I have a small home network setup of the following:-

1 desktop PC, used as a file server
2 laptops

They are linked through a Linksys router using Windows filesharing.
What I would like to do is control who has access to the server, that is, laptop1 can read, write, move, copy and download files from the server and laptop2 will only be allowed to read and download files only. How do I set this?

Use Windows 2000, XP Pro or best of all: Linux

Are you using Linux/BSD and Samba or some version of Windows for the server?

Also, do you want to restrict by client, or by the user who is logged in? In most cases the latter is preferable.

I'm using Windows File sharing on XP PRO on all machines.
What exactly is a client?
If I could block by PC rather than by user would be better for the setup I have.
None of the PC's really use user accounts, they only used by one person and setup to log straight in at startup without asking for a password.
But I would be greatfull if you could explain how to block by user too, if I decide to change the setup, which probable will do.

As for Linux, I started at that but I am a complete beginner and the replies I got when I posted qurries about using Linux got my nowhere. People would tell me what needed to be done but never explained how to do it, they assumed I know all the terminal commands, which I don't.

I'm not really experienced with XP, so I'll have to leave the details to someone else, I use linux/samba for all my file servers. You might be able to assign static ip's though and restrict by ip, or just give everyone a user id and password and restrict by that.

I already use static IP's, restricting access by IP's sounds the simplest solution for the problem, does anyone know how I can do this?
But would completely block some PC's buy IP or just restict the access rights?

On the file server make an administrator account and use the same user name that is on your laptop that you want to have full access.

On the file server you need to disable simple file sharing.
1. Open Windows Explorer
2. Go to Tools>Folder Options>View Tab
3. At the very bottom uncheck "Use Simple File Sharing"

Set permissions
1. Right click on your shared folder and select "Sharing and Security"
2. Click the "Permissions" button on the "Sharing" tab
3. Click on Everyone, make sure only the Allow Read checkbox is checked
4. Click Add, type "Administrators", then click "Ok"
5. Select "Administrators" and check the Allow Full Control checkbox

You will need to set permissions on all shared folders.

Www.logmein.com fast easy no port fowarding.

Dermen,
Just to clarify, what your telling me to is, use the Admin account of the server to set it so that only named users have access to whatever rights the Admin gives them, is that correct?
If so, do I then need to create a user account for everyone on the server who are on the other computers? Like my laptop has a user account called "Evalution1" and the other laptop has a user account called "Peter" and I give them rights on the server.

This makes me wonder, if for some reason the are 2 PC's on the network and each has a user account called "John" but they are 2 different John's, with different rights, how can the server tell who is who?

Imposter,
Thanks for the link, I'll look it that setup too. What has port fowarding got to do with this though?

Usually to take control of a computer you need a port opened, but i believe logmein uses default webport so none of that annoying stuff to do. All you got to do add the pc install a small file and have it running in the background and you can take control of your pc anywhere there is internet =).

That sounds like something different to what I want. But usefull all the same, I may come back to that once I get this current problem sorted.

Dermen,
Having trouble with that setup, what I did was:-
Laptop1 has an admin user accound called "Alan", with no password for logging in.
On the file server I have the main admin account of "John" and I created another admin account called "Alan", to match Laptop1. I set the sharing/security settings as you directed, to full access and control. Now, on Laptop1 "Alan" is only able read files and not write/edit.

Have I missunderstood what to do here?

Waoooooo EDIT: i am totally stupid i totally miss read what you said.... i don't know i didn't get any sleep today so thats probably it! lol. in this case why don't you set up a ftp server. Or you can do what Dermen said and use simple file sharing. Logmein pro also has a norton commander view to edit and add files to computers though that costs money a month.

Dermen,
Having trouble with that setup, what I did was:-
Laptop1 has an admin user accound called "Alan", with no password for logging in.
On the file server I have the main admin account of "John" and I created another admin account called "Alan", to match Laptop1. I set the sharing/security settings as you directed, to full access and control. Now, on Laptop1 "Alan" is only able read files and not write/edit.

Have I missunderstood what to do here?


you need to make sure they are all under the same network. they all need to be under MShome for example.

Imposter
Thanks anyway, remote contol of the server is something I was going to ask about soon. I'm just learning one thing at a time for the moment. So, when you've got some sleep I may get back to you, lol!!

Dermen,
I have just realise, I have done you setup right, and I know how do set access for named users on different machines. I'm having trouble with Windows password at the moment. Long story to do with my college and only now realising they didn't give all the passwords when I bought the machine, it's nearly sorted now though, I think. (I mentioned it in this post http://www.ocforums.com/showthread.php?t=501760)

What it should do is allow everybody to read the files, but only allow Administrator Accounts on the file server to be able to have full control.

Like imposter said, check that all the computers are in the same workgroup. It also might not work if you don't use passwords, I have never tried setting permissions on accounts that had no password.

From your earlier post you said that each computer only had one user account. If you have multiple users then it gets more complicated. You can assign them rights individually or you can use groups to group together users that will have the same access. In your example of having two Johns they would both have the same access, and that would be whatever access you set up on the John account of the server. If you want them to have different access then they will have to have different usernames.

I found how to set it up for the same user name from different machines. Under Permissions for SharedDocs or what ever folder, I clicked Add and then above where I typed the users name there is a selection label "From This Location" at the moment it only lists Server as a location because I don't have the password to allow Server to see Laptop1, but presume once I get that sorted and put the username and password into Server Laptop1 will be added to the list.

Use Windows 2000, XP Pro or best of all: Linux
:thup: :thup:

Usually to take control of a computer you need a port opened, but i believe logmein uses default webport so none of that annoying stuff to do. All you got to do add the pc install a small file and have it running in the background and you can take control of your pc anywhere there is internet =).
Packages such as that are EXTREMELY DANGEROUS and should NOT be recommended.

Insert plug for finer-grained permissions by using Linux/BSD + Samba here. Remote control is a breeze through SSH.

how are they dangerous, dont give out password and your safe.

how are they dangerous, dont give out password and your safe.
Any idiot with enough CPU-power and a network interface in promiscuous mode can snoop your session.

And it effectively opens you up to the world. Most people don't know how to do a strong password anyway - most information security incidents come from poor password choices. "dont give out your password" is not sage advice and is not a cure-all - you have to pick a secure password first.

I'll skip the other obvious reasons why such services are dangerous - spoofed connections, and the possibilities of man-in-the-middle attacks.

This is the way to do it:

Get sygate personal firewall 5.6
It automatically blocks all LAN connections from connecting to that computer (making it invisible to the view network connections in windows). From there, you can make an advanced setting and add the IP address' that you want :)

It works for me perfect. Also you are getting one of the best firewalls around.

ps2cho,
I'll hve a look at that firewall too, it sounds the simplest as I'm already using static IP's and I would really like to block by PC rather than user.

ps2cho
Is this the program you mentioned:-
http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=is&pvid=npf2006