Windows 10: Setting "Everyone" in File Sharing to Work with Specific Users

Discus and support Setting "Everyone" in File Sharing to Work with Specific Users in Windows 10 Network and Sharing to solve the problem; Hi All, I have been attempting to understand file sharing where you specify permissions for specific users, but I get conflicting advice from the Win... Discussion in 'Windows 10 Network and Sharing' started by toppinglift, Apr 2, 2017.

  1. Setting "Everyone" in File Sharing to Work with Specific Users


    Hi All,
    I have been attempting to understand file sharing where you specify permissions for specific users, but I get conflicting advice from the Win 10 forums and very recent 2016 and 2017 articles. I searched your forums and tutorials and have not found an answer either. The methods suggested by the articles are similar except for one BIG difference—they handle what to do with the “Everyone” Group differently. My comments below are in bold and in brackets and I have written below what I found so far and what I intend to do. If you want to skip reading that and just tell me what you do, I would appreciate that too.

    1. I want to share folders/files in this way: Users A, B, C and D will have read/write access to a group of folders/files. User E will not have access to those folders/files. User D and E have separate user accounts on the same PC. Users A, B and C have separate PC’s. If D and E sharing the PC is a problem with file sharing permissions, I will get separate PC’s for everyone.

    2. I want to share folder/files using File Explorer method.

    3. The folder/files will be secured behind the Windows login information on the sharing PC so I can allow access to just specific users.

    On one Reddit forum (sorry I lost the url), this was the method suggested: Right click on the folder you want to share=>advance=>mark : share this folder=>add . . .[the User Name]-->advanced=>make sure everything is marked under “object types . .=> find now=>select who to share with under the “names” column=>select shared user from the list and permissions you grant them from the check boxes (for read and write or “777” permission [not sure that that is] permission tick all 3 boxes in the allow column=>click ok=>done. [No mention of “Everyone” but I think it is under Properties=>Sharing=>Advanced Sharing=>Permissions by default].

    On http://www.geeksquad.co.uk/articles/...-on-windows-10, the article keeps the “Everyone” group under Advanced Sharing=>Permissions and tells you to ADD the specific User Names you want to allow access, making sure you tick the boxes which grant “Change” permission. [this is similar to the instruction from Reddit above, but adds Users Names in by going to Permission in a different way—you must type them out instead of selecting them].

    On PUREInfoTech, http://pureinfotech.com/setup-networ...ng-windows-10/, they tell you the same method as above from Reddit and Geeksquad, except when you get to Permissions (where the Everyone group is the default) they instruct you to REMOVE the Everyone group and ADD the specific User Names you want to share. Of course, you tick the boxes for Change and Read or for Full Control.

    This is what happened to me when I followed each set of instructions---PERMISSION DENIED for the all the specific users. The only way I could give Users A, B, C permission to share the files/folders was to go into Properties=>Sharing and just add the Everyone group. So, I did not go into Advanced Sharing, but the problem is, while I solved the file sharing issue—I cannot exclude D—he gets access too. So, I am back to square one, not understanding how this file sharing works. I thought Properties=>Sharing was for local files and Properties=>Sharing=>Advanced Sharing is for network shares.

    Thanks in advance.


    :)
     
    toppinglift, Apr 2, 2017
    #1
  2. 93tid Win User

    How to fix " Unknown Artist " ?

    My favourite is MP3Tag, google it.
     
    93tid, Apr 2, 2017
    #2
  3. my phone " keys in " some numbers while talking

    As I said in my first post you can either try to update it's software to see if it cures it.

    If it doesn't then your phone is faulty and you will need to get it repaired.
     
    psychomania---01, Apr 2, 2017
    #3
  4. Samuria Win User

    Setting "Everyone" in File Sharing to Work with Specific Users

    Welcome to the forum. They key thing is everyone includes even admin so if you rent admin can't get in. There are two sides to this one is the share permission but the key is the NTFS permissions. Share lets them connect. But NTFS has a lot more settings to then control what they can do
     
    Samuria, Apr 2, 2017
    #4
  5. Thanks Samuria for the quick reply and welcome. I am sorry but there must be some typos in your reply because I do not understand what you are describing.

    How would YOU configure Permissions to allow Users A, B, C and D on the same network to share the same file, but not allow User E. That is all I am trying to discover. I've read that "Share" is just file permissions and "Advance Share" is NTFS, and that Share is for local files, and Advance Share is for network, but I can't figure out how to make it work. Every setting I use with Everyone or with specific users named ends up with PERMISSION DENIED. So far, the only way that works is if I put Everyone in Share and not change anything else. But while that grants permission for A, B, C and D--I cannot stop E from accessing the file. Any help would be appreciated.
     
    toppinglift, Apr 2, 2017
    #5
  6. Pyprohly Win User
    Toppinglift, generally, it is always recommended that you handle access using NTFS permissions exclusively, if available. This means leaving the share permissions to the default of “Everyone, Full”. The only time you should be configuring share permissions is when the share destination’s disk doesn’t support a permission system itself.

    I’m assuming this answers the OP.

    This is the only question I could find throughout both your posts, yet it’s difficult to tell what sort of answer you are expecting here.

    In any restricted site, there are two principal strategies for controlling access: you can either take a whitelist approach and permit access to only those who you trust, or you you can take a black list approach and describe those who should not have access. The former is more secure and is very suitable in this case where you are saying that you want users A, B, C, and D to have access. Saying this alone by default excludes any user E, F, or G, etc.

    To be able to manage access on a user-by-user basis in the first place you must be using an Active Directory Domain, or possibly a Workgroup. To be honest, I’ve never used a Workgroup before.

    I know in a HomeGroup, you cannot have this level of specificity as all network users who can access your shares have equal rights to them, i.e., you cannot make a distinction between users authenticating remotely.
     
    Pyprohly, Apr 3, 2017
    #6
  7. Thank you for your reply, Pyprohly. Yes, I know the question is a bit buried and dense, but that is why I quoted the articles above--even the experienced users have different views of where to put "Everyone" and it is very confusing for those who are not network savy, like me.

    So, by NTFS permissions, you mean go to Properties-->Sharing Tab--->Advance Sharing--->tick "Share this folder"--->OK--->OK--->DONE? You don't touch permissions?

    Users A, B, C, D and E are all on the same network and in the same Workgroup.

    I want to have a Whitelist, naming Users A, B, C and D as ONLY the users which have permission to share the files/folders. How do I express that in a way that Windows 10 will understand that?
     
    toppinglift, Apr 3, 2017
    #7
  8. Setting "Everyone" in File Sharing to Work with Specific Users

    I just wanted to repeat that I am not using Homegroup. I am sharing files using the File Explorer method. Thanks.
     
    toppinglift, Apr 3, 2017
    #8
  9. Pyprohly Win User
    Always use the file system’s permissions if it supports it, and leave the share permissions as “Everyone, Full”. Trust me, there’s no benefit in managing permissions for a single item in multiple places and I am certain if you took a poll of the most perceptive system administrators, they’d agree. Those who think otherwise could only suggest that dealing with NTFS permissions adds complexity. Not true. You see, if you start changing permissions on a share you are forced to maintain two sets of permissions because you cannot, or really, really, should not ever give Everyone Full Control on NTFS and leave access control to the share protocol.

    Microsoft’s documentation doesn’t explicitly recommend it, but this approach is heavily alluded to efficaciously. Read more here.
    Uh. No. As soon as you hit that “Sharing” tab you’re dealing with the share’s settings. NTFS permissions are located in the Security tab of the Properties pane.

    And it’s not like, “don’t touch”. It’s like set, and don’t go back there again there to manage permissions.

    Properties -> Security. NTFS permissions, Toppinglift; Toppinglift, NTFS permissions.

    If you say the context is a Workgroup, automatically you are suggesting that users A, B, C, and D are to be users on this machine, and not necessarily users that exist on the machines these users are to authenticate remotely with. On the NTFS permission list you specify users A, B, C, and D as if they were local accounts. When that’s done, person A wanting to authenticate remotely with user A on that machine must create an identical user A on their own machine, i.e., same username, same password.

    This is how it works based on what I have read about Workgroups and I have not tried any of this in practise.

    If you want a more confident answer you can wait until the end of the week to allow myself time to test things, otherwise know that I’m only giving advice based on my educated guess as to how I think a Workgroup behaves. Again, I have not used a Workgroup before.


    Yes, it is important the we’ve established that.

    “File Explorer” method. Mm. Yeah, that terminology has to go.

    What you’re doing here is changing the NTFS permissions.
     
    Pyprohly, Apr 3, 2017
    #9
  10. You know, Pyprohly, that everything you just wrote runs counter to what the articles I listed in my Original Post (from geeksquad and pureinfotech.com) instruct. It blows my mind that there can be so much misinformation provided by these sites. And BTW, I used the terminology "file explorer" method from one of those articles because that is what they called it. No wonder file sharing is so difficult to understand.

    Ok, I would like it very much if you could test it out. I'm going to test what you say too to see if it works with Workgroups and report back to the forum. Just so we are on the same page, this is what I intend to do:

    • Make Users A, B, C, and D share files
    • Properties-->Security-->[Ok, I don't see "Everyone" as a default--do I click "Edit" and then "Add" Everyone in???]
    • Add Users A, B, C and D
    • Click "OK"
    • DONE

    I am totally avoiding the Sharing tab because that has to do with file sharing and not NTFS. I want only NTFS, so I go directly to "Security" tab. Nevertheless, you write that "Everyone" is a default under Security, but I did not see it there--I had to add "Everyone" in.

    Finally, I currently have "Everyone" under the Sharing tab (because it was the only way I could get the files shared--but that setting allowed EVERYONE to share, including user E (which should not share that file). Should I now go in and remove it after I had set the NTFS permissions? Thanks.
     
    toppinglift, Apr 3, 2017
    #10
  11. Pyprohly Win User
    It’s not misinformation, it’s just that there are different approaches on how to configure these sorts of things. You did ask us, at least Samuria, how we would configure things.

    If you are interested in setting up share permissions exactly according to how those articles outline, that is your prerogative. I personally think it is not ideal to be handling access at two locations. Reiterating Microsoft’s comment:
    Sorry, I didn’t realise we were not talking about permissions here. What is described as the “File Explorer” method in those articles is demonstrating how to set up a share through Explorer as opposed to the public ones generated by HomeGroup, or shares created through the command prompt or PowerShell for that matter.

    If we’re talking about share permissions it doesn’t make sense to distinguish a “File Explorer” way.

    No, this is not right. The following is what needs to be done.

    • Make local users A, B, C, and D, and assign a password to each (they must have passwords for you to authenticate remotely with).
    • Create a share through Explorer. Because the share permissions are by default set up how we want it to be, i.e. it includes “Everyone, Full”, they can be ignored as we won’t be controlling access this way. Go to Properties -> Security.
    • The Properties -> Security pane represents the NTFS permissions. Here, you control access by including or denying users or group appropriately. In this case, you’ll be specifying the local users you’ve setup in step 1.
    • Click “Apply” or “OK”.
    • Test share access.
    No, no, I never wrote that. It’s the other way around. “Everyone, Full” for the share permissions; access controlled throughout NTFS permissions.

    As a rule of thumb you never ever should be specifying the Everyone group in NTFS permissions. NTFS permissions represent the final set of rules that govern access to a file. If you screw up an “Everyone” rule, you mightn’t notice initially and it’ll create an annoyance later on.

    No, you should leave access on shares as “Everyone, Full”.

    I’ll need to see the NTFS permissions for that folder that’s being shared to determine what needs to change.
     
    Pyprohly, Apr 5, 2017
    #11
  12. First, thanks for your patience explaining this--I really appreciate it. Second, ok, maybe it is not "misinformation," but the way you and Samuria set your network up makes a lot more sense to me and I want to do it that way. And BTW, I tried the ways explained in those articles, and it just did not work for me. And I just read some of the comments underneath the articles, and it did not work for some of the readers too. When I re-read the articles, I see that the critical difference between your approach and their approach is that they made all changes through Share Permissions and no changes through NTFS permissions. And those approaches never specified that they were doing so because the network had FAT-32 files, they just said that this is the way to do it. Anyway, it did not work. That's why I landed here.

    This was the step by step I was looking for all these months--Thanks!! Can't wait to try it when the network is not active. If it works, I'll mark this thread as SOLVED and give you max award points--(do you do that here-I haven't checked). It it doesn't, I will give you my NTFS permissions screen shot for further help. Thanks again.
     
    toppinglift, Apr 5, 2017
    #12
  13. Pyprohly Win User

    Setting "Everyone" in File Sharing to Work with Specific Users

    The only thing that attracted me to this thread was the permission problem and I wouldn’t be too confident in the networking department, but I’m glad I chose to engage in this thread because now that the weekend’s near I was able to do some intense research and testing with Windows networking to really brushed up on my skill in this area. After doing this, I’ve realised that two crucial points I have said are completely wrong and that I must correct these immediately.

    Firstly, when I said,
    This is incorrect. You are never required to create identical user accounts across network machines. It is a very common tip to hear however, and I think this is because it solves networking issues as it happens to coincide correct requirements.

    When you create an identical users on remote machines you’re automatically fulfilling two criteria points that actually matter: (1) you’re persuaded to set a password on the account you are authenticating with. A user account must have a password to be used for remote access unless those specific public shares provided by HomeGroup are used. (2) You’re forced to use credentials that are approved of on the target machine. People try to use the credentials for their own user account on their own machine rather than the machine for which they want to connect to.


    Secondly, it is a bit of a mistake to categorise Workgroups and HomeGroups as two distinct networking possibilities. Before, I said,
    Yes, it is important the we’ve established that. suggesting that there is a great importance in identifying which technology is being used. And I also stressed not having used a Workgroup before which is really a dumb thing to say, as you’ll see.

