Windows 10: Setting "Everyone" in File Sharing to Work with Specific Users

Discus and support Setting "Everyone" in File Sharing to Work with Specific Users in Windows 10 Network and Sharing to solve the problem; Hi All, I have been attempting to understand file sharing where you specify permissions for specific users, but I get conflicting advice from the Win... Discussion in 'Windows 10 Network and Sharing' started by toppinglift, Apr 2, 2017.

  1. Setting "Everyone" in File Sharing to Work with Specific Users


    Hi All,
    I have been attempting to understand file sharing where you specify permissions for specific users, but I get conflicting advice from the Win 10 forums and very recent 2016 and 2017 articles. I searched your forums and tutorials and have not found an answer either. The methods suggested by the articles are similar except for one BIG difference—they handle what to do with the “Everyone” Group differently. My comments below are in bold and in brackets and I have written below what I found so far and what I intend to do. If you want to skip reading that and just tell me what you do, I would appreciate that too.

    1. I want to share folders/files in this way: Users A, B, C and D will have read/write access to a group of folders/files. User E will not have access to those folders/files. User D and E have separate user accounts on the same PC. Users A, B and C have separate PC’s. If D and E sharing the PC is a problem with file sharing permissions, I will get separate PC’s for everyone.

    2. I want to share folder/files using File Explorer method.

    3. The folder/files will be secured behind the Windows login information on the sharing PC so I can allow access to just specific users.

    On one Reddit forum (sorry I lost the url), this was the method suggested: Right click on the folder you want to share=>advance=>mark : share this folder=>add . . .[the User Name]-->advanced=>make sure everything is marked under “object types . .=> find now=>select who to share with under the “names” column=>select shared user from the list and permissions you grant them from the check boxes (for read and write or “777” permission [not sure that that is] permission tick all 3 boxes in the allow column=>click ok=>done. [No mention of “Everyone” but I think it is under Properties=>Sharing=>Advanced Sharing=>Permissions by default].

    On http://www.geeksquad.co.uk/articles/...-on-windows-10, the article keeps the “Everyone” group under Advanced Sharing=>Permissions and tells you to ADD the specific User Names you want to allow access, making sure you tick the boxes which grant “Change” permission. [this is similar to the instruction from Reddit above, but adds Users Names in by going to Permission in a different way—you must type them out instead of selecting them].

    On PUREInfoTech, http://pureinfotech.com/setup-networ...ng-windows-10/, they tell you the same method as above from Reddit and Geeksquad, except when you get to Permissions (where the Everyone group is the default) they instruct you to REMOVE the Everyone group and ADD the specific User Names you want to share. Of course, you tick the boxes for Change and Read or for Full Control.

    This is what happened to me when I followed each set of instructions---PERMISSION DENIED for the all the specific users. The only way I could give Users A, B, C permission to share the files/folders was to go into Properties=>Sharing and just add the Everyone group. So, I did not go into Advanced Sharing, but the problem is, while I solved the file sharing issue—I cannot exclude D—he gets access too. So, I am back to square one, not understanding how this file sharing works. I thought Properties=>Sharing was for local files and Properties=>Sharing=>Advanced Sharing is for network shares.

    Thanks in advance.


    :)
     
    toppinglift, Apr 2, 2017
    #1
  2. 93tid Win User

    How to fix " Unknown Artist " ?

    My favourite is MP3Tag, google it.
     
    93tid, Apr 2, 2017
    #2
  3. my phone " keys in " some numbers while talking

    As I said in my first post you can either try to update it's software to see if it cures it.

    If it doesn't then your phone is faulty and you will need to get it repaired.
     
    psychomania---01, Apr 2, 2017
    #3
  4. Samuria Win User

    Setting "Everyone" in File Sharing to Work with Specific Users

    Welcome to the forum. They key thing is everyone includes even admin so if you rent admin can't get in. There are two sides to this one is the share permission but the key is the NTFS permissions. Share lets them connect. But NTFS has a lot more settings to then control what they can do
     
    Samuria, Apr 2, 2017
    #4
  5. Thanks Samuria for the quick reply and welcome. I am sorry but there must be some typos in your reply because I do not understand what you are describing.

    How would YOU configure Permissions to allow Users A, B, C and D on the same network to share the same file, but not allow User E. That is all I am trying to discover. I've read that "Share" is just file permissions and "Advance Share" is NTFS, and that Share is for local files, and Advance Share is for network, but I can't figure out how to make it work. Every setting I use with Everyone or with specific users named ends up with PERMISSION DENIED. So far, the only way that works is if I put Everyone in Share and not change anything else. But while that grants permission for A, B, C and D--I cannot stop E from accessing the file. Any help would be appreciated.
     
    toppinglift, Apr 2, 2017
    #5
  6. Pyprohly Win User
    Toppinglift, generally, it is always recommended that you handle access using NTFS permissions exclusively, if available. This means leaving the share permissions to the default of “Everyone, Full”. The only time you should be configuring share permissions is when the share destination’s disk doesn’t support a permission system itself.

