Sign in with
Sign up | Sign in
Your question

Active Directory and Network Shares

Tags:
  • Computers
  • Active Directory
  • Servers
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
December 3, 2004 3:14:41 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I have a Windows 2000 Server computer with 1 Win2000 Pro, 8 XP Pro, and 2 XP
Home computers connecting. Currently it's set up almost like a P2P network
with shared printers and files scattered around several computers.
Of course, the important files are on the server and are backed up
regularly.

I have set up my users in Active Directory.
I noticed that to view a file share on the server the user has to provide
credentials from AD. The Win2000 box requires credentials from the local
machine, and the XP boxes don't require any credentials.

I would like to make it so all computers require credentials from AD to view
the shared printers and files.
What is the course you would recommend to accomplish this goal?

Thanks in advance,

Matthew

More about : active directory network shares

Anonymous
December 3, 2004 4:02:24 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Also, if the shares that are allowing transparent access
on XP are on XP Pro machines, then there may be no
request for authentication because of two reasons.
1. the share may be allowing guest access
or
2. the share may be configured to allow domain users
and the users are logging in with their domain accounts
on the machine from which they access the share (and
so behind the scenes they actually are being authenticated)

You should move all sharing off from the XP Home
and your overall setup issues will be simplified.
If people logged into Home can access the shares on
some other system easily, then you may need to examine
how those shares are secured (and, if they log in with
an account that does not agree with name and password
with another account defined in the domain, then certainly
you need to visit the security settings of those shares).

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Matthew" <turn.deletethis@alltel.net> wrote in message
news:uqFoAcP2EHA.3408@tk2msftngp13.phx.gbl...
> I have a Windows 2000 Server computer with 1 Win2000 Pro, 8 XP Pro, and 2
XP
> Home computers connecting. Currently it's set up almost like a P2P
network
> with shared printers and files scattered around several computers.
> Of course, the important files are on the server and are backed up
> regularly.
>
> I have set up my users in Active Directory.
> I noticed that to view a file share on the server the user has to provide
> credentials from AD. The Win2000 box requires credentials from the local
> machine, and the XP boxes don't require any credentials.
>
> I would like to make it so all computers require credentials from AD to
view
> the shared printers and files.
> What is the course you would recommend to accomplish this goal?
>
> Thanks in advance,
>
> Matthew
>
>
Anonymous
December 3, 2004 10:38:53 AM

Archived from groups: microsoft.public.win2000.security (More info?)

When using an Active Directory domain, domain users logon to the domain once
and can normally access resources on domain computers that they have
permissions to based on combination of share/ntfs permissions or permissions
to printers. You can control access by adding the appropriated users/groups
to the permissions for the shares/printers. Any resource that has
permissions for the users or everyone group will be accessible to all domain
users without a prompt for credentials. For the W2K box, check that
users/everyone [or the appropriate domain group] has been added to the
permissions for the share/printer you want domain users to access. As for XP
Home, it is not a secure operating system like W2K or XP Pro is for
networking because it uses "simple file sharing" which means that when you
create a share on a XP Home computer that anyone can access the share and
accesses it as guest. You can not add domain users to the access control
lists of an XP Home computer like you can with an XP Pro computer. ---
Steve



"Matthew" <turn.deletethis@alltel.net> wrote in message
news:uqFoAcP2EHA.3408@tk2msftngp13.phx.gbl...
>I have a Windows 2000 Server computer with 1 Win2000 Pro, 8 XP Pro, and 2
>XP
> Home computers connecting. Currently it's set up almost like a P2P
> network
> with shared printers and files scattered around several computers.
> Of course, the important files are on the server and are backed up
> regularly.
>
> I have set up my users in Active Directory.
> I noticed that to view a file share on the server the user has to provide
> credentials from AD. The Win2000 box requires credentials from the local
> machine, and the XP boxes don't require any credentials.
>
> I would like to make it so all computers require credentials from AD to
> view
> the shared printers and files.
> What is the course you would recommend to accomplish this goal?
>
> Thanks in advance,
>
> Matthew
>
Related resources
Anonymous
December 4, 2004 3:33:38 AM

Archived from groups: microsoft.public.win2000.security (More info?)

circa Fri, 3 Dec 2004 00:14:41 -0500, in
microsoft.public.win2000.security, Matthew
(turn.deletethis@alltel.net) said,
> I would like to make it so all computers require credentials from AD to view
> the shared printers and files.
> What is the course you would recommend to accomplish this goal?
>
>
If you want all of your computers to use AD accounts, the first thing
you'll need to do is to join them to the domain that you created.

