I know this has got to be something stupid I'm missing, but here it goes... I need a folder shared to "everyone" but without allowing them to open it unless providing correct credentials. For example, access a share from within a user profile that does NOT have access by inputting the domain admin user/password. In the past, it would pop up a prompt whenever this instance occurred, but with this new Server box I'm unable to figure it out. It simply pops up an error that user does not have access. It will only pop up a credential request when opening the share from a profile outside the domain. I've tried numerous methods, but cannot pinpoint it. I thought you set the share from the share tab, and then edited the security permissions to allow specific users. Removing "everyone" from security, removes the share entirely. Any clues to point me the right direction?

I don't undertand why you would want access to work this way when you have a Domain? Simply permission the Share and files to the appropriate Domain users and be done with it. Why would you force a user to remember a separate username and passowrd to gain access to some share? Obviously, you want them to have access, so permission their user id as needed. If you insist on your approach, a workaround would be to right click Windows Explorer and Run As the user that has permissions. Then use that explorer to access the share and files. Are you sure the old server was in the domain? From your description it sounds like the old server was in a Workgroup and not in the domain. If the users and servers are both in the domain then NO prompting for alternate credentials is done. This is because all Windows OS's do not allow two different sets of credentials to be successfull authenticated from a single User profile to a Server. Access Denied is considered a successful authentication, because the account authenticated but was denied access. Performing a Run As actually lauches a secondardy user profile. More Info: When both the User account and the Share reside in the same domain the User account AUTOMATICALLY attempts authentication. This will be successfull 99.9% of the time (unless a password change or expiration issue has occured since the user last logged in). The result will be either access denied, or access granted based on the security, but the authenticate will be successful. Because the authentication was successfull, no Secondary prompt will be offered to the user. When the Server/Share is in Workgroup, the authentication from any user account will only be successful if the Server has a matching local account and password. Otherwise the initial authentication fails and the client OS will prompt for authentication.

We have a great deal of users here, at times we need to get something installed, fixed, a key for software, whatever, from our IT folders. Being able to sign in within their profile to perform some simpler quick functions is the reason for this query. This way we do not have to shut off the numerous things most people are typically working on. I know you can add credentials to the credential manager and relog, or relog as a domain admin, but sometimes for quick things, it's far less intrusive to perform these duties within their profile. Having full access to everything in that folder for everyone, such as license keys and software installations, is not ok. Having our domain admins able to get to what they need without having to relog, can be handy in certain instances. Thanks a lot for the tips, information and work around. I'll give that a shot.

If this is meant to be and administrative install or support file share you can do the following. 1) You must use a separate server...one that users do not authenticated to normally. 2) Restrict share to only appropriate users 3) From user profiles/desktop you must use MAP Network drive and Use Alternate credentials. If you don't do this pass through authentication will take place...resulting in access denied.

As Gunner999 said, if users are in a workgroup, they will be prompted to input a domain user and password. If users are in domain and going to input a second domain account, we will need to use the Alternate Credential. If shared folder is in a second domain, we may need to create trust between the 2 domain.

Thanks again. I found the simplest way was to add the credentials to the credential manager prior to trying to get to the share, otherwise it locks it up until a relog. Works fine this way, just have to remember to remove the credentials once you're finished.