    I’m assuming this answers the OP.

    This is the only question I could find throughout both your posts, yet it’s difficult to tell what sort of answer you are expecting here.

    In any restricted site, there are two principal strategies for controlling access: you can either take a whitelist approach and permit access to only those who you trust, or you you can take a black list approach and describe those who should not have access. The former is more secure and is very suitable in this case where you are saying that you want users A, B, C, and D to have access. Saying this alone by default excludes any user E, F, or G, etc.

    To be able to manage access on a user-by-user basis in the first place you must be using an Active Directory Domain, or possibly a Workgroup. To be honest, I’ve never used a Workgroup before.

    I know in a HomeGroup, you cannot have this level of specificity as all network users who can access your shares have equal rights to them, i.e., you cannot make a distinction between users authenticating remotely.
     
    Pyprohly, Apr 3, 2017
    #6
  7. Thank you for your reply, Pyprohly. Yes, I know the question is a bit buried and dense, but that is why I quoted the articles above--even the experienced users have different views of where to put "Everyone" and it is very confusing for those who are not network savy, like me.

    So, by NTFS permissions, you mean go to Properties-->Sharing Tab--->Advance Sharing--->tick "Share this folder"--->OK--->OK--->DONE? You don't touch permissions?

    Users A, B, C, D and E are all on the same network and in the same Workgroup.

    I want to have a Whitelist, naming Users A, B, C and D as ONLY the users which have permission to share the files/folders. How do I express that in a way that Windows 10 will understand that?
     
    toppinglift, Apr 3, 2017
    #7
  8. Setting "Everyone" in File Sharing to Work with Specific Users

    I just wanted to repeat that I am not using Homegroup. I am sharing files using the File Explorer method. Thanks.
     
    toppinglift, Apr 3, 2017
    #8
  9. Pyprohly Win User
    Always use the file system’s permissions if it supports it, and leave the share permissions as “Everyone, Full”. Trust me, there’s no benefit in managing permissions for a single item in multiple places and I am certain if you took a poll of the most perceptive system administrators, they’d agree. Those who think otherwise could only suggest that dealing with NTFS permissions adds complexity. Not true. You see, if you start changing permissions on a share you are forced to maintain two sets of permissions because you cannot, or really, really, should not ever give Everyone Full Control on NTFS and leave access control to the share protocol.

    Microsoft’s documentation doesn’t explicitly recommend it, but this approach is heavily alluded to efficaciously. Read more here.
    Uh. No. As soon as you hit that “Sharing” tab you’re dealing with the share’s settings. NTFS permissions are located in the Security tab of the Properties pane.

    And it’s not like, “don’t touch”. It’s like set, and don’t go back there again there to manage permissions.

    Properties -> Security. NTFS permissions, Toppinglift; Toppinglift, NTFS permissions.

    If you say the context is a Workgroup, automatically you are suggesting that users A, B, C, and D are to be users on this machine, and not necessarily users that exist on the machines these users are to authenticate remotely with. On the NTFS permission list you specify users A, B, C, and D as if they were local accounts. When that’s done, person A wanting to authenticate remotely with user A on that machine must create an identical user A on their own machine, i.e., same username, same password.

    This is how it works based on what I have read about Workgroups and I have not tried any of this in practise.

    If you want a more confident answer you can wait until the end of the week to allow myself time to test things, otherwise know that I’m only giving advice based on my educated guess as to how I think a Workgroup behaves. Again, I have not used a Workgroup before.


    Yes, it is important the we’ve established that.

    “File Explorer” method. Mm. Yeah, that terminology has to go.

    What you’re doing here is changing the NTFS permissions.
     
    Pyprohly, Apr 3, 2017
    #9
  10. You know, Pyprohly, that everything you just wrote runs counter to what the articles I listed in my Original Post (from geeksquad and pureinfotech.com) instruct. It blows my mind that there can be so much misinformation provided by these sites. And BTW, I used the terminology "file explorer" method from one of those articles because that is what they called it. No wonder file sharing is so difficult to understand.

    Ok, I would like it very much if you could test it out. I'm going to test what you say too to see if it works with Workgroups and report back to the forum. Just so we are on the same page, this is what I intend to do:

    • Make Users A, B, C, and D share files
    • Properties-->Security-->[Ok, I don't see "Everyone" as a default--do I click "Edit" and then "Add" Everyone in???]
    • Add Users A, B, C and D
    • Click "OK"
    • DONE

    I am totally avoiding the Sharing tab because that has to do with file sharing and not NTFS. I want only NTFS, so I go directly to "Security" tab. Nevertheless, you write that "Everyone" is a default under Security, but I did not see it there--I had to add "Everyone" in.

