IT tutorials
 
Technology
 

Windows 7 : Using a Windows Network - Security and File Sharing

9/26/2013 1:59:02 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

As the preceding note says, Windows 7 computers only let network users see the presence of files and folders that they actually have permission to use, based in most cases on their username and password. It’s worth explaining just how that permission is determined. It’s not that difficult a topic, but it’s complicated by the fact that there are several different ways that permissions are calculated by Windows networking, depending on settings and the versions of Windows you encounter. In the following discussion, I refer to “files,” but the issues are the same for both the files and folders inside any shared folder.

There are two levels of security involved when Windows grants a user access to a file over a network: permission settings on the file itself, which would apply if the user logged on at the computer directly, and “network permissions,” which can add additional restrictions when the file is accessed over the network, but can’t grant any additional permissions that a user wouldn’t have if he or she tried to access the file while logged in directly to the computer. I’ll explain why this is done shortly. Let’s look at file permissions first.

File Permissions and Networking

File permissions determine who can read, modify, write to, or delete a file or folder based on their user account. Files and folders stored on a disk formatted with the NTFS file system (which is always used on the disk that contains Windows 7) can have these permission settings set on a user-by-user basis as well as by membership in groups like “Administrators” or even “Everyone.” When you log on to a computer using your username and password, these settings determine which files you can look at, and which you can change.

When you access a file over a network, this permission system still applies. What can get confusing is, how does the networked computer that contains a file you want to use determine who you are? The answer to that question depends on the version of Windows and some settings. Here are several scenarios you might encounter. Go down through the list to find the first scenario that describes your situation, and stop there. In the following discussion, “the network computer” refers to a computer on the network that has a file you want to use, and “you” and “your computer” are trying to get to the file.

  • If your computer and the network computer are members of a domain network, your user account is recognized by all computers on the network. You’ll get access to the file based on the permissions granted to your account, and to groups to which you belong.

  • If your computer and the networked computer are members of a homegroup, and if you left enabled the Advanced Sharing setting Let Windows Manage the Workgroup Connections, as it is by default, your computer will connect to all other homegroup computers using the built-in user account HomeGroupUser$. The member computers all know the HomeGroupUser$ account’s password, so homegroup access works regardless of how your user accounts are set up. Whenever you share a library, folder, or file with your homegroup, Windows sets permissions on that library, folder, or file so that the HomeGroupUser$ account has Read and/or Write access. In this way, all users in the homegroup get the same access rights to the shared resources.

  • If the network computer runs Windows 7 or Vista with Password Protected Sharing turned on, or XP Professional with Simple File Sharing disabled, or Windows Server in a domain that your computer is not a member of, the network computer will see whether it has an account set up with the same name and password as on your own computer. If so, it will grant you access to files based on rights set for your account. If the account or password doesn’t match, your computer will prompt you to enter an account name or password that is valid on the network computer.

  • If both your computer and the network computer run Windows 7, and the network computer has Password Protected Sharing turned off, a rule unique to Windows 7 applies:

    • If the network computer has an account with the same name as your account, and that account has a password set, you will be given access to a file based on privileges set for your account and groups you belong to.

    • If the network computer doesn’t have an account with the same name as yours, or if your account on that computer has no password set, files will be accessed via the Guest account. Basically, you will only be able to access files readable or writable by group Everyone.

  • The last scenario is that the network computer runs Windows 7 or Vista with Password Protected Sharing turned off, or XP Home Edition or XP Professional with Simple File Sharing turned on, and your computer isn’t running Windows 7. In this case, the network computer grants access using the Guest account in all cases. Basically, you’ll only be able to use files that are readable and/or writable by Everyone or Guest.

Phew! I know this looks like a big mess, but it actually boils down to just two alternatives: A network computer either will use a specific account to access files, in which case you can get to the files that this account can see, or will use the Guest account, in which case you only can get to files that are marked as usable by Everyone or Guest.

Another point to remember is that files stored on removable media typically don’t use the NTFS format, and don’t have any per-user permission settings. Floppy disks and flash media formatted with the FAT or ExFAT file systems are readable and writable by everyone, and CD/DVD-ROMs are readable by everyone who connects to the computer. Network permissions, described next, do apply.

Network Permissions

The preceding permission scheme applies equally to files accessed over the network and files accessed directly by logging in to a computer. When you share a folder or drive through the network, though, you can assign privileges, again based on user accounts that act like a filter for the file permissions that we just discussed. A network user gets only the privileges that are listed in both file permissions and network permissions. Figure 1 shows how this works.

Figure 1. You only get access rights that are given to you both through file permissions and through network permissions.

Another way to look at this is, a network user loses any permissions that are omitted from the network permission list. This can be used in complex ways, but mostly only two situations are used:

  • If you share a folder and set its network privilege list to give Read access, but not Write access, to Everyone, then users get Read access if their user account gives them permission, but nobody gets to modify its files over the network.

  • If you set the network permissions so that Everyone has both Read and Write permissions, then users get exactly what they’d get if they tried to use the file while logged on directly; no more, no less.
 
Others
 
- Windows 7 : Using a Windows Network - Searching the Network
- Windows 7 : Using a Windows Network - Using Shared Folders in Windows 7
- Windows Home Server 2011 : Patching Home Computers with WSUS - Approving Updates
- Windows Home Server 2011 : Patching Home Computers with WSUS - Connecting Home Computers to WSUS
- Windows Home Server 2011 : Patching Home Computers with WSUS - Synchronizing Updates
- Windows Home Server 2011 : Patching Home Computers with WSUS - Installing WSUS, Configuring WSUS
- Sharepoint 2013 : Office Web Apps (part 2) - Remove WOPI Bindings from SharePoint, Configure the WOPI SharePoint Zone
- Sharepoint 2013 : Office Web Apps (part 1) - Create a New WOPI Binding in SharePoint, Review Current SharePoint WOPI Bindings, Configure the Default Action for an Application
- Exchange 2010 and SharePoint 2010 Integration : SharePoint 2010 Integration
- Exchange 2010 and SharePoint 2010 Integration : Data Storage in Unified Messaging, Exchange 2010 Outlook Web Application
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us