Laura
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
Anonymous
December 4, 2004 12:03:34 PM

Archived from groups: microsoft.public.win2000.security (More info?)

> If you want all of your computers to use AD accounts, the first thing
> you'll need to do is to join them to the domain that you created.

Well, I guess I'll create my domain and go from there.

Thanks to all for your help.

Matthew
Anonymous
December 4, 2004 12:55:35 PM

Archived from groups: microsoft.public.win2000.security (More info?)

In article <eOEYNog2EHA.2876@TK2MSFTNGP12.phx.gbl>, in the
microsoft.public.win2000.security news group, Matthew
<turn.deletethis@alltel.net> says...

> Well, I guess I'll create my domain and go from there.
>

If, as you said in your original post, you've got user accounts in
Active Directory, then you've already got a domain.

--
Paul Adare
"On two occasions, I have been asked [by members of Parliament],
'Pray, Mr. Babbage, if you put into the machine wrong figures,
will the right answers come out?' I am not able to rightly apprehend
the kind of confusion of ideas that could provoke such a question."
-- Charles Babbage (1791-1871)
Anonymous
December 4, 2004 10:58:47 PM

Archived from groups: microsoft.public.win2000.security (More info?)

> If, as you said in your original post, you've got user accounts in
> Active Directory, then you've already got a domain.

Sorry, I do have a domain. However, none of the clients are connected to
it.
They are just connecting to file shares on the server and entering their
Active Directory credentials for access.

Matthew
Anonymous
December 5, 2004 4:58:24 PM

Archived from groups: microsoft.public.win2000.security (More info?)

circa Sat, 4 Dec 2004 19:58:47 -0500, in
microsoft.public.win2000.security, Matthew
(turn.deletethis@alltel.net) said,
> > If, as you said in your original post, you've got user accounts in
> > Active Directory, then you've already got a domain.
>
> Sorry, I do have a domain. However, none of the clients are connected to
> it.
> They are just connecting to file shares on the server and entering their
> Active Directory credentials for access.
>
I think that you'll find that joining them to the domain is going to
gain you a lot of benefits above and beyond what has already been
mentioned- domains exist to make management easier and security
tighter than workgroup environments provide. Both good things.

Laura
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
Anonymous
December 5, 2004 5:49:31 PM

Archived from groups: microsoft.public.win2000.security (More info?)

> I think that you'll find that joining them to the domain is going to
> gain you a lot of benefits above and beyond what has already been
> mentioned- domains exist to make management easier and security
> tighter than workgroup environments provide. Both good things.

Thanks for the tip. Is there a resource you would recommend so I can
quickly get up to speed on the workings of a domain?

Matthew
Anonymous
December 6, 2004 12:20:10 AM

Archived from groups: microsoft.public.win2000.security (More info?)

circa Sun, 5 Dec 2004 14:49:31 -0500, in
microsoft.public.win2000.security, Matthew
(turn.deletethis@alltel.net) said,
> > I think that you'll find that joining them to the domain is going to
> > gain you a lot of benefits above and beyond what has already been
> > mentioned- domains exist to make management easier and security
> > tighter than workgroup environments provide. Both good things.
>
> Thanks for the tip. Is there a resource you would recommend so I can
> quickly get up to speed on the workings of a domain?
>
> Matthew
>
>
>
Oh, boy, that's a question with a whole lot of answers...a good place
to start might be right here:

http://www.microsoft.com/windowsserver2003/technologies...
ivedirectory/default.mspx

AKA

http://tinyurl.com/i5q4

Laura
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
!