OK in short this is what I'm trying to do. We have SBS 2008 and I want to have three shares, One, Two, Three. Folder One is for one privet use, Folders Two and Three are for the rest of the users, Shares Two and three have the same username and passowrd accounts linked. Now I have setup two accounts for these shares, BUT when I try and access these file under Windows 7 they are read only. Also I if I access this in Windows XP, I am prompted for a password but all files open as read only. Now What I'd like to have is, three shares which are password protected, but can be access by non-domain computers. Everbody should be propmted for a username and password, and be given the rights to that folder with the account which has been login with. I'm hoping the problem lays with the workstations.

It sounds to me like you have a mismatch with Share Settings and NTFS settings. You should have your users added to a group so you can set up a special tier system. Standard Share Settings Select the "advanced sharing" when you right click on these shares. Select Permissions on that share. Delete the "Everyone" share user group, replace with Authenticated Users only. Share Settings for each Folder - Authenticated Users - Full Control Rinse/repeat with Folders 2 & 3. NTFS Security Settings - Least Privileges Dominate ALL Privileges Right-Click on the Folder and goto properties, Select the Security Tab, if you do not see this tab, you need to make an adjustment in your Folder properties. Settings - Folder 1 Authenticated Users - Full Control Allow Explicit Users Denial Add everyone you want to block if there are too many to block explicitly to a Single Group, then block the group with the users. Do NOT add the Administrator Account to this group. Settings - Folder 2 - Authenticated Users - Read & Execute, List Folder Contents, Read Creator/Owner - Full Control Settings - Folder 3 Authenticated Users - Read & Execute, List Folder Contents, Read Creator/Owner - Full Control This should meet your objectives 1) Enforcing Logon 2) Preventing Undesired Access from unapproved users 3) Limiting access to other users documents by using creator/owner permission. By doing this, a user can not report, "Well, so and so deleted my reports! I can't get my work done," because using that permission prevents those actions. Create additional folders as needed for users to use common office documents by allowing all at it. Like spreadsheets that use multiple departments, or an Access database. If you can not see the "Security" tab... Goto Control Panel / Folder Options Select the View Tab Uncheck "Use Sharing Wizard" - Formerly known as "Simple File Sharing" from legacy operating systems like XP How to create a group or manage users. Please review the Technet Reference for Small Business Server 2008. http://technet.microsoft.com/en-us/library/cc794289(WS.10).aspx - Managing User Accounts and Groups in SBS 2008. Hope this resolves your issues. Kind Regards, Steve K. Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand. - Archibald Putt's (Putt's Law)

Sorry at the time of writting I wasn't all there, a contractor laying a new floor, the smell from the glue that was used, made a few of us sick. Also the advisting for SBS 2008 had said that a person with non technical knowledge of Windows Operating systems could easly setup a SBS, sure.... Anway do I still need to work with groups if I only have one user for the share? Folder 1 is only for one account. As for Folders 2 & 3 will need groups since I plan on having three user accounts full access to those shares. As for tonight I think I'll try reading my SBS 2008 book tonight. Lesson learned, don't trust default setting. Well at least in this matter. Thanks I'll post the resolute, the next time I work on the server, I also notied a few other people haing the same issue, but with on answer.

Sorry at the time of writting I wasn't all there, a contractor laying a new floor, the smell from the glue that was used, made a few of us sick. Also the advisting for SBS 2008 had said that a person with non technical knowledge of Windows Operating systems could easly setup a SBS, sure.... Anway do I still need to work with groups if I only have one user for the share? Folder 1 is only for one account. As for Folders 2 & 3 will need groups since I plan on having three user accounts full access to those shares. As for tonight I think I'll try reading my SBS 2008 book tonight. Lesson learned, don't trust default setting. Well at least in this matter. Thanks I'll post the resolute, the next time I work on the server, I also notied a few other people haing the same issue, but with on answer. My answer isn't incorrect, you don't have to explicitly deny those accounts, you can just simply make the "Share" only to that particular user account. It's just the best practice of configuring NTFS Security properly to obtain best results and establish a common ground between the shares so that you have a baseline management set for your data. I've seen companies pick out small shares and just custom, custom, custom, without that baseline and fail audits because something slipped through the cracks. You don't want to have that "one thing" slipping through the cracks end up being employees personal information or payroll information. That's why there are best practices out there... There's no need to hit the book either unless you really need to. The link I provided is the Technet Source which pretty much says everything that book says and maybe more tailored to what you need to know right now for the immediate configuration, and resolution to your issues. Obviously hit the book at when you need it, my bookshelf is loaded with blue bindings for Microsoft Press books, I also just use the Ebooks from the CDs as I need or use the Technet Library if I need specific syntaxes of commands or I need some sort of scripting. Anyway, I hope you find what you need, hope I helped some! Best Regards, Steve Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand. - Archibald Putt's (Putt's Law)

I never said that your answer was incorrect, I was just asking a question at the time, its how I try and fully understand stand a subject. I should also say that your misunderstanding is commen for myself, its the reasion why I don't have a job as of yet, I'm working as a volunteer at the community center down the road. Anyway with what you had said in your first post, I deleted the shares I had created, and not the folders themselfs. Then I created the new shares, before I did I created two groups, one for full contral over all folders, and another for only the other two. Well in short it is now working, I paid more attach to the NTFS and SMB permissions, that solved the problem. So you did answer my questions, and allow me to understand what I had done wrong, it was only about 45 minutes to redo the three folders, I spent sometime on one creating a how to text file, saves time for later on. So no you didn't help some, you had provied the answer I needed! Thank you. As for books, I do have a some Microsoft, but I also enjoy the O'Reilly's books (more to my liking).