Re: Limited Access

For users that you want to logon to a computer via Remote Desktop you need
to add that user account or group that the account is a member of to the
Remote Desktop Users group. You can do that using lusrmgr.msc - groups or by
going to Control Panel/system/remote - select remote users. That should
allow the user to logon via Remote Desktop. You also should check Local
Security Policy to make sure that Remote Desktop Users is included in the
user right for allow logon through terminal services.

Again you can not change the location on permissions in a non domain
computer as you can only select users/groups from the local computer. Then
when you logon to another computer of yours as a user in the local users on
the computer with the share and are using the same password you should get
seamless access to the share. For example computer A with the share has a
local user named Bob with the password xxg5. Share named public on computer
A has permissions for user Bob and the folder that is shared has NTFS
permissions for user Bob. You need to configure two types of permissions for
a share for network users - share permissions and the folder NTFS
permissions and simple file sharing needs to be disabled on the computer
with the share named public. Then when you logon to computer B as user Bob
with password xxg5 you should get access to share named public with no
prompt for credentials.

You can create as many user accounts on computer A as needed and no matter
what other computer you logon to in your network as long as you logon as an
account that also exists on computer A with the same password as the user
account on computer A you should get seamless access to shares that you have
both share and folder/NTFS permissions to assuming you have file and print
sharing to the computer not impeded by a firewall and the user account also
has the user right for access this computer from the network and does not
explicitly or by group membership have the user right for deny access to
this computer from the network. What may trip you up on trying to access
shares is if any "stored" credentials are using on the client computer you
logon to. You can check that for the logged on user account by using Control
Panel/user accounts and then selecting your user account and select manage
my network passwords. The link below explains more on share and NTFS
permissions. --- Steve

"mchjr01" <mchjr01@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message

Thanks again for your quick reply. Let me give you my actual scenario:

Within my LAN:

I have a desktop that I use as my fax server, running Win XP-Pro SP2. I
have 2 - laptops, one I am using as a desktop hard wired to my router and
other one is my portable that I use when I travel. Again both laptops are
running Win XP Pro SP2. On my desktop and wired laptop the hard drives are
partitioned with my data separated from the C drives. Moreover, on my
laptop, I attached a 300GB hard drive through a firewire for my data
None of my C - drives on these workstations are shared but all the other
drives are shared. I changed the permissions on these shared drives
me as the only one who can access the folders through remote desktop. My
is DSL with static IP.

After changing the permissions, I am being prompted for a userid and a
password to access the hard drive on the wired laptop from my portable
laptop. What I would like to accomplish is being able to add my userid
my portable laptop to access my data drivers on my desktop and wired
without being prompted for a password. That is the reason why I want to
on how to change the Loacation on the permissions. Examples: On my
desktop, I
would like to add my userid from my portable laptop to read as
From my wired laptop, I would like to add my userid on my desktop to read

Outside of my LAN:

I opened Port 3389 on my router for remote desktop connection. From
I just type my IP address of which is forwarded to my desktop's IP (which
made it static as well) to login and access my files on my desktop (like
retrieving my faxes). Moreover, from my desktop remotely connected, I can
access the external hard drive connected to my wired laptop. By the way
access to my desktop and wired laptop are all accessible through a userid
a password.

With the above scenario, on my desktop, I would like to have my children
friends to be able to login to my desktop with limited access to only the
shared directory on my desktop. As I mentioned earlier, I created a userid
with a password on my desktop, as limited user, for them to be able to
remotely and that is when I was getting the error mesage. To remote
from the login screen they will type the IP address of my ISP then the
desktop login screen comes up and that where they are supposed to type in
id I created.

Again , you have been very helpful and I hope you'll never get tired of my
dumbness on this. Your help is very much appreciated.


"Steven L Umbach" wrote:

First off I will make the assumption that by remote connect you mean
to a network share through My Network Places and not Remote Desktop. If
is not the case then make sure you let me know exactly what you are
attempting to do.

You want to use the computer's name that you are logged onto with the
to add a user account to the permissions list. The computer name will be
only location unless the computer is a member of an Active Directory
which is not your case. You simply want to add the user name that has the
same name as used by users logging onto your other computers. For
if user Bob wants to access your share you will need to create a user Bob
your computer with the share and give it the same password as user Bob
to logon to his computer and a password must be use as by default XP Pro
will not allow user account with blank passwords to access the computer
the network. You can go to Control Panel - users or enter lusrmgr.msc in
run box to manage user accounts.

The local policy of this system does not permit to login interactively
that the user does not have the user right for logon locally on the
computer. You can mange user rights in Local Security Policy under local
policies/user rights. Enter secpol.msc in the run box to easily open
Security Policy. The user must either explicitly or by group membership
the user right for logon locally and NOT either explicitly or by group
membership have the user right for deny logon locally. Generally I have
authenticated users and administrators listed for the user right for
locally and only have the support_... account listed in deny logon
ocally. --- Steve

"mchjr01" <mchjr01@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message

Thanks for your help and I followed the link you gave me and was able
restrict the shared drives and folders. However, I have another
I may:

First off is when I remote connect to my desktop from my laptop within
LAN, I cannot access the shared dirve and folders, for my remote id
from my laptop is not recognized. When I try add it to the list I
change the location name to my laptop and the only name on the list is
desktop. I cannot add any id's from my two laptops to my desktop
because I
cannot change the location.

Secondly, when I use the limited user id I created on my desktop for
users to connect to my desktop, it does not work and a message saying
local policy of this system does not permit to login interactively". I
to navigate through the Administrative Tools from the Control Panel but
cannot find the place to edit or to alter the permission to allow the
user id - enable to remotely login. Would you be kind enough to help me
and direct me where to go.

Again, thanks for your help.


"Steven L Umbach" wrote:

First you need to disable simple file sharing on your XP Pro computer
the share by going to Windows Explorer/tools/folder options - view and
uncheck the last option for use simple file sharing. That will make
that users need to authenticate to your computer. Then create a user
[Control Panel/user accounts] on that computer that is NOT a local
administrator or power user and make sure that only the shares that
that user account to access includes that user account and that other
do not include users or everyone. Then you can also access the
in the properties of any folder such as the one you share and grant
the needed access to that folder. For instance you might want to give
user read/list/execute permissions if you want them to see and copy
from that folder only. If you want tem to be able to write to it also
them write permissions. Modify permission allows the user to also
files in the folder so be careful with that. The link below explains
setting folder permissions. --- Steve;en-us;308418

"mchjr01" <mchjr01@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
I have a Home Network with 2 - laptops and 1 - desktop all running
SP2. My ISP is DSL with static IP. I have file and printer sharing
and be able to connect among my laptops and desktop within my LAN. I
static IP port forwarded to my desktop for remote connection.

I am using my desktop as a fax server and a partition as shared
children for them to download pictures and whatnot. My question and
help me is how do I create a user id and password with limited
my desktop without the capabilty of accessing the other drives in my
My current id, for remote connect on my desktop, has the capability
accessing the other workstations within my network. My ultimate wish
for anybody - just to have access into my shared drive in my

Your help on this will be very much appreciated.