How to set a password on a LAN shares ?

[murderdoll]

What's up guys,

I want to set a password on my LAN so only my friend can access all my drives, now with no password everybody from the internet can access them ( if i have my firewall disabled ).. i've searched on google but i couldn't find anything thoroguh, can anybody help? many thanks in advance!

by the way, windows xp professional.

[SAXD]

Rather than open up your whole file system to the internet (ohh, the tubes!), you may want to consider utilizing an FTP server.

[vertex]

You have to create a new user (e.g. "guest" or "buddy") with a password and allow this user to read the share.

[murderdoll]

I'll keep the ftp solution to the end ( if i couldn't do anything )... Good idea nevertheless!

@vertex, i can't add permissions for a user from other computer.. i can only set permissions for the users that use my computer, although i need to add permissions to the user who is accessing my shares from another computer.

any ideas?

[omegabyr]

start -> run -> control userpasswords2

You can make a new account that cannoit login in but has access to your shares.

Hope that helps

[vertex]

  murderdoll said:

i can only set permissions for the users that use my computer, although i need to add permissions to the user who is accessing my shares from another computer.

Is the "use simple file sharing" box in the folder opptions unticked?

If so, you should have an extra "permissions" button on the share tab. Have a look here

[+BudMan MVC]

Your wanting use window shares across the public net?? BAD IDEA! For starters quite a few ISP would have the NBT ports blocked ie 137,138 and 139. Yes since 2k MS allows for SMB over TCP without NBT, ie using port 445.. Again - quite likely this port would be blocked.

Do you have netbios over tcp/ip enabled or disabled? Do you understand how and when SMB uses NBT or not? Do your friends.. you really are going to suggest to other people that want to access your files to open up NBT to the public net?

If you want to share files with users on the internet - use FTP.. Or allow them to connect to your network through a vpn.. http://www.hamachi.cc/ would be a very easy way to accomplish that.

Are you behind a router - and these people your wanting to share files with are on your same local lan? Then sure no problem - but exposing window shares to public net is just asking for it.. If your behind a router.. the public net can not see your shares.

FTP would be your best bet.. It would make it easy for you to setup usernames and passwords for different users, etc.. I would suggest http://filezilla.sourceforge.net/ as a simple easy to use and configure FTP for the new user.

Edited August 22, 2006 by BudMan

[murderdoll]

@omegabyr, when i add a user from there it goes like MyComputerName\NewUsername , so i can't put OtherMachineName\Username.. so its only good for users on my machine not the users trying to access me from another machine

@vertexm, i know about this stuff, i have the permissions tab, but i can only add permissions for people at my pc (example: MYPCNAME\USERNAME ), i cant add ( OTHERMACHINENAME\USERNAME )..

@Budman, you understood me wrong, i'm not trying to share my drives over the net, i'm just sharing my drives so other machines on my LAN can access them, but without a password/user-permission they're accessable to anybody from the internet..

and i'm not behind a router that's why ppl can see my shares from the net ( as you said BudMan), that's why im trying to set a password/permission to the guys on my LAN

guys, if you need more explanation tell me ;<

Edited August 22, 2006 by murderdoll

[+BudMan MVC]

So your not behind a router - but have other machines on your lan?? They all have PUBLIC IPs?? Your ISP supplies you with muliple IPs?

How are these other machines connected to you?? If not behind a router with a switch?

A modem allows for 1 connection.. How are these other machines connected to you - that would expose this other connection to the public net? If you have another interface, connected to a switch - that these other machines are connected too.. This interface does not have to be exposed to the public.

You will NEVER be able to add anothermachine\user to your shares and or file permissions. Share and file permissions on XP use LOCAL accounts.. Create and account to use -- give the user the password, ie

username: Billy

password: whatever

When someone access your machine - if they use Billy and whatever they will have access to whatever you gave your local billy account permission too.

[murderdoll]

Ok Budman, i really appreciate it, here is the thing, i'm not behind a router, my lan is all connected to a network hub, we're not sharing internet, each machine has it's own internet account.

How it's exposed to the public ? Well i got no idea but i know when i share my drives for the people on my LAN, another people from the internet can access it.