    Finally, I currently have "Everyone" under the Sharing tab (because it was the only way I could get the files shared--but that setting allowed EVERYONE to share, including user E (which should not share that file). Should I now go in and remove it after I had set the NTFS permissions? Thanks.
     
    toppinglift, Apr 3, 2017
    #10
  11. Pyprohly Win User
    It’s not misinformation, it’s just that there are different approaches on how to configure these sorts of things. You did ask us, at least Samuria, how we would configure things.

    If you are interested in setting up share permissions exactly according to how those articles outline, that is your prerogative. I personally think it is not ideal to be handling access at two locations. Reiterating Microsoft’s comment:
    Sorry, I didn’t realise we were not talking about permissions here. What is described as the “File Explorer” method in those articles is demonstrating how to set up a share through Explorer as opposed to the public ones generated by HomeGroup, or shares created through the command prompt or PowerShell for that matter.

    If we’re talking about share permissions it doesn’t make sense to distinguish a “File Explorer” way.

    No, this is not right. The following is what needs to be done.

    • Make local users A, B, C, and D, and assign a password to each (they must have passwords for you to authenticate remotely with).
    • Create a share through Explorer. Because the share permissions are by default set up how we want it to be, i.e. it includes “Everyone, Full”, they can be ignored as we won’t be controlling access this way. Go to Properties -> Security.
    • The Properties -> Security pane represents the NTFS permissions. Here, you control access by including or denying users or group appropriately. In this case, you’ll be specifying the local users you’ve setup in step 1.
    • Click “Apply” or “OK”.
    • Test share access.
    No, no, I never wrote that. It’s the other way around. “Everyone, Full” for the share permissions; access controlled throughout NTFS permissions.

    As a rule of thumb you never ever should be specifying the Everyone group in NTFS permissions. NTFS permissions represent the final set of rules that govern access to a file. If you screw up an “Everyone” rule, you mightn’t notice initially and it’ll create an annoyance later on.

    No, you should leave access on shares as “Everyone, Full”.

    I’ll need to see the NTFS permissions for that folder that’s being shared to determine what needs to change.
     
    Pyprohly, Apr 5, 2017
    #11
  12. First, thanks for your patience explaining this--I really appreciate it. Second, ok, maybe it is not "misinformation," but the way you and Samuria set your network up makes a lot more sense to me and I want to do it that way. And BTW, I tried the ways explained in those articles, and it just did not work for me. And I just read some of the comments underneath the articles, and it did not work for some of the readers too. When I re-read the articles, I see that the critical difference between your approach and their approach is that they made all changes through Share Permissions and no changes through NTFS permissions. And those approaches never specified that they were doing so because the network had FAT-32 files, they just said that this is the way to do it. Anyway, it did not work. That's why I landed here.

    This was the step by step I was looking for all these months--Thanks!! Can't wait to try it when the network is not active. If it works, I'll mark this thread as SOLVED and give you max award points--(do you do that here-I haven't checked). It it doesn't, I will give you my NTFS permissions screen shot for further help. Thanks again.
     
    toppinglift, Apr 5, 2017
    #12
  13. Pyprohly Win User

    Setting "Everyone" in File Sharing to Work with Specific Users

    The only thing that attracted me to this thread was the permission problem and I wouldn’t be too confident in the networking department, but I’m glad I chose to engage in this thread because now that the weekend’s near I was able to do some intense research and testing with Windows networking to really brushed up on my skill in this area. After doing this, I’ve realised that two crucial points I have said are completely wrong and that I must correct these immediately.

    Firstly, when I said,
    This is incorrect. You are never required to create identical user accounts across network machines. It is a very common tip to hear however, and I think this is because it solves networking issues as it happens to coincide correct requirements.

    When you create an identical users on remote machines you’re automatically fulfilling two criteria points that actually matter: (1) you’re persuaded to set a password on the account you are authenticating with. A user account must have a password to be used for remote access unless those specific public shares provided by HomeGroup are used. (2) You’re forced to use credentials that are approved of on the target machine. People try to use the credentials for their own user account on their own machine rather than the machine for which they want to connect to.


    Secondly, it is a bit of a mistake to categorise Workgroups and HomeGroups as two distinct networking possibilities. Before, I said,
    Yes, it is important the we’ve established that. suggesting that there is a great importance in identifying which technology is being used. And I also stressed not having used a Workgroup before which is really a dumb thing to say, as you’ll see.

    All Windows machines are in fact on a Workgroup by default. Which Workgroup and hence which machines you see on the network is determined by the Workgroup name. Machines with matching Workgroup names are on the same Workgroup. By default, Windows machines have a Workgroup name of “WORKGROUP”.

