DOCUMENT:Q101234  09-JUL-1993  [W_NT]
TITLE   :INF: How to Set Up Share Level Security with Windows NT
PRODUCT :Windows NT
PROD/VER:3.10
OPER/SYS:WINDOWS
KEYWORDS:

--------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows NT operating system version 3.1
 - Microsoft Windows NT Advanced Server version 3.1
--------------------------------------------------------------------
 
It is possible to make Windows NT user level security act somewhat
like share level security by creating a user account that is intended
to be shared by many users. To do so, use the following procedure:
 
1. Create a user account in User Manager.
 
2. Choose User Cannot Change Password and Password Never Expires.
 
3. Make sure User Must Change Password at Next Logon is not checked.
 
4. Add this account to any groups as desired or grant access directly
   to resources as appropriate.
 
When you want to give someone access a share, inform them that they
may use this special user account and password when connecting to the
resource.
 
To access this shared resource from File Manager and Print Manager,
enter in the Connect As field the account name you created in the
procedure. You will be prompted for the correct password.
 
To access a shared resource from the command line use the NET USE
command with the following switches:
 
   /User:<account> <password>
 
For connecting to other resources such as named pipes or for programs
that do not allow entry of the user name or password, make a
connection to the computer before running the program from a command
prompt using the following command:
 
   NET USE \\<computer>\IPC$ /User: <account> <password>
 
Note: Once a connection is established to a computer using a
particular account, the connection must be deleted before another
connection to the same computer can be established using a different
account. For example, if a user wants to use the shared user account
to access a computer, they will have to first disconnect any
connection they already have under their own user account.
 
Background on Share Level vs. User Level Security
-------------------------------------------------
 
Share level security provides a password controlled gate to protected
resources. The advantages of this security paradigm is that it allows
granting access to a broad range of people with very little effort. It
is not very secure, since the password is widely distributed and there
is no notion of personal accountability. Windows NT's security
paradigm is based upon granting access to individuals each of whom has
an account. This allows fine-grained control over per-user access and
allows individual accountability. The disadvantage is that you must
create a user account for each user you want to grant access to and
you must grant that user the access (either directly or by adding to
an appropriate group).
 
Additional reference words: 3.10 netsrv scrty

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1993.