# How to limit Windows Sharing to one PC on a network?



## hat (Dec 6, 2014)

I have a shared folder set up that currently anyone on the network can get in to. I want to set it up so that this folder can only be accessed by one PC in particular, instead of any PC on the network. How can I do this?


----------



## newtekie1 (Dec 6, 2014)

Set up one user for general sharing, and another user that can access that folder.  In the security tab of the folder deny access to the general user and allow access to the special user.


----------



## Jetster (Dec 6, 2014)

Right click share specific people


----------



## Kursah (Dec 6, 2014)

Is the one PC in particular a different PC on the local network?

+1 to what newtekie1 said if you want a quick and simple route.

You could restrict by using Password Protected Sharing in Network and Sharing Center advanced settings. Then create a user or user(s) with credentials (passwords), and add them to shares or remove them from shares. Then if you don't want someone accessing anymore, lock their account, remove it, change the password. Probably above and beyond what you need for this situation though.


----------



## hat (Dec 6, 2014)

This sounds like sharing with user accounts. I have password protected sharing turned off. Would I have to enable this (and thusly enter a username/password whenever I connect to the shared folder) to do this? I don't want to screw with usernames and passwords beyond initially setting it up (read: I don't want to enter a username/password when I connect to the folder, I just want to limit access to one particular PC).

The shared folder is on my main PC, and the only PC I want to access it is a laptop on the same network.


----------



## Kursah (Dec 6, 2014)

Unfortunately, without having a domain and DC using AD DS or similar, I don't believe you can do the shares how you see them on a home-grade network without simply using accounts and account authorization. You need to treat and view these local accounts as a workstation ID instead of an account logged into your computer like you are now. In that respect, this would make limited access quite easy. Give the user of that computer the ID and password to access your PC on the network and they'll have access to specific shares. You'll be a mini-network admin in no time! 

You can have access credentials saved on the PC accessing shares, reducing the need to login every time to access the share.

Another option would be to modify the share in Computer Management. Shared Folders > Shares.

Add a $ at the end of the share name to make it invisible, so you must know the location to access it. You will see examples of this as there are some default shares within Windows already setup this way.

With that you may still want to do as suggested above by newtekie1 with permissions and/or with local accounts to restrict access still so you can assign whom has access to that share.

Beyond that I don't believe there is a way to restrict via PC ID's, because each PC is its own identity, and none are registered to a central server like a domain controller, so using the PC name/ID as a network resource on your home network in the method you want isn't realistic. But if you can manage to accept and view extra created accounts (create them in Computer management too btw...then you have one window for creating and managing accounts and shares) as a PC ID, you'll be fine me thinks.


----------



## newtekie1 (Dec 7, 2014)

hat said:


> This sounds like sharing with user accounts. I have password protected sharing turned off. Would I have to enable this (and thusly enter a username/password whenever I connect to the shared folder) to do this? I don't want to screw with usernames and passwords beyond initially setting it up (read: I don't want to enter a username/password when I connect to the folder, I just want to limit access to one particular PC).
> 
> The shared folder is on my main PC, and the only PC I want to access it is a laptop on the same network.




You only have to enter the username/password the first time you connect to the server. You can have the PC remember the username/password and then you don't have to enter it again after the initial setup.


----------



## Batou1986 (Dec 7, 2014)

newtekie1 said:


> You can have the PC remember the username/password and then you don't have to enter it again after the initial setup.


Since its windows networking that option wont work properly from the dialog box 50% of the time, so you will have to add the login credential on the remote pc under credential manager.


----------



## Jetster (Dec 7, 2014)

I don't know what you guys are doing but once everyone is in a home group you can choose who can access what folders


----------



## newtekie1 (Dec 7, 2014)

Batou1986 said:


> Since its windows networking that option wont work properly from the dialog box 50% of the time, so you will have to add the login credential on the remote pc under credential manager.


It works 100% of the time if you do it at the right area.  If you navigate to the "server" through explorer->network->"server" or do a \\<server> in explorer's address bar, when you enter the username/password in the the dialog that pops up there and check the box to save them, it will enter them directly in credential manager.  If you get the dialog box any other way, you are right, it is a 50/50 change of them saving properly.  But at least Microsoft finally got it right with Win8 and don't give you the check box to save the credentials if they won't actually be saved!


----------



## Aquinus (Dec 7, 2014)

newtekie1 said:


> You only have to enter the username/password the first time you connect to the server. You can have the PC remember the username/password and then you don't have to enter it again after the initial setup.


Windows will first attempt to use the local account credentials on the client when you connect to a Samba share. If the remote server and the client (regardless of AD use) have the same creds for the logged in user on the client, it will authenticate automagically without prompting for login information even if you've never connected to it before. The exception to this is if the account doesn't have access to read the share.


----------



## hat (Dec 7, 2014)

So do I need to make additional user accounts on my PC in order to restrict sharing? For example...

"user1" has access to folder X, and folder Y
"user2" has access to folder Y, but not folder X

And then what amount my main administrator account on the PC with the folders being shared? Couldn't anyone with the admin username/password have access to all shared folders by default?


----------



## Kursah (Dec 8, 2014)

hat said:


> So do I need to make additional user accounts on my PC in order to restrict sharing? For example...
> 
> "user1" has access to folder X, and folder Y
> "user2" has access to folder Y, but not folder X



Well for what you're requesting, I feel it's the quickest and easiest method when you want to do more than allow or restrict shares for everyone, in which the "everyone" group can be applied. Seeing that you want just one other PC on the network to have access to one specific share, the method of creating an account to use for authorization to that folder makes the most sense imho. You're on the right track.



> And then what amount my main administrator account on the PC with the folders being shared?



What? Not sure what you mean here. Do you mean: What about your admin account? Lock it down, disable it if you don't want it (though I'd just password it if you're not already).



> Couldn't anyone with the admin username/password have access to all shared folders by default?



To answer the second question, yes. Do not share the admin account, limit its access to you. Remove . Do give out the limited account credentials.


----------



## Aquinus (Dec 8, 2014)

hat said:


> So do I need to make additional user accounts on my PC in order to restrict sharing?


Correct. However you can create the account and put it in a group with incredibly restrictive settings, but the account must exist to grant different users access to a share in Windows.

Linux on the other hand stores Samba users separate from the system itself, but I don't think this is important for your purposes.

The simple point is that you need to use different users to determine who has access to what. Keeping shares wide open doesn't do this at all, so I'm not quite sure what you're trying to get at. Also you can map a network drive to a samba share and you can tell it to remember your credentials for the network share and if you would like it to mount at login.


----------



## newtekie1 (Dec 8, 2014)

You can even set it so those users can't login to the computer locally, they can only access the network shares.  The users won't even show up on the login screen.


----------

