Main Area and Open Discussion > General Software Discussion

Windows Networking, help me understand.

(1/12) > >>

superboyac:
I've been messing around with Windows networking for the past two weeks.  So many things I don't understand, and seemingly so many inconsistencies in the way things work that look exactly the same from the setup point of view.

Workgroup vs. Homegroup:
I initially was using Homegroups (Windows 7 and Windows 8 machines).  Then, it told me it can't share the root of a drive.  So I disabled homegroups and now use normal file sharing.

Some folders share, some don't:
Some folders from the same computer get shared properly, I can see it from the other and access it no problem.  Others don't.  Same permissions, same everything.  The one that doesn't work is a root drive, but I don't understand why that doesn't work.

Full control?
On some folders, I have full control for all users (everyone, administrators, guest).  Yet when I connect it is read only.  So whether someone has full control or read only...it really only works in read only.  I don't understand this.

40hz:
Workgroup vs. Homegroup:
I initially was using Homegroups (Windows 7 and Windows 8 machines).  Then, it told me it can't share the root of a drive.  So I disabled homegroups and now use normal file sharing.
-superboyac (October 14, 2013, 02:23 PM)
--- End quote ---

A Homegroup is basically a workgroup with preconfigured security settings and some additional restrictions. (Not quite, but close enough for all practical purposes.) It was designed to allow easy and relatively secure resource sharing in a non-critical network such as home sweet home. It's not very flexible. And IMHO, not even worth using.

A Workgroup is your basic peer-to-peer setup designed for use with 20 or less PCs. Workgroups are a pain because there's no centralized access control. You need to set up a user account on each computer you want access to in a Workgroup. It's not like a domain where you could just set up one set of credentials for yourself and be allowed access to every computer on the network.

Workgroups have default shared folders. If you can log onto machine-A as User-1, you have relatively full access to everything on machine-A. If you're logged onto machine-A however, you only have access to the default shared drives on machine-B unless you set up User-1 as a user on machine-B as well.

There is no central point (i.e. domain controller) that all the machines on your workgroup network can query to see who is authorized to access their resources. (That feature is provided by a domain - not a workgroup.) Access is controlled locally by each machine in the workgroup. Access is controlled by a domain controller in a domain.

Hope that clarifies things. :)

Stoic Joker:
Workgroup vs. Homegroup:
I initially was using Homegroups (Windows 7 and Windows 8 machines).  Then, it told me it can't share the root of a drive.  So I disabled homegroups and now use normal file sharing.-superboyac (October 14, 2013, 02:23 PM)
--- End quote ---

While I share 40hz's dim/purist view of homegroups ... Their purpose is to step around the issue of having to match credential between machines in a workgroup (a.k.a. the pinnacle of Administrative overhead oriented nightmares). Homegroups have a singular key that is shared between all member machines allowing access regardless of logged on user's existence on the target machine.

Never share the root of C:, it's horribly bad form and make BOFH's cringe, wince, and frequently homicidal. :)

Note: the professional version of any Windows client OS (workgroup or domain) will have a hidden administrative access only share called C$ if need be. Creating another one is just begging for disaster.


Some folders share, some don't:
Some folders from the same computer get shared properly, I can see it from the other and access it no problem.  Others don't.  Same permissions, same everything.  The one that doesn't work is a root drive, but I don't understand why that doesn't work.-superboyac (October 14, 2013, 02:23 PM)
--- End quote ---

They have literally written books about this one; file permissions vs. share permissions. You'll need both to get write access to a Windows share.

Full control?
On some folders, I have full control for all users (everyone, administrators, guest).  Yet when I connect it is read only.  So whether someone has full control or read only...it really only works in read only.  I don't understand this.-superboyac (October 14, 2013, 02:23 PM)
--- End quote ---

Rule of thumb 101: Never grant Full control to anything for any reason...ever. Seriously, this is another 5 star bid for tragic consequences. ;) Always administer shares from their own hosted root.

Share permissions need only Change for Users.
NTFS (file) permissions need only Modify for Users.

By users I mean only the specific ones that are to be allowed access to said share.

Full Control permission grant the ability to create shares inside of an existing share, and/or the ability to modify file permissions inside a target share. Both have ended badly every single time I've seen it ... Possibly due to the fact that this perilous configuration had much to do with why I got called there to start with... :D

4wd:
Just to follow on from SB's query:

What's the difference between, (this only applies to Server and Pro+ versions AFAIK):

The settings you get when you right-click on a folder, Properties->Share with->Specific people and if you go to the File Share Management Console, (fsmgmt.msc) ?

ie. Under Properties->Share with->Specific people
Windows Networking, help me understand.

Under fsmgmt.msc:
Windows Networking, help me understand.

I would have expected to see the same users allowed under both but ...  :huh:

I'm guessing this is the difference between Users and NTFS permissions ?

Vurbal:
The "simple" (and not entirely functional) version goes like this. You have 2 sets of permissions:

1. NTFS (file system) permissions which are the more granular of the 2.

2. Share permissions which are cruder.

When you connect to a share in theory the 2 sets of permissions are combined (sort of a logical OR) and you get whichever rights are greatest. The exception is No Access which trumps everything. However since you have Read permission we can safely rule that out.

In addition to that sometimes Windows will prevent you from doing anything but reading a file (or listing a directory) if you are not the owner - even if you definitely have all the requisite permissions. Assuming you're talking about data folders. This applies even when you're just dealing with local (NTFS) permissions.

Oh yeah, and if you're dealing with a domain setup instead that potentially opens up a whole other can of WTF was Microsoft thinking?
Finally if UAC is turned off (all the way off as opposed to the lowest standard level) on the computer you're accessing the share from you will be limited to read access. If you want to execute a file you will have to copy it to a local drive. I've had that just happen all of a sudden when rebooting after installing a Windows update.

Navigation

[0] Message Index

[#] Next page