windows-share network folder only with specific users

[newUser8776]

What am I missing here?

On my home network I have homegroup setup with my computers and my family's computers. That is working, but there are a few work-related folders I want to setup on my work computer that would only be accessible from my laptop, not other computers on my network. How can I do that?

Background:
All the computers are windows, my desktop is windows 7, my laptop is windows 10.

What I've tried:
Looking around the web, it looks like Homegroup can't do it alone, so i'd need to use the 'advance share' feature. I've tried that, but when I navigate to the shared folder on my desktop from my laptop, it says I don't have permission. Both laptop and desktop have the same username/psw. I've tried 'adding' other users to the advanced share permissions but that doesn't seem to work either.
I did see in one of the forum posts on this site someone talking about also needing to edit NTSF permissions. a) I don't know what that is and b) is that still necessary even if the user name would be the same?

I don't know what I'm missing. I swear i'm not incompetent, but i'm starting to feel that way.

 

[nukemaster]

NTFS permissions are edited in the security tab and if the user has share access, but not NTFS they will get denied it all has to line up. Denies will over-rule anything as well.

Windows is a little strange when using network shares and likes to use one login/pass for each system you connect to(even more important with mapped network drives).

Remember to turn off simple sharing and it may be worth turning off the homegroup feature.

If you have another login on the work computer you can use that user(not a group) to allow access ONLY when that login is used. Since you can connect with different credentials you can make one computer have access to all the times including work stuff, while other computers only have access to the files that user has access to.

More information on exactly what you want to do will help us help you.

The security tab can be used to add a user instead of a group like this.

It is also best to REMOVE the everyone group from the sharing tab if you want to limit users from seeing files. Remember if you limit a group the users will get limited as well so do not Deny users anything and then try to allow a users read/write permissions because the deny should take over in that case.

 

[newUser8776]

NTFS permissions are edited in the security tab and if the user has share access, but not NTFS they will get denied it all has to line up. Denies will over-rule anything as well.

Windows is a little strange when using network shares and likes to use one login/pass for each system you connect to(even more important with mapped network drives).

Remember to turn off simple sharing and it may be worth turning off the homegroup feature.

If you have another login on the work computer you can use that user(not a group) to allow access ONLY when that login is used. Since you can connect with different credentials you can make one computer have access to all the times including work stuff, while other computers only have access to the files that user has access to.

More information on exactly what you want to do will help us help you.

The security tab can be used to add a user instead of a group like this.

It is also best to REMOVE the everyone group from the sharing tab if you want to limit users from seeing files. Remember if you limit a group the users will get limited as well so do not Deny users anything and then try to allow a users read/write permissions because the deny should take over in that case.

Thank you very much. I think I'm still not understanding fully.
You say I can use the security tab to add a user - but when I check that tab, the user account is already there (since again, it is the same user name for both computers).

More specifics that you requested:
The desktop computer name is: Mk-HP12
The laptop computer name is: TRAVELDELL16
Both computers are password protected with the same password and the same user name "Mike"

On Mk-HP12 I'm trying to share the folder "ImAShareFolder" so that only my account on TRAVELDELL16 can access it, but not my wife/kids computers on the network.

On Mk-HP12 I right click on the folder -> properties -> sharing -> advanced sharing
I check 'share this folder'
I click the 'permissions' box and it says "group or user names' and I see "Mike (Mk-HP12\Mike)" as the only user name there with 'allow - read' checked.
I hit ok.
I click the security tab, and i see thre group/user names with permissions:
"System"
"Mike (Mk-HP12\Mike)"
"Administrators (MK-HP12\Administrators"

So again, it would appear from that tab that the "Mike" user should already have access.

The only thing I can guess is that I somehow need it to show that user domain as TRAVELDELL16\MIKE instead of Mk-HP12\Mike, but I don't know how to do that.

I feel I'm close... what am I missing? (and thanks)

 

[nukemaster]

Your settings actually look fine. You may want to set your network type to Work Network in the Network and Sharing Center(Control Panel\Network and Internet\Network and Sharing Center).

The part before the name is just the computer name, it should not have to match on each system, You can even connect with other user names that do not exist on your system(as long as they are on the system hosting the share and have been granted permissions).

