No AD is involved in this setup. Yea I have kinda resigned to the fact that MS is infatuated with the whole forced MS account bit. I don't think this is GPO but more so the ability to have users in "groups" and give those groups permissions to shares and files.
Perhaps another example will make it a bit clearer:
This setup works and the fish are indeed able to Read and Write to the fish bowl.
- Certain users are part of a group we will call "fish"
- Users in the "fish" group should have the ability to Read-Write to the share "fish bowl"
- All other users "Everybody" should have view only access
- Users and groups are the same on both pc's
It seems that linking a user to a MS Account effectively breaks the group permissions to the share. Additionally, I tried to explicitly add the localaccount credentials to the users and still no dice.
- Link user that is in the "fish" group to a MS Account
- Said user is no longer able to Write to the fish bowl share
- Unlink said user and it is then able to Write to the fish bowl
- Link user that is in the "fish" group to a MS Account (Again)
- Give said user explicit permissions to the fish bowl and they can then Read-Write to the fish bowl
- Again linking is done on both machines to ensure the user entries match and the experience is unified