Active Directory and Network Shares

Archived from groups: microsoft.public.win2000.security (More info?)

I have a Windows 2000 Server computer with 1 Win2000 Pro, 8 XP Pro, and 2 XP
Home computers connecting. Currently it's set up almost like a P2P network
with shared printers and files scattered around several computers.
Of course, the important files are on the server and are backed up
regularly.

I have set up my users in Active Directory.
I noticed that to view a file share on the server the user has to provide
credentials from AD. The Win2000 box requires credentials from the local
machine, and the XP boxes don't require any credentials.

I would like to make it so all computers require credentials from AD to view
the shared printers and files.
What is the course you would recommend to accomplish this goal?

Thanks in advance,

Matthew
10 answers Last reply
More about active directory network shares
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Also, if the shares that are allowing transparent access
    on XP are on XP Pro machines, then there may be no
    request for authentication because of two reasons.
    1. the share may be allowing guest access
    or
    2. the share may be configured to allow domain users
    and the users are logging in with their domain accounts
    on the machine from which they access the share (and
    so behind the scenes they actually are being authenticated)

    You should move all sharing off from the XP Home
    and your overall setup issues will be simplified.
    If people logged into Home can access the shares on
    some other system easily, then you may need to examine
    how those shares are secured (and, if they log in with
    an account that does not agree with name and password
    with another account defined in the domain, then certainly
    you need to visit the security settings of those shares).

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Matthew" <turn.deletethis@alltel.net> wrote in message
    news:uqFoAcP2EHA.3408@tk2msftngp13.phx.gbl...
    > I have a Windows 2000 Server computer with 1 Win2000 Pro, 8 XP Pro, and 2
    XP
    > Home computers connecting. Currently it's set up almost like a P2P
    network
    > with shared printers and files scattered around several computers.
    > Of course, the important files are on the server and are backed up
    > regularly.
    >
    > I have set up my users in Active Directory.
    > I noticed that to view a file share on the server the user has to provide
    > credentials from AD. The Win2000 box requires credentials from the local
    > machine, and the XP boxes don't require any credentials.
    >
    > I would like to make it so all computers require credentials from AD to
    view
    > the shared printers and files.
    > What is the course you would recommend to accomplish this goal?
    >
    > Thanks in advance,
    >
    > Matthew
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    When using an Active Directory domain, domain users logon to the domain once
    and can normally access resources on domain computers that they have
    permissions to based on combination of share/ntfs permissions or permissions
    to printers. You can control access by adding the appropriated users/groups
    to the permissions for the shares/printers. Any resource that has
    permissions for the users or everyone group will be accessible to all domain
    users without a prompt for credentials. For the W2K box, check that
    users/everyone [or the appropriate domain group] has been added to the
    permissions for the share/printer you want domain users to access. As for XP
    Home, it is not a secure operating system like W2K or XP Pro is for
    networking because it uses "simple file sharing" which means that when you
    create a share on a XP Home computer that anyone can access the share and
    accesses it as guest. You can not add domain users to the access control
    lists of an XP Home computer like you can with an XP Pro computer. ---
    Steve


    "Matthew" <turn.deletethis@alltel.net> wrote in message
    news:uqFoAcP2EHA.3408@tk2msftngp13.phx.gbl...
    >I have a Windows 2000 Server computer with 1 Win2000 Pro, 8 XP Pro, and 2
    >XP
    > Home computers connecting. Currently it's set up almost like a P2P
    > network
    > with shared printers and files scattered around several computers.
    > Of course, the important files are on the server and are backed up
    > regularly.
    >
    > I have set up my users in Active Directory.
    > I noticed that to view a file share on the server the user has to provide
    > credentials from AD. The Win2000 box requires credentials from the local
    > machine, and the XP boxes don't require any credentials.
    >
    > I would like to make it so all computers require credentials from AD to
    > view
    > the shared printers and files.
    > What is the course you would recommend to accomplish this goal?
    >
    > Thanks in advance,
    >
    > Matthew
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    circa Fri, 3 Dec 2004 00:14:41 -0500, in
    microsoft.public.win2000.security, Matthew
    (turn.deletethis@alltel.net) said,
    > I would like to make it so all computers require credentials from AD to view
    > the shared printers and files.
    > What is the course you would recommend to accomplish this goal?
    >
    >
    If you want all of your computers to use AD accounts, the first thing
    you'll need to do is to join them to the domain that you created.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    > If you want all of your computers to use AD accounts, the first thing
    > you'll need to do is to join them to the domain that you created.

    Well, I guess I'll create my domain and go from there.

    Thanks to all for your help.

    Matthew
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    In article <eOEYNog2EHA.2876@TK2MSFTNGP12.phx.gbl>, in the
    microsoft.public.win2000.security news group, Matthew
    <turn.deletethis@alltel.net> says...

    > Well, I guess I'll create my domain and go from there.
    >

    If, as you said in your original post, you've got user accounts in
    Active Directory, then you've already got a domain.

    --
    Paul Adare
    "On two occasions, I have been asked [by members of Parliament],
    'Pray, Mr. Babbage, if you put into the machine wrong figures,
    will the right answers come out?' I am not able to rightly apprehend
    the kind of confusion of ideas that could provoke such a question."
    -- Charles Babbage (1791-1871)
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    > If, as you said in your original post, you've got user accounts in
    > Active Directory, then you've already got a domain.

    Sorry, I do have a domain. However, none of the clients are connected to
    it.
    They are just connecting to file shares on the server and entering their
    Active Directory credentials for access.

    Matthew
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    circa Sat, 4 Dec 2004 19:58:47 -0500, in
    microsoft.public.win2000.security, Matthew
    (turn.deletethis@alltel.net) said,
    > > If, as you said in your original post, you've got user accounts in
    > > Active Directory, then you've already got a domain.
    >
    > Sorry, I do have a domain. However, none of the clients are connected to
    > it.
    > They are just connecting to file shares on the server and entering their
    > Active Directory credentials for access.
    >
    I think that you'll find that joining them to the domain is going to
    gain you a lot of benefits above and beyond what has already been
    mentioned- domains exist to make management easier and security
    tighter than workgroup environments provide. Both good things.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
  8. Archived from groups: microsoft.public.win2000.security (More info?)

    > I think that you'll find that joining them to the domain is going to
    > gain you a lot of benefits above and beyond what has already been
    > mentioned- domains exist to make management easier and security
    > tighter than workgroup environments provide. Both good things.

    Thanks for the tip. Is there a resource you would recommend so I can
    quickly get up to speed on the workings of a domain?

    Matthew
  9. Archived from groups: microsoft.public.win2000.security (More info?)

    circa Sun, 5 Dec 2004 14:49:31 -0500, in
    microsoft.public.win2000.security, Matthew
    (turn.deletethis@alltel.net) said,
    > > I think that you'll find that joining them to the domain is going to
    > > gain you a lot of benefits above and beyond what has already been
    > > mentioned- domains exist to make management easier and security
    > > tighter than workgroup environments provide. Both good things.
    >
    > Thanks for the tip. Is there a resource you would recommend so I can
    > quickly get up to speed on the workings of a domain?
    >
    > Matthew
    >
    >
    >
    Oh, boy, that's a question with a whole lot of answers...a good place
    to start might be right here:

    http://www.microsoft.com/windowsserver2003/technologies/directory/act
    ivedirectory/default.mspx

    AKA

    http://tinyurl.com/i5q4

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
  10. Archived from groups: microsoft.public.win2000.security (More info?)

    http://www.ardice.com/Regional/Europe/Ireland/Limerick/Localities/Adare/
Ask a new question

Read More

Computers Active Directory Servers Windows