But now i found something out after i read your post, i added a new local account on my machine, for example

user: Billy

password: whatever

and then i set the permissions on my shares, so only Billy can access them.. and then i went to the other machine and i map networked my drives but i clicked on the "Connect using a different name" link and i set the account info ( Billy:whatever ).. and it actually map networked the shares with no problems.. i guess this is my solution.. if you have anything else to say i'd be glad to read it :p

Many thanks !

edit: to clear things up, i pressed on this link and entered the user/pass i created, and bam it worked

[+BudMan MVC]

What do you mean each machine has their own internet account?? But your all using the same modem??

If you all using the same modem - your alll sharing the bandwidth.. Why not just use a router, and use 1 internet account.. I would assume that would be a cost savings ;)

I am very curious how your machines are connected to the public net.. Are you on a school network? Where is this internet connection? What is the HUB connected too - that gives you internet?

Does your IP fall into the private range - or public?

http://en.wikipedia.org/wiki/Private_IP_address

10.0.0.0 ? 10.255.255.255

172.16.0.0 ? 172.31.255.255

192.168.0.0 ? 192.168.255.255

The only thing that makes any sense is your on a school network, and then yes other users on the school network would be able to access your machine.. I do not know of any school that still gives out PUBLIC IPs -- or atleast not that would allow FULL access to the public net ie SMB type connections.. etc..

[murderdoll]

Budman, i'm not sure what you're talking about but you're making it more complicated for me.. anyways

We have 4 machines, they are all connected to a LAN hub.. 3 of these machines share one internet account and the last machine does not use this shared bandwidth ( the last machine has it's own internet account, but if it's not connected to this specific account it will be using the other bandwidth which the other 3 machines are sharing )..

3 machines in one apartment with the same internet account , the 4th machine is in another apartment with its own internet account ( but can use that shared bandwidth if its not connected to any internet connection.. through the lan )

can you make anything out of this ? how my machines are connected to the public net ? it's really weird, or maybe it's just windows xp

here is my lan ip

..

I'll be sitting here on the pc for around 1.5 hours now, if you need more info tell me heh :)

[+BudMan MVC]

192.168.0.237 is a PRIVATE IP -- therefore you are behind a NAT device, ie a router somewhere!! The 192.168.0.1 device would be your NAT device, ie your ROUTER..

Unless your machine is in the DMZ.. Or you are forwarding NBT to your machine - people on the "internet" can NOT access your files shares.. 192.168.0.237 is not routable on the PUBLIC net.. take a look a the private address link I posted.

I am confused by what you mean by "internet account" Is this something you log into? What do you mean by "internet account"?

Also Where does the HUB plug into?? It must plug into another device.. ie the 192.168.0.1 device -- where is this device?? Is the only thing connected to your machine is the HUB? This is how you get to the internet.. by talking to the 192.168.0.1 device -- or do you have another connection?

[murderdoll]

Here where i live, we dont have cable, adsl requires a modem.. so what i mean by "internet account" is a user/password to connect to the internet ( just like old 56k days :p ).

The hub plugs into one of the machines, and all the others machines are connected to the hub.. internet has nothing to do with 192.168.0.1.. as i said i use another connection for internet, here is a shot

This is the internet connection status..

This is how my Network Connections window look like

hope you get me now :p

[+BudMan MVC]

No I don't get you -- What I see is pretty much a CLUSTER "___" setup ;) So you have USB modem.. or atleast your connected to a speedtouch USB interface.. What is the model number of the modem? 330?

Do the other users have their own modems? Or are you sharing your connection out with ICS?

Like I said early on -- if you LAN is on a different interface than your internet net connection.. Then your shares do not have to available to the public net -- you can block this at your firewall.. only allow access from the 192.168.x.x network.. Or for that matter unbind file and print sharing from your public connection -- ie your USB modem.

Highlight your USB connection, and UNBIND file and print sharing..

I'm still confused about your connection.. when you say shared "internet connection" that your not using.. What is this connection? Some other users machine, using another modem?

If you have 3 machines in your house.. You only need 1 internet connection, and a ADSL gateway with a built in switch.. As I mentioned before - cost savings! ;) You could have many more machines that really, all on 1 internet account.

Since I see you have a speedtouch -- here is a speedtouch ADSL gateway, ie modem and router combo with a 4 port switch or even just 1 ethernet port, if you have an existing switch or hub. This would allow all the machines to get to the internet, with only have 1 internet account.. You could split the cost 3 ways..

http://www.speedtouchdsl.com/prod546.htm

SpeedTouch 546(i) Multi-User ADSL Gateway

For all I know you have a gateway device now.. Say something like this one

http://www.speedtouchdsl.com/prod530.htm

SpeedTouch 530v6 Multi-user ADSL Gateway

And your just using the USB interface.. I see it all the time.. Users have a gateway, they call it a modem.. Or they have just a modem and they call it their router.. etc..