    All Windows machines are in fact on a Workgroup by default. Which Workgroup and hence which machines you see on the network is determined by the Workgroup name. Machines with matching Workgroup names are on the same Workgroup. By default, Windows machines have a Workgroup name of “WORKGROUP”.

    A HomeGroup is an extension to Workgroups. All it does is just add special shares, often called “public shares”, to speed up the authentication process. The only difference between these kinds of shares is that public shares don’t require you to authenticate with credentials. When accessing normal shares (“Workgroup” shares) when on a HomeGroup, you will still be prompted for credentials if you try to access them.


    These corrections don’t invalidate the steps I posted in post #9. Just remember that you don’t need users A, B, C, or D to exist on the machine/s you’re intending to use to connect with.


    Edit: Also, custom shares are not “Everyone, Full” by default! But you should still make them so. The default shares that come with Windows are.
     
    Pyprohly, Apr 6, 2017
    #13
  14. I tried post #9 instructions and could not make them work. I am quoting them below for the convenience of anyone following the thread:
    Below is what I did to test the share access. The No. 1 settings granted everyone access. The No. 2 settings granted no user access, including the user on the "white list.":


    Setting "Everyone" in File Sharing to Work with Specific Users [​IMG]
     
    toppinglift, Apr 8, 2017
    #14
  15. Pyprohly Win User
    That should be correct. When clicking that machine in the Network view of Explorer on another machine you’ll be prompted for credentials. Enter “Allen_T450” then the password for that account (it must have a password set) and you should be through.

    Post back error messages if anything fails.
     
    Pyprohly, Apr 8, 2017
    #15
Thema:

Setting "Everyone" in File Sharing to Work with Specific Users

Loading...
  1. Setting "Everyone" in File Sharing to Work with Specific Users - Similar Threads - Setting Everyone File

  2. Specific File Sharing

    in Windows 10 Network and Sharing
    Specific File Sharing: I have a pretty basic open network. I would like to share only PDF files from only my second hard drive, but only to one person and I would prefer they used some form of credentials to log into the drive. They would only have read access. How would I go about accomplishing...
  3. LAN computer set shared folder permission for a specific user

    in Windows 10 Network and Sharing
    LAN computer set shared folder permission for a specific user: Hello everybody, I need to set permission on a shared folder on a remote computer on my network. In the said action, I need to add a local user of that computer to the user list. I know that computer's local users' names but cannot add them. Looks like I don't have...
  4. Network User Folder Sharing Not Working

    in Windows 10 Network and Sharing
    Network User Folder Sharing Not Working: I have four computers, two brand new, with brand new installations of Windows 10 Pro. I have all file sharing features that I can find turned on properly. Private network elected on all computers. Network detection on. Sharing of folders on. I confirmed sharing by...
  5. File Sharing to specific other windows system

    in Windows 10 Network and Sharing
    File Sharing to specific other windows system: Hi I have shared files between windows system within network publicly . it is working fine. But right now I want to share file to specific system within network. How's this is possible? All System within network using windows 10....
  6. How to share folders with a specific user on another computer

    in Windows 10 Network and Sharing
    How to share folders with a specific user on another computer: I've gone through the tutorials here on how to set up share folders. Very useful. I've done a fair bit of google searching as well. There does not seem to be an answer to my question. I have some folders on my desktop PC that I have shared on my network using the "Everyone"...
  7. Software Repository Share not available to Everyone?

    in Windows 10 Customization
    Software Repository Share not available to Everyone?: I'm attempting to create a Shared file that's open to Everyone on the network. I've done everything I can think of to allow Everyone to access it but when I try to access it from a user account not found on the shared file server it won't connect. The Everyone group has full...
  8. Network File Sharing - Different Users

    in Windows 10 Network and Sharing
    Network File Sharing - Different Users: I'm trying to understand the latest W10 ver. 1803 network file sharing, like I've been trying to do with all other Windows versions since Windows began. I think I've boiled it down to a simple question: There are two networked computers named "BLUE" and "YELLOW". Blue has...
  9. Whether Indexing options settings are User specific or PC specific.

    in Windows 10 Software and Apps
    Whether Indexing options settings are User specific or PC specific.: Whether Indexing options settings are User specific or PC specific 83575
  10. VPN Sharing to a specific IP -

    in Windows 10 Network and Sharing
    VPN Sharing to a specific IP -: Hi guys, I have a VPN that runs on my windows 10. I would like to have that VPN shared/route to a specific IP (that IP is a router set up as an access point, and has wireless and ethernet ports, both working. dlink dir-655 that doesnt support DD-WRT). WHY i want to...