Solved W8.1 File Sharing with Group Permissions and MsftAcct

eldonmcguinness

New Member
Messages
16
I recently updated two of my computers to W8.1 and have been in awe of the headaches that come with it. One thing that seems to be a public nuisance is having to use a Microsoft Account to have a syncing onedrive folder. This aside I have been trying to get File/Printer Sharing working between a file server and a client.

With my previous W7 setup I would create custom groups for access to certain file sets and it would all go off without a hitch, the same is true with W8.1 and local accounts. The issue comes in when I try to link a MS account to said local account, at this point it seems to ignore the group permissions. Below is a diagram of the setup and the expected/actual results.

Code:
= W8.1 File Server =
- Added localuser test1
- Added user to administrators group
- Link test1 to MSAccount
- Verified user is still part of administrators group
- Give Administrators Read-Write permission and Security on the relevant share and files

= W8.1 Client =
- Added localuser test1
- Added user to administrators group
- Link test1 to MSAccount
- Verified user is still part of administrators group

With this setup, if I try to write a file to the share in question, I get an access denied, but if I instead explicitly give test1 Read-Write access to the share then the user can write files as expected. If I unlink the MSAccount from the localaccount then the share works as expected with out the user-explicit permissions. Finally, after I have tested the localaccount is working, if I link the accounts back to the Microsoft Account it once again stops working. It seems like MS screwed the pooch on this one and completely broke it's own group [DEL]policy[/DEL] permission compatibility.

Has anyone else seen this, or even better resolved an issue like it? Perhaps I am skipping a very simple step but I just do not see what it is.
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1
I have not had any issues with the changes. If it is just the One drive. Blame it on Microsoft changing how that works. That has nothing really to do with Windows 8.

My son never uses his One Drive account. Only stuff that gets stored in there. Is the account settings for his laptop. Otherwise, everything goes into his google drive account.

One Drive has nothing to do with the issues you are having. Something else is causing the problem when doing file/folder sharing on the network.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Well the OneDrive comment was a side bit really, I mean the only reason that I need to use the Microsoft account is due to it being NEEDED to use OneDrive on W8.1. The Real issue is Microsoft Accounts do not seem to obey Group permissions when setting up file/printer sharing.
 

My Computer

System One

  • OS
    Windows 8.1
You need to forget about the whole Onedrive thing. As for the GPO. It helps to know if you area using the computer on a domain, or just as a stand alone workstation. You really do not have to do anything with GPO, for a stand alone workstation to do file & printer sharing.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
No AD is involved in this setup. Yea I have kinda resigned to the fact that MS is infatuated with the whole forced MS account bit. I don't think this is GPO but more so the ability to have users in "groups" and give those groups permissions to shares and files.

Perhaps another example will make it a bit clearer:
Code:
- Certain users are part of a group we will call "fish"
- Users in the "fish" group should have the ability to Read-Write to the share "fish bowl"
- All other users "Everybody" should have view only access
- Users and groups are the same on both pc's

This setup works and the fish are indeed able to Read and Write to the fish bowl.

Code:
- Link user that is in the "fish" group to a MS Account
- Said user is no longer able to Write to the fish bowl share
- Unlink said user and it is then able to Write to the fish bowl
- Link user that is in the "fish" group to a MS Account (Again)
- Give said user explicit permissions to the fish bowl and they can then Read-Write to the fish bowl
- Again linking is done on both machines to ensure the user entries match and the experience is unified

It seems that linking a user to a MS Account effectively breaks the group permissions to the share. Additionally, I tried to explicitly add the localaccount credentials to the users and still no dice.
 

My Computer

System One

  • OS
    Windows 8.1
You are overthinking this. As for the extra you posted. It really has nothing to do with the question. The Microsoft live account, does not break Workgroup Network shares that are done through SMB/Netbios.

You are getting into stuff, that is only done when connecting or working on a Domain, or using a Samba server as Domain Controller. Most likely while playing around with GPO. You ended up actually breaking the OS.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Hi broe23, thanks for the reply, I can assure you that I have not touched the GPO on either of these computers, as you said it would not do any good unless this was a Domain. The only thing that has been done is to create a couple of user groups, which I can then lump users into in order to make sharing a bit more manageable.