BTW - you say your not using that "Shared Lan Internet Connection" - That would depend on the metric of the interface.. If a machine has multiple gateways on multiple interfaces.. it will use the interface with the LOWEST metric, which would be the on the FASTEST connection.. If you have a 100mbit connection vs USB modem connection - it is quite possible that the ethernet has the lower metric?

Be curious to see your route table.. example

C:\>route print

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 09 5b e0 fb ad ...... Realtek RTL8169/8110 Family Gigabit Ethernet NI

- Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.100 10

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 10

192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 10

224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 10

255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1

Default Gateway: 192.168.1.254

===========================================================================

Persistent Routes:

None

Just trying to help.. From what I can gather when you talk about "multiple" internet connections -- you could all save some money. And have a less complex setup, be more secure, etc..

If how your setup works - good for you, but it seems pretty far from an optimal type config. Glad I could be of help in your account question.. But looks like there is much more you could do in cleaning up your network ;)

[murderdoll]

As i said mate, 3 machines are in one apartment and are using/sharing the same bandwidth, and the last machine ( the 4th ) is in another apartment and using it's own internet account.. and no we're not planning to let all of those 4 machines to share the same bandwidth. Just to clear things up, in the whole process there is 2 modems, 3 machines sharing one modem/bandwidth, and 1 machine using 1 modem.

I'm using a modem and not a gateway, this is what i have http://www.speedtouchdsl.com/produsb.htm .

I just unchecked File and Printer Sharing from my USB connection as you suggested, it actually might stop my shares from being exposed to the public.

Here is my route table if it'd do any good

C:\>route print

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 02 44 66 73 77 ...... Asound 10/100M Based Fast Ethernet Card - Pac

Scheduler Miniport

0x10004 ...00 90 d0 47 f7 cc ...... Alcatel SpeedTouch USB ADSL RFC1483 -

cket Scheduler Miniport

0x20005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 81.10.***.** 81.10.***.** 1

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.237 21

81.10.***.** 255.255.255.255 127.0.0.1 127.0.0.1 50

81.10.124.252 255.255.255.255 81.10.***.** 81.10.***.** 1

81.255.255.255 255.255.255.255 81.10.***.** 81.10.***.** 50

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 169.254.79.134 169.254.79.134 40

169.254.79.134 255.255.255.255 127.0.0.1 127.0.0.1 40

169.254.255.255 255.255.255.255 169.254.79.134 169.254.79.134 40

192.168.0.0 255.255.255.0 192.168.0.237 192.168.0.237 20

192.168.0.237 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.0.255 255.255.255.255 192.168.0.237 192.168.0.237 20

224.0.0.0 240.0.0.0 169.254.79.134 169.254.79.134 40

224.0.0.0 240.0.0.0 192.168.0.237 192.168.0.237 20

224.0.0.0 240.0.0.0 81.10.***.** 81.10.***.** 1

255.255.255.255 255.255.255.255 81.10.***.** 81.10.***.** 1

255.255.255.255 255.255.255.255 169.254.79.134 169.254.79.134 1

255.255.255.255 255.255.255.255 192.168.0.237 192.168.0.237 1

Default Gateway: 81.10.***.**

===========================================================================

Persistent Routes:

None

I masked my ip address by the way.. I'm off to bed, many thanks mate, you rock :p

[+BudMan MVC]

As to might actually -- no it will, that is how things work ;)

I see your public connection, the 81 address is 1 metric, while your lan connection is a 21, so you would use the 81 interface to get out.. So the 192.168.0.1 gateway is the machine in the other apartment, Im guessing.. And you have a connection between the apartments then..

I still dont get how you think anyone is sharing your modems connection? You can tell from your route table and what you posted before, your not the gateway for the 192 network, the 192.168.0.1 is.

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.237 21

Ah wait :lamp:, your machine is the 1 machine, and 3 other machines are in the other apt using another modem with the machine sharing out using ICS, since you state there is no gateway devices. And you have a connection to this other network..

Im just trying to picture the physical connections here.. In the morning I will lay this out -- so we have a picture to work with.. Maybe your not as clustered up as I thought.. If think I have the layout figured out finally ;)

Your use of the term "internet connection" for a shared private lan with 2 internet connections was confusing me.. here I will draw it up now.. is this how your setup?

Please correct me where I'm wrong.. Also from your route table, you have an interface with APIPA address on it??

169.254.79.134

http://en.wikipedia.org/wiki/APIPA -- What would be the use of that? In a nutshell that 169.254 address is the RANDOM address windows puts on intefaces when it can not find a DHCP server and its set for dhcp.

edit: There is really not much wrong with this kind of setup.. I would replace the 1 modem with 3 machines on it with a gateway device.. get rid of the hub. And let the gateway do the NAT vs running ICS.

Then just connect the 1 other machine to the other gateways switch..

For security reason, I would replace the other modem with a gateway as well.. but not required - just unbind file and print sharing from the public interface. Use a firewall, etc.

But you could really get rid of 1 of the modems.. And just share the bandwidth between all 4 machines.

Edited August 23, 2006 by BudMan

[murderdoll]

Your drawing is exactly right mate, except that the Hub is in Apt2 , i dont think it matters anyway.

About the APIPA you mentioned, i'm not really sure what is that, but could it be because all the network connections on the 4 machines have Obtain IP Address Automatically/Obtain DNS Automatically ?

The machine in apt1 is mostly used for playing online, we once tried to share the bandwidth between all the machines, but when somebody is downloading some file in Apt2, the machine in Apt1 experience high latency.. also it's not one guy who's paying for the both internet accounts, apartment 1 is me and apartment 2 is my friend!

[+BudMan MVC]

What other interface do you have??

You have your public interface.. the 81. address

You have your private interface.. the 192.168.0.237 address

What other interface do you have -- that has the APIPA address 169.254?

Yes the reason you would get an APIPA address.. is an interface is set for DHCP, but there is no DHCP server to give it an address.. But a 169.254 address is not going to allow you to do anything, but talk to other APIPA addresses..

Its really pretty pointless really.. "Automatic Private IP Addressing or APIPA, this allows unknowledgeable users to connect computers, networked printers, and other items together and expect them to work."

More like annoy the F___ out of knowledgeable users if you ask me ;)

Well - since the hub is in apt2, I fixed up the drawing for you.. This way - the next time someone asks you how your setup.. You have a layout -- will save a lot of time ;)

[murderdoll]

I dont think i have any other inteface..

Thanks for fixing the drawing btw, now it's right =)..

I'll be on neowin irc channel for a while now, i hope you come, we can discuss it and i also have 2 questions to ask you but i'll keep them to irc, many thanks now and in advance mate

[+BudMan MVC]

well your route table shows an interface with the 169.254.79.134 on it..

ipconfig /all will give you the details off ALL of your interfaces.. example.

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : p4-28g

Primary Dns Suffix . . . . . . . : local.lan

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : local.lan

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet 8

Physical Address. . . . . . . . . : 00-50-56-C0-00-08

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.235.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet 1

Physical Address. . . . . . . . . : 00-50-56-C0-00-01

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.17.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0D-56-F0-F0-09

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.0.0.50

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : 192.168.1.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.2

Primary WINS Server . . . . . . . : 192.168.1.4

Can you post that.. feel free to hide your public IP.. Or just look as see what it shows for the 169.254 address. Have to leave for work - but will drop by the irc when I get a chance.

[murderdoll]

Windows IP Configuration

Host Name . . . . . . . . . . . . : just-try

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mshome.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mshome.net

Description . . . . . . . . . . . : SURECOM EP-320X-S 100/10M Ethernet P

CI Adapter

Physical Address. . . . . . . . . : 00-02-44-66-73-77

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.201

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Wednesday, August 23, 2006 4:24:36 P

M

Lease Expires . . . . . . . . . . : Wednesday, August 30, 2006 4:24:36 P

M

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Alcatel SpeedTouch USB ADSL RFC1

483

Physical Address. . . . . . . . . : 00-90-D0-47-F7-CC

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.79.134

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

PPP adapter TE-DATA:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 81.**.***.**

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 81.**.***.**

DNS Servers . . . . . . . . . . . : 81.**.***.*

NetBIOS over Tcpip. . . . . . . . : Disabled

Here you go :)