none
How to grant network access to Local user RRS feed

  • Question

  • here i go,

    i have join all my computers to my domain and all my users login into their computers as localusers. i try to shared a folder in 1 of the computer to other. i want to setup the folder to be access by certain computers in my domain. how am i able to do this? 

    i setup the shared permission in active directory and grant the access to computers instead of users or groupusers but when i access the shared folder it say i don't have permission to do so. so far i only able to access the sharefolder when i login as domain user, not as localuser.

    please do not ask me why. just let me know whether can it be done and how to do it.

    Sorry if i post in the wrong section

    Hope someone will reply me an answer.

    Tuesday, August 2, 2011 7:36 AM

Answers

  • Hi,

     

    When using a local account to access domain network share, you will be prompted to enter the user credential for the domain. Please note that all servers in a domain must be passed domain credentials. If the credentials passed are in a different context, then the file servers (member servers) of the domain will attempt to check their local user accounts only. If the credentials do not match, then the user is prompted for valid credentials (or access is not permitted).

     

    In your situation, the users are logging locally on the clients. This creates a user session in the LOCALMACHINE\USERNAME context. Because the user is not in the domain context, DOMAIN\USERNAME, any attempts to connect to domain resources will require either a server local account that matches the local machine credentials, or a prompt for new username/password.

     

    It is recommended to use domain user to access the domain resources. Meanwhile, if you insist, as a workaround, local accounts on each member server where the shared folders are stored will have to be created to directly map to the same username/password combinations the users are using on each local machine. For example, on client 1, local user named A, password xxxx, on the server which stores the shares, you need to create a local user named A with the same password xxxx.

     

    Thanks.

    Nina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Window_dummie Thursday, August 11, 2011 7:05 AM
    Friday, August 5, 2011 4:23 AM
    Moderator

All replies

  • give everyone full control and give a try and also Please try the following steps and let us know your results:1. Access the shared folder via \\ipaddress\. Access the shared folder via server's FQDN name \\server.mydomain.com\

    Tuesday, August 2, 2011 7:49 AM
  • Hi,

    Did you configure both "Share" and "NTFS" permissions ?

    Have a look here for more informations : http://msmvps.com/blogs/acefekay/archive/2011/02/04/share-permissions-and-ntfs-permissions-folder-access-control-amp-folder-permissions.aspx


    http://blog.simaju.fr - Partage de connaissances et retour d'expériences.
    Tuesday, August 2, 2011 7:54 AM
  • Hello,

    If your users will RDP the server then you can only add NTFS permissions.

    If not, you have to add correct NTFS and Share permissions for users.

    If you grant access to local users then once prompted you have to specify computername\username and the password (computername is the local of your computer and username is a local user).

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Tuesday, August 2, 2011 8:07 AM
  • while you can add computer accounts to the permissions (you have to add the computer object in objects), i dont think it will solve your task, as a user will try to authenticate via his user token when accessing network resources and dosnt use the computer token

    as far as i can remember, network service tries to access other machines resources via the computer account permission, but i cant find the source for it atm

    Tuesday, August 2, 2011 9:48 AM
  • http://technet.microsoft.com/en-us/library/bb680595.aspx

    here is an actual reference in the docu, see the "The Local System account does not have any rights to access the network. When network access is necessary, Local System uses the account Domain\computername$. " part. but like said above, a user will always (afaik) use his user account token to authenticate

    Tuesday, August 2, 2011 9:54 AM
  • Hi,

     

    When using a local account to access domain network share, you will be prompted to enter the user credential for the domain. Please note that all servers in a domain must be passed domain credentials. If the credentials passed are in a different context, then the file servers (member servers) of the domain will attempt to check their local user accounts only. If the credentials do not match, then the user is prompted for valid credentials (or access is not permitted).

     

    In your situation, the users are logging locally on the clients. This creates a user session in the LOCALMACHINE\USERNAME context. Because the user is not in the domain context, DOMAIN\USERNAME, any attempts to connect to domain resources will require either a server local account that matches the local machine credentials, or a prompt for new username/password.

     

    It is recommended to use domain user to access the domain resources. Meanwhile, if you insist, as a workaround, local accounts on each member server where the shared folders are stored will have to be created to directly map to the same username/password combinations the users are using on each local machine. For example, on client 1, local user named A, password xxxx, on the server which stores the shares, you need to create a local user named A with the same password xxxx.

     

    Thanks.

    Nina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Window_dummie Thursday, August 11, 2011 7:05 AM
    Friday, August 5, 2011 4:23 AM
    Moderator