I have completely wiped the computers earlier this week to ensure that it was not something I fubar'd. Ultimately the solution works just fine IF I do not link the MS Account to the LocalAccounts. Once I link the MS Account, the group permissions (security and share, not GPO) no longer have effect. It is almost like linking the user to a MS Account prevents the computer that is sharing the file from seeing the user as part of the authorized group.

The only conclusion I can come to is I have to choose between group share permissions or OneDrive in the case of W8.1.
 

My Computer

System One

  • OS
    Windows 8.1
If you are playing in the Group Policy, you have been messing around with GPO. You ended up causing a problem that can only now be resolved by reinstalling the OS. Due to how bad you have made the problem.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Ahh ok I see, I mis-spoke in the first post, I meant group permissions; as in the group fish has RW access to the fish bowl share/folder. GPO has not been touched on either of the computers, the only things that have been done are what was outlined.


- Add group Fish
- Add users (Fish1, Fish2, Fish3)
- Add users to group Fish
- Shared folder "Fish Bowl"
- Gave group Fish Full Control of Fish Bowl folder in security tab
- Specified group Fish has full control of Fish Bowl at the share level too
= At this point all members of the Fish group (Fish1, Fish2, Fish3) can RW in the Fish Bowl folder
- Link MS Account to Fish1
= Fish1 is no longer able to write to the Fish Bowl, while Fish2 and Fish3 still can
- Unlink MS Account from Fish1
= Fish1 is once again able to write to the Fish Bowl
- Link MS Account to Fish1
= Fish1 is no longer able to write to the Fish Bowl, while Fish2 and Fish3 still can
- Give explicit permissions to Fish1 (security and share)
= Fish1 is once again able to write to the Fish Bowl


I will correct the first post and replace the work policy with permissions.
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1
Still messing with group permissions, you have broken the OS. The only way to fix, is to reinstall it. All you need to do to create local accounts, is create them after you create the initial Live account. Then once you get done creating the accounts, log into them, so the OS can build the profile.

You do need Pro version of Windows 8.1.x, so that you can change permissions of those personal folders, you do not want certain users to have access to.

Going into the Policy and making one up, or editing the pre-existing GPO, will break the OS. Which will not achieve anything for you.

Personally I would keep everyone's personal files on their own personal file share on a NAS. Then just change the location of their My Documents folder to the mapped Network folder location. You do not have to go into Command, or any other way to do this. It can all be done from the gui interface.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
I have the same issue and can relate to the frustration with 8.1 and shares. I do believe linking an MS account does break aspects of sharing. I have similar issues and have tested on several machines with fresh installs. Like the op I too have not tweaked any settings. I did create a post on my issues as well and I bet what ever solution is found will solve this problem and mine.
 

My Computer

System One

  • OS
    Windows 8.1 update 1
    CPU
    E8400
    Motherboard
    abit Fatal1ty F-I90HD mATX
    Memory
    4gb DDR2
    Sound Card
    Bitstream to Home Theater
    Case
    Antec Fusion HTPC Case
    Internet Speed
    30
    Browser
    Chrome
Still messing with group permissions, you have broken the OS. The only way to fix, is to reinstall it. All you need to do to create local accounts, is create them after you create the initial Live account. Then once you get done creating the accounts, log into them, so the OS can build the profile.

You do need Pro version of Windows 8.1.x, so that you can change permissions of those personal folders, you do not want certain users to have access to.

Going into the Policy and making one up, or editing the pre-existing GPO, will break the OS. Which will not achieve anything for you.

Personally I would keep everyone's personal files on their own personal file share on a NAS. Then just change the location of their My Documents folder to the mapped Network folder location. You do not have to go into Command, or any other way to do this. It can all be done from the gui interface.

Hrm, the OS is not broken, and just to ensure that I reinstalled 8.1 on a laptop and still the same issue. I know how to create localaccount and all that other jazz. This does not involve editing group policies either, it is basic password based sharing. I am using W8.1 Pro, just to be clear, this works just fine on windows 7, 8, and as I noted works just fine on 8.1 if you do not link the local account to a MS Account. As for the rational of this. I have a number of users and do not want to give each user permission to new shares everytime one is added; groups are made just for this.