    A HomeGroup is an extension to Workgroups. All it does is just add special shares, often called “public shares”, to speed up the authentication process. The only difference between these kinds of shares is that public shares don’t require you to authenticate with credentials. When accessing normal shares (“Workgroup” shares) when on a HomeGroup, you will still be prompted for credentials if you try to access them.


    These corrections don’t invalidate the steps I posted in post #9. Just remember that you don’t need users A, B, C, or D to exist on the machine/s you’re intending to use to connect with.


    Edit: Also, custom shares are not “Everyone, Full” by default! But you should still make them so. The default shares that come with Windows are.
     
    Pyprohly, Apr 6, 2017
    #13
  14. I tried post #9 instructions and could not make them work. I am quoting them below for the convenience of anyone following the thread:
    Below is what I did to test the share access. The No. 1 settings granted everyone access. The No. 2 settings granted no user access, including the user on the "white list.":


    Setting "Everyone" in File Sharing to Work with Specific Users [​IMG]
     
    toppinglift, Apr 8, 2017
    #14
  15. Pyprohly Win User
    That should be correct. When clicking that machine in the Network view of Explorer on another machine you’ll be prompted for credentials. Enter “Allen_T450” then the password for that account (it must have a password set) and you should be through.

    Post back error messages if anything fails.
     
    Pyprohly, Apr 8, 2017
    #15
Thema:

Setting "Everyone" in File Sharing to Work with Specific Users

Loading...
  1. Setting "Everyone" in File Sharing to Work with Specific Users - Similar Threads - Setting Everyone File

  2. Sharing OD live.com link with specific Gmail users

    in Windows 10 Network and Sharing
    Sharing OD live.com link with specific Gmail users: I'm trying to share a link to a file in personal OneDrive live.com with "specific people" who are Gmail users and do not have a Microsoft account. It doesn't seem to be possible. Is there a way to make this work?...
  3. How to share folder to specific user on specific PC on the network

    in Windows 10 Network and Sharing
    How to share folder to specific user on specific PC on the network: Hello, I have 3 PCs running Windows 10 (Home) and one of them is sharing a folder to the others. I shared the folder using Right click on the folder > Properties > Sharing > Advanced Sharing > Share this folder > Permissions > Everyone > Change (Or Full Access, depends what I...
  4. Sharing Files with Specific People Question

    in Windows 10 Network and Sharing
    Sharing Files with Specific People Question: The new file sharing options in Windows 10 requires I share with Specific People. When I try to add a specific person who is on a different computer, it takes me to a window for adding an account to my computer. I don't want that person to have an account on my computer, I...
  5. Sharing Folders with a specific User on Private Network

    in Windows 10 Network and Sharing
    Sharing Folders with a specific User on Private Network: I need help in adding a specific user to the sharing of folders. The user is on my WIFI network on another Win 10 Home PC. My wife's PC is \\XPS8500\Bonnie but when I try adding it, it is not accepted. Can you help me figure out how to add her as a sharing partner on my...
  6. Sharing files between specific computers

    in Windows 10 Network and Sharing
    Sharing files between specific computers: I have a laptop running Windows 10 and a desktop running Windows 7. I need a way to share filesonly between them. This means that other desktops and laptops on the same network cannot access the shared files on those 2 machines, nor the 2 machines can access the shared...
  7. Cannot set up network sharing for specific users, only "everyone"

    in Windows 10 Network and Sharing
    Cannot set up network sharing for specific users, only "everyone": Hello everyone, I'm trying to share files between two desktop PCs via wireless networking; they both connect to the Internet via a wireless router. The two PCs are called SCH-Desktop1 and Roger-PC. SCH-Desktop1 has 4 users (one user account being myself) whose folders I...
  8. Specific File Sharing

    in Windows 10 Network and Sharing
    Specific File Sharing: I have a pretty basic open network. I would like to share only PDF files from only my second hard drive, but only to one person and I would prefer they used some form of credentials to log into the drive. They would only have read access. How would I go about accomplishing...
  9. LAN computer set shared folder permission for a specific user

    in Windows 10 Network and Sharing
    LAN computer set shared folder permission for a specific user: Hello everybody, I need to set permission on a shared folder on a remote computer on my network. In the said action, I need to add a local user of that computer to the user list. I know that computer's local users' names but cannot add them. Looks like I don't have...
  10. How to share folders with a specific user on another computer

    in Windows 10 Network and Sharing
    How to share folders with a specific user on another computer: I've gone through the tutorials here on how to set up share folders. Very useful. I've done a fair bit of google searching as well. There does not seem to be an answer to my question. I have some folders on my desktop PC that I have shared on my network using the "Everyone"...