1

Short and simple, There's a document in PC A that I want to share,I want PC B to be able to read/write,PC C only read,while PC D has no access at all.Sounds impossible but if there's a way please show me the rope.Thank You

I've heard about

Homegroup

Domain account

Workgroup

Create accounts on server(PC A is windows server 2012)

Community
  • 1
Fay Zan
  • 29
  • 3

1 Answers1

3

While @joeqwerty's comment can be interpreted as technically wrong (more on that later), he is correct that generally speaking when you configure a Windows file share, you don't give access to computers. You give access to users or groups (that contain users).

If we assume what you mean in your question is that you want all users on PC B to Read/Write, all users on PC C to Read only, and all users on PC D to have no access, there are a few ways to make that happen.

Homegroup is no good because you don't really have granularity of permissions. Based on your question, I'm guessing you don't have an Active Directory domain either. So you're pretty much stuck with using what is called "pass-through authentication".

The short version of this is that for each local user on your client PCs, you need to create an identical local user on your server PC with the same username and password. When User1 on PC B tries to access the share on the server, Windows will pass through the credentials to the server. And because there is an identical set of credentials on PC A, it will accept them as valid and PC B's User1 will have whatever access has been given to PC A's User1.

Then, it's just a matter of configuring your share with the permissions that give each user the read or read-write access they need. You can save yourself some time and effort by creating groups on PC A for each type of access like MyShareReadOnly and MyShareReadWrite. Then instead of adding permissions for each individual user, you can just add permissions for the two groups. This also makes it easier to change a given user's access in the future because you just need to change which group they're in.

The caveat to this method is that you can't have the same username exist on different client PCs unless you want them to have the same access on the server. And even if you do, you need to make sure the password is kept in sync on all of them.

P.S. Re: giving computers access to stuff

I know @joeqwerty probably already knows this. But in an Active Directory domain, you can actually give computers access to stuff directly. This is possible because computers have their own account in the domain just like users.

So if you grant permissions to that computer account, software running on the computer in the context of the computer's account can access whatever it was given permission to. It's not a super common configuration, but it is possible.

This is not the same as giving all users on the computer access though. They will generally still be running software in the context of their own user account, not the computer's. It's more for running headless software like Windows Services or web servers.

Ryan Bolger
  • 16,755
  • 4
  • 42
  • 64
  • Thanks,I was afraid I had to use that method since I don't want to create all of the Users same credentials on the server. P.S Yes,I mistakenly put PC but I actually meant Users on different PC – Fay Zan May 06 '16 at 07:08
  • That is one of the primary benefits of having a domain. Your users are no longer local to each system. Instead, they're stored centrally in the domain. – Ryan Bolger May 06 '16 at 07:15
  • 1
    @RyanBolger: You're correct in that my comment is **technically** wrong. I based it on what I perceived the experience/knowledge level of the OP to be. Someone asking this question probably wouldn't have understood how/when/why computer accounts can access remote resources (no offense to the OP). I made an assumption about what the OP was trying to accomplish and tailored my comment to that assumption. I appreciate that you took the time to provide a technically correct answer. Cheers. – joeqwerty May 06 '16 at 13:00
  • 1
    I figured as much. =) – Ryan Bolger May 06 '16 at 16:05
  • @joeqwerty I apologize for the confusing question – Fay Zan May 09 '16 at 02:14
  • @RyanBolger ,as for your answer,do you have a link on how to do that?I tried setting up the same account on the server,which I forgot to mention is Windows Server 2012 Essential,but I can't seem to get the permission working.Does it have anything to do with the [computer name]\UserAccount,with [computer name] being different? – Fay Zan May 09 '16 at 02:16
  • Trying to troubleshoot this in comments will be unproductive. You should probably submit a new question with more details about what you've tried and what is not working. – Ryan Bolger May 09 '16 at 07:18