I have the same issue and can relate to the frustration with 8.1 and shares. I do believe linking an MS account does break aspects of sharing. I have similar issues and have tested on several machines with fresh installs. Like the op I too have not tweaked any settings. I did create a post on my issues as well and I bet what ever solution is found will solve this problem and mine.

Good to hear that I am not the only one with this issue, care to post a link to your post for the sake edification.
 

My Computer

System One

  • OS
    Windows 8.1

My Computer

System One

  • OS
    Windows 8.1 update 1
    CPU
    E8400
    Motherboard
    abit Fatal1ty F-I90HD mATX
    Memory
    4gb DDR2
    Sound Card
    Bitstream to Home Theater
    Case
    Antec Fusion HTPC Case
    Internet Speed
    30
    Browser
    Chrome
http://www.eightforums.com/network-sharing/52639-anonymous-access-share-8-1-a.html

I think the issue is the Everyone account does not recognize MS accounts, or really any local group does not recognize the MS accounts.

I think to Windows the MS account looks like its coming from another domain.

Actually "Everyone" works fine for me, users are able to browse the files, but the groups are being ignored once an included user is tied to the MS Account. The difference might be that I'm using a password based setup.
 

My Computer

System One

  • OS
    Windows 8.1
I have the same issue and can relate to the frustration with 8.1 and shares. I do believe linking an MS account does break aspects of sharing. I have similar issues and have tested on several machines with fresh installs. Like the op I too have not tweaked any settings. I did create a post on my issues as well and I bet what ever solution is found will solve this problem and mine.
Incorrect. It has no effect on file or folder sharing. All the live account does, is create a "Roaming" profile. Everything else still works the same as it did with XP, Vista, Windows 7.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
http://www.eightforums.com/network-sharing/52639-anonymous-access-share-8-1-a.html

I think the issue is the Everyone account does not recognize MS accounts, or really any local group does not recognize the MS accounts.

I think to Windows the MS account looks like its coming from another domain.

Actually "Everyone" works fine for me, users are able to browse the files, but the groups are being ignored once an included user is tied to the MS Account. The difference might be that I'm using a password based setup.
That is because you borked the OS, by playing around with the policy settings.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
I have to ask broe23, are you even reading my posts? I just said I reinstalled the laptop and STILL the issue persists. Did not touch any Group Policies, and never touched them in the past.
 

My Computer

System One

  • OS
    Windows 8.1
I have to ask broe23, are you even reading my posts? I just said I reinstalled the laptop and STILL the issue persists. Did not touch any Group Policies, and never touched them in the past.

Good stuff, he posted some bs that had nothing to do with my issue as well. I am literately trying everything under the sun. I did find this, but I believe its only for XP... Everyone group does not include anonymous security identifier . If I run out of ideas I will give this a try.
 

My Computer

System One

  • OS
    Windows 8.1 update 1
    CPU
    E8400
    Motherboard
    abit Fatal1ty F-I90HD mATX
    Memory
    4gb DDR2
    Sound Card
    Bitstream to Home Theater
    Case
    Antec Fusion HTPC Case
    Internet Speed
    30
    Browser
    Chrome
@tabascojoe, I have noticed another oddity with Microsoft Accounts; I use a program called Rohos Logon Key that will not do remote desktop connections unless I specify the user as "MICROSOFTACCOUNT\USERNAME@Outlook.com". However, if I try to login locally I have to use just "USERNAME", if I try to use the full "MICROSOFTACCOUNT\USERNAME@Outlook.com" it does not work.

Seems like this whole MICROSOFTACCOUNT domain/workgroup might be the root of the issue here too.
 

My Computer

System One

  • OS
    Windows 8.1

My Computer

System One

  • OS
    Windows 8.1 update 1
    CPU
    E8400
    Motherboard
    abit Fatal1ty F-I90HD mATX
    Memory
    4gb DDR2
    Sound Card
    Bitstream to Home Theater
    Case
    Antec Fusion HTPC Case
    Internet Speed
    30
    Browser
    Chrome
Back
Top