The only way I can see you not getting access would be if a group you are a member of is denied a permission for some reason.

Is this computer from work and could it have some kind of permissions preset? You list being on a domain. Home networks tend to be on workgroups.

This is just to show that the name of the system should not matter only the actual username and password are important. If you had no user name on the other computer it should actually pop up a login prompt asking for a login and password before trying to connect to //computer_name. This is how my Windows 10 is because I do not have the same login on that system.

A word of warning on network shares. If you delete a file over the network it will not go to either recycling bin. The work around is to make that folder on of the users locations[documents/videos/ect]. Even then if you access it by the //server_name/share_name and delete it you may loose the ability to restore it. Watch out for this

 

[newUser8776]

Your settings actually look fine. You may want to set your network type to Work Network in the Network and Sharing Center(Control Panel\Network and Internet\Network and Sharing Center).

The part before the name is just the computer name, it should not have to match on each system, You can even connect with other user names that do not exist on your system(as long as they are on the system hosting the share and have been granted permissions).

The only way I can see you not getting access would be if a group you are a member of is denied a permission for some reason.

Is this computer from work and could it have some kind of permissions preset? You list being on a domain. Home networks tend to be on workgroups.

This is just to show that the name of the system should not matter only the actual username and password are important. If you had no user name on the other computer it should actually pop up a login prompt asking for a login and password before trying to connect to //computer_name. This is how my Windows 10 is because I do not have the same login on that system.

A word of warning on network shares. If you delete a file over the network it will not go to either recycling bin. The work around is to make that folder on of the users locations[documents/videos/ect]. Even then if you access it by the //server_name/share_name and delete it you may loose the ability to restore it. Watch out for this

The computer is not from work, both are my personal computers I purchased.

You mention not getting access if a group I am a member of is denied for some reason, but as I said in my list, there are no groups listed with 'denied' selected. To add to the mystery: if i set a folder's share in advance sharing to 'everyone', then my laptop can access my desktop, but my wife/kids computers cannot access the folder. This does not feel safe to me though... as i assume 'everyone' means actually 'everyone' in at least some situation, even if or whatever reason it doesn't mean it at my home network.

'you list being on a domain' - that is probably me just using the wrong term. all computers have the workgroup set to "WORKGROUP" if that is what you mean.

You suggest changing my network to from 'home' to 'work' -- doesn't that then mean i'd no longer have access to my wife/kids computers on the homegroup? Would it mean then my settings somehow open up my share folders to my coworkers when I go to the office where my network is already set to 'work'?

Is it possible that somehow the user name on one computer is 'MIKE' and the other is 'mike' and i can't tell? is user name case sensitive?

If I go to my computer, right click on it and go manage -> shared folders ->sessions
it shows:

Which makes me think that somehow my traveldell16 laptop is still trying to login via homegroup and not via its on credentials? This is jsut today, yesterday when I saw this screen it showed TravelDell trying to login with username 'mike' (instead of "Mike"). So i don't know.

Thanks for your continued assistance.

 

[newUser8776]

Yeah, i just confirmed my suspicion about that workaround:
If I go into TravelDell16 "change advance share settings" and and turn off "allow windows to manage homegroup connections" and select "use user accounts and passwords to connect to other computers", then restart that computer, then try to access the folder on my desktop shared only to the Mike user account, it connects no problem.
HOWEVER, I can no longer connect to the other computers on the homegroup. It prompts for username/psw.

The workaround for that would then be I need to add my Mike usernam/psw to all the other computers on the home network as an acceptable credentials to access their computers. A pain and feels like 'bad security'.

So it would appear so far tha ti have to choose between homegroup, and having secured folders with this current workaround.

There has to be something I'm missing - is there not a way to get both?

 

[nukemaster]

If you know the passwords for the other computers, you can use them and save them(it will use them when accessing those shares. again this one user/password per device thing applies).

I actually DID make extra accounts on my sharing computer for other users who connected. After that, I hid them(and they are limited accounts[since they are only needed for network access]).

When I tried homegroups, I was shocked to see that the group Everybody was given read/write access so I just stopped at that point. I am sure if does something else to prevent that(after all that key has to be good for something.)