for us, I would like to thank you once more for taking some of your time to reply to us! 

    Best regards, 

    Dionisis Falireas

    Monday, October 21, 2019 10:19 AM