Access denied for homegrouped W7 workgroup shares
Hi, I'd like to ask for your kind support in the following issue. When I turn off HomeGroup on all affected machines (as detailed below), the problem ceases. (However I'd need to have HomeGroup tuned on.) I have two W7 computers, say R2D2 and 3PO, both belonging to the same workgroup, say Galaxy.R2D2 runs Win 7 Ultimate 32 bit, and I log on to it using the account, say, Jedi.3PO runs Win 7 Ultimate 64 bit, and I log on to it using the account Yoda.Network conf: on both computers, HomeGroup is enabled, file/printer sharing & discovery is enabled in private networks, Galaxy is a private network in both computers, 128 bit encryption is set to be required, and management of HomeGroup passwords is set to use custom user names.I have created an account Jedi on 3PO with the same password as in R2D2. I have created an account Yoda on R23D2 with the same password used in 3PO. That is, both computers have the same pair of accounts with identical passwords per user name.Windows Firewall is set to enable file/printer discovery and sharing, NetBIOS (also enabled in NIC properties).Avast! Firewall is set to enable Windows networking, port 139 and NetBIOS protocoll and ICMP.I have created a share on R2D2, called Reports in C:\Reports. Yoda belongs to a group for which full access is enabled to C:\Reports. The same full access is enabled to the same group in the share's permissions.Assume the dual of above, a share following the same scheme on the other computer. And the problem is: A user can only access the share on the other computer if Everyone has explicite access to the folder and the share. If only the relevant group has the access (but Everyone is not denied, only not listed in the Security or Share Permissions dialog), the user cannot access the share. I would expect Yoda can access \\R2D2\Reports, since on R2D2 Yoda has an account with the same password as on the requesting computer 3PO, and belongs to a group which has full access to the share and to the local folder shared. The whole situation is strange, because I have just reinstalled Windows on one of the computers, and before the reinstall, everything worked fine. Thanks for your kind efforts, guys. eMem
April 24th, 2012 3:21am

Hi, Firstly, I notice you mentioned that if only the relevant group has the access. Please let us know the details about the relevant group. Meanwhile, we cannot simply share a folder to a user in another computer by assigning special permission than assign the permission Everyone in a WorkGroup. Please double check the sharing settings. And, R2D2\Yoda and 3PO\Yoda are not the same to system, although they have the same name and password and in the same WorkGroup. Therefore, the permission you assign to R2D2\Yoda cannot apply to 3PO\Yoda. In summary, I suggest to try the following: 1. Please join all the users to the same HomeGroup. 2. Please refer to Video: Sharing files with HomeGroup and Keep specific files and folders from being shared with a HomeGroup, share the folder to HomeGroup and see how it works. Hope this helps. Jeremy Wu TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 26th, 2012 5:01am

Hi Jeremy, Thanks for your response. Here comes the details about the user groups. On R2D2, there is a Jedi and a Yoda account. There is a group called RemoteMe, in which Yoda is listed as a member. Say there is a share C:\Foo, shared under the name Foo. I have granted full access to C:\Foo to Jedi and to RemoteMe, as well as I have granted full access to the share named Foo. I guess this scheme should work, and it actually works when HomeGroup is turned off, but could you please confirm, you also think this sceme is okay? When trying to access R2D2 from 3PO with the Yoda account, it is no matter if I leave it to Windows to try to log me in (with Homegroup turned on, it will succeed, since the user name exists on the other computer, and the password is the same), or if I add an entry to the Credential Manager with the R2D2\Yoda account (or, the to give it a try to the third alternative, with 3PO\Yoda). Before trying the procedures linked, I'd be happy to read what you think about the above mentioned configuration, namely that you'd expect it to work or not. Thanks, emem
April 26th, 2012 5:08am

Hi EM, Thanks for your response. Based on my understanding, Im afraid that the scheme may be failed to archive your demand easily. If there is no Homegroup exist and you share C:\Foo in R2D2, you can assign permission to R2D2\Jedi and R2D2\Yoda. However, you can assign permission to 3PO\Jedi or 3PO\Yoda due to R2D2 cannot find 3PO\Jedi or 3PO\Yoda even they are in the same workgroup. And the group RemoteMe only has R2D2\Yoda actually. Therefore, the only way to access C:\Foo in R2D2 from 3PO is to entry the credential of R2D2\Jedi or R2D2\Yoda when prompted. In this situation, Homegroup is designed to help simplify file and printer sharing among computers in your home network. Therefore, it is recommended to join all the users to the same Homegroup and then you can realize ease of sharing. For more information, please refer to Windows 7 HomeGroup and Windows 7 HomeGroup: Frequently Asked Questions. Hope this helps. Jeremy Wu TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 5:42am

Hi Jeremy, Thanks for your response again. You wrote "you can [I guess this is can't] assign permission to 3PO\Jedi or 3PO\Yoda due to R2D2 cannot find 3PO\Jedi or 3PO\Yoda even they are in the same workgroup" -- but for this very reason, the permission is assigned only to Jedi without machine name. When I log on from 3PO to R2D2 with the Jedi account, R2D2 only recognizes and sees the account requesting permission is called Jedi. Since there is an account called Jedi on R2D2, it has access to the local folder shared, as well as to the share, and since the password provided by 3PO for Jedi is the very same what is set for the account on R2D2, 3PO authorizes the request. This is the reason why you need not only create account with the same user name, but with the same passwords in such situation. Aren't I correct with this concept? eMem
May 4th, 2012 2:28pm

Hi, Sorry for the mistake. However, based on the current situation, please allow me to make a summary. In workgroup, if you want to access to one computer from another computer, you must have an account on this account or you know the username and password which this computer uses. For more detailed information, please refer to What is the difference between a domain, a workgroup, and a homegroup. In homegroup, you can avoid these requirements. A homegroup makes it easy to share pictures, music, videos, documents, and printers with other people on a home network. Therefore, it is strong recommended to join all users to a homegroup. For more information, please refer to Share files with someone. Hope this helps. Jeremy Wu TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 8th, 2012 5:36am

Hi Jeremy, Sorry for that I did not respond to your mention of homegroup. HomeGroup is a great idea, I really like it, however when you need to differentiate permissions, and you need to assign different permissions to the different people on your homegroup, you finish up choosing "let me handle users names". And this is the point where I failed :). When HG was turned on, and I chose to manage usernames/passwords myself, I could not access the network resources. When I turned off HG, the problem ceased. In the previous Windows instance I has no problems with HG enabled with custom permission management.em
May 8th, 2012 6:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics