Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Folder permissions based on computer name?

Status
Not open for further replies.

sh321

IS-IT--Management
May 4, 2007
19
Hi all,

There is a setup at one of the sites that I work at that requires certain folders/files to have permissions based on the computer name...

The thing is, all users use the same username 'helpdesk' (business doesnt allow this to be changed) to log on to 8 different PCs. I need to set permissions on a network folder so as only one PC (that also logs in as 'helpdesk' by the way) can have full permission on a folder yet the remaining 7 PCs (again logged in as 'helpdesk') only read access.

I tried giving read access to the 'helpdesk' user and gave full access to the computer that is to have full control (via computer name) on the network folder.

The read access works fine but the computer that requires full access also only has read access (even though its computer name has full access permissions).

Is there a way to achieve this?

Thanks an advanced.
 
Where are the shared folders, on a server somewhere?

If you only need access to the folders on a specific workstation, just add "everyone" to the folders with write permission. If the folders are shared on a common server, this won't work. However, if you could isolate the specific workstation that needs write permission you could control that in the login script by identifying the workstation rather that the user and setting permissions acordingly.

David
 
Hi David,

The [shared] folder is indeed on a server - Windows 2003.

All 8 workstations need access to the folder but only one dedicated one needs to have full write access.

Could you explain further about the login script? I think that seems like what I may need.

Many thanks.
 
I've never seen it done before, but it seems to me that NTFS permissions will only work by user or security group, not at the computer level. I also think that user permissions trump computer permissions.

Seems to me what you need is a second user account to do what you want. You could set that user up so that it only has rights to log-in to that one single workstation so it can't be used on the other machines, then give that new user the write permissions.

Good luck,
 
@lhuegele

Yes, another user account would be much easier of course, but the way the system is setup, many changes would have to be applied to the new user account. All the workstations run various software, including databases, library catalogue systems, etc, etc- all of which have been setup/configured externally with this one user account for communication between different sites (!)

I was thinking the same about user permissions overriding the computer ones.
 
Since permissions are implicit, I don't believe you can set-up NTFS file permissions on a computer basis.
 
Setting up an alternate account ie: helpdesk-2 is the easiest way to solve your problem and also the best way for future trouble shooting of that workstation connection. Do it that way.

However, you could create a login script that would test the computer name during login and change the mapping credential to a different user through the NET USE command. An example of this may be seen in markdmack's login script on the spidors parlor website.

David.
 
I believe you can use a batch file to map a drive with a user name...

since i am assuming you don't have a domain...create a USER account for the computer (i.e. pc-01) on the server. give this user write access to the share that pc-01 needs. Repeat for other pcs.

give your general helpdesk account read access to all shares. make sure the helpdesk account is created on the server. you may also want to make sure all pc-01 and similar accounts have read access as well.


have the batch file run for the the helpdesk user on the computer at login and use the new user account (pc-01) you created on the server with the user and password switches for net use (see above link).

the drive will map with the right permissions under the normal user...achieving the goal of everyone using the helpdesk account and having read only access, while mapping a drive under different credentials for each user. You will need 8 different login scripts...

hope this helps...
 
Thanks for the replies guys...

I think I may try out the NET USE script method.

Probably get to try it out on Monday.

P.S. All the workstations are on a Windows domain...

Thanks again for all the replies.
 
The batch file method i was talking about should work in a domain environment as well.

The basic principle is assign a "user" account to each "pc" and having them map their drive using the repective account.

Good luck!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top