21 replies to this topic

[leeism]

Hi All

This is my first post and I am pretty new to this stuff but am looking for some ideas on the issues I am seeing with my new install of WHS2011.

I am trying to figure out how to use groups to control folder sharing but it seems that all of it has to be done through the dashboard, my questions are:

• If I create a group in local users and groups should I just be able to add uses to the group and then add that group to the security tab on the folders properties?
• Will that replicate to the Web Access? As it seems that if I grant access to a user through the Web Access but restrict it in the folder security the user still have access on the Web
• is there any difference with security access using web access compared to the local network access?

Thanks

Lee

[pcdoc]

WHS is designed to set up from the dash board. You create users, give them access rights, and you are good to go. It can be done other ways but it can get messy. What stops you from just setting up users? What are you trying to accomplish?

[leeism]

Thanks, I dont really want to have to set up all the users every time I set up a share, so I was hoping to create a few groups to just add people them.

So when you mention it can be done other ways, what are they please?

Lee

[jmwills]

As pcdoc said, WHS is designed for the first time user to help facilitate the sharing of data. Unless you fully understand File and Share Permissions, you can grant access to data that you did not otherwise intend to do.
If you do not want to use the built-in groups, the first thing to do would be to setup Security Groups and then populate those groups with Users. Two important concepts you need to understand are Share Permissions and File Permissions. Think of Share Permissions as Window Shopping, everyone can see the Folder that contains the data, but only those with the appropriate File Permissions can enter the folder and access the data.

[yodafett]

Hi All

This is my first post and I am pretty new to this stuff but am looking for some ideas on the issues I am seeing with my new install of WHS2011.

I am trying to figure out how to use groups to control folder sharing but it seems that all of it has to be done through the dashboard, my questions are:

• If I create a group in local users and groups should I just be able to add uses to the group and then add that group to the security tab on the folders properties?
• Will that replicate to the Web Access? As it seems that if I grant access to a user through the Web Access but restrict it in the folder security the user still have access on the Web
• is there any difference with security access using web access compared to the local network access?

Thanks

Lee

You would need to add the group to both the Security Tab and Share Tab of the folder your shareing with appropriate permissions With only a 10 person limit on WHS2011 and the ease of giving the permissions through the dashboard I think in the end it would be easier to just go via user. If using SBS2011 then I could see the need of using the group method. We do the group thing at work and end up having a different group for every dept and even that dets messy at times.

[leeism]

Thanks all,

So bryan if I just create the group in users and groups and then add it to both the security and sharing tabs on the properties of the folder how will that effect the "web access" setup I have created with the users? Am I able to switch those to "no access" and let the groups take control of the permissions?

Thanks again

[jmwills]

By default, everyone will have access, so IMO, give everyone Share Access and those who need the files the Security Permissions to use the files.

[yodafett]

If you go to computer Management there will be serveral new groups that you have not used in the past
WSSUsers are WHSUsers but are unable to log into the PC unlike a standard User
the rest are self explanitory with RA standing for Remote Access
RA_AllowAddInAccess - Load any addiin give by Default
RA_AllowComputerAccess - RDP
RA_AllowDashboardAccess - Access Management Dashboard (your account and maybe 1 backup)
RA_AllowHomepagelinks - Links at bottom of login page
RA_AllowMediaAccess - play music and videos via web
RA_AllowNetworkAlertAccess - admin users only
RA_AllowRemoteAccess - log in via the web
RA_AllowShareAccess - default share level access via web

A User needing access to only a share folder needs Addin, RemoteAccess and ShareAccess plus WSS Users

[leeism]

ok, so I created a user through users and groups (not the dashboard) and added Addin, RemoteAccess and ShareAccess plus WSS Users, but still when accessing through web access the "tester" account i created fails to authenticate.



Do I have to create through dashboard or not?

Thanks a lot for your help with this

Lee

[ikon]

AFAIK, you not have to create through the Dashboard, but it is a whole lot easier. The issues you are encountering are exactly the kind of thing pcdoc and jmwills were alluding to. User Rights can get complicated. I don't blame Windows per se; it's just that people want all kinds of odd exceptions to access rights and the whole thing gets complicated. They think what they want is simple but, in reality, it isn't.

[jmwills]

Find a user account(s) that has the properties you desire, and base the access for the new account on the properties of the one(s) that work.

[leeism]

Ok I have tried looking at a working users groups created through the dashboard, then adding a new user created through users and groups, same deal still can log in through web access.

Is there any command I should be running to ensure the policy updates have taken place? As far as I can see the only way to get a user to actually be able to log in through web access it to create them through the dashboard. I have checked all attributes of both users and they are the same.

Can anyone work this out? I am nearly at the point of thinking something has gone wrong with the install.

[ikon]

I seriously doubt anything went wrong with the install. You could always re-install to test but I think you'll get the same results. The more likely issue is that one or more parameters aren't set. My issue is I haven't done serious Windows admin in a long time so I don't remember the details.

[jmwills]

Is the user you created a memeber of the Remote Desktop Users Group?

[leeism]

Thanks ikon

Hey wills, neither of the users are members of the remote desktop users group, would they need to be? If that is the case why are none of the users created through the dashboard members?

Thanks

[jmwills]

Sorry, I was the thinking of the Remote Web Access Group. The easiet way to complete this task is to go into Computer Management/Users and find an account you know is working, Right Click>Copy and then create the new account. The attributes should be carried forward.

[leeism]

Hi Wills

There is no copy function when right clicking a user that I can find. In the help it doesnt mention it either. Is there any other versions of windows that offer the "web access" function that isnt so "dumbed down"?

Thanks

[jmwills]

Evidently that is only an AD function. Is the user you created a member of this group?

RA_AllowRemoteAccess - log in via the web

[leeism]

Yeah the user is a member of that group,

[jmwills]

I'd start your process over again. I've created about a dozen special folders with various access levels but stayed with the account created in the dashboard for RWW access. I'd look thru those dashboard screens carefully to see if it can be enabled from there.