Removing users and groups from the workgroup
At some point, you need to remove users from your server as employees leave the organization. In some cases, you also need to remove groups from the workgroup as projects end and company needs change. To remove either a user or a group, highlight the user or group entry in the Computer Management console, and press Delete. Windows asks whether you're sure that you want to delete the user or the group. Verify the user or group entry and click Yes (or click No if you selected the wrong user or group).
Whenever you remove a user from the system, the user is gone for good. The user ceases to exist. Even if you create another user with precisely the same name, settings, and defaults, it's a different user as far as the system is concerned because the new user account has a different Security Identifier (SID). Consequently, any special security settings are also gone when you delete the user. In addition, if the user has encrypted files on the system, the files remain encrypted and you can't decrypt them. Because the process is oneway, you want to ensure that you're deleting the right user.
Group deletions can have even more significant implications on the server because you're working with the rights for a number of users. Whenever you delete a group, anyone in the group loses the rights that the group provided to them. Consequently, if you accidentally delete some groups, you may find that your server becomes unusable. Unfortunately, Windows doesn't provide any safeguard for the Administrators group. If you delete this group, you'll have a very tough time recovering and may well need to start your server setup from scratch. Delete groups with extreme care.
Sharing storage resources in the workgroup
The two main resources that administrators need to share in a workgroup setting are printers and storage. This section of the tutorial describes how to share storage resources. You have a number of ways to share storage resources in a workgroup.
The two most common methods are using the Computer Manager console and Windows Explorer. When you select the Computer Management\ System Tools\Shared Folders\Shares folder, you see a list of the current shares. Windows Explorer uses a special icon that has a hand under the drive or folder icon to indicate a share. However, most administrators find the list shown in the Computer Manager console more helpful than scouring individual entries in Windows Explorer.
Make sure to always check the list of shares before you create a new one. After you determine that you need a new share, follow these steps to share a storage resource using the Computer Manager console:
- Right-click the Shares folder and choose New Share from the context menu.
You see the Welcome screen of the Create a New Shared Folder Wizard. - Click Next.
You see the Folder Path dialog box. - Type the location of the storage resource you want to share, such as
C:\ for a drive or C:\MyData for a folder. Click Next.
You see the Name, Description, and Settings dialog box. Notice that the wizard suggests a share name based on the resource path. - Type a share name in the Share Name field if you don't want to use the default name that the wizard has provided.
- Type a description in the Description field.
- (Optional) Click Change to change the offline setting of the shared resource.
The offline setting determines whether the user can share the folder as an offline folder. Offline folders provide the user with extra flexibility by letting them copy the folder contents to their local drive. Any changes they make to the folder contents are synchronized to the server storage. When the user has a connection, synchronization occurs immediately. When the workstation is disconnected, synchronization occurs when the workstation resumes contact with the server. Offline folders can result in lost data.
When two users modify a folder in an offline state, the last changes to any modified files overwrite any previous changes. Consequently, you shouldn't provide offline status to folders where simultaneous edits can cause problems, such as database folders. You see the Offline Settings dialog box.- a. Choose an offline storage option.
The default option of letting the user make a choice provides optimal performance in most cases because most users don't use offline folders unless they're using laptops. The second option of forcing all users to use the folder in an offline mode is helpful when everyone using the folder has a laptop and you don't want users to forget to take their data with them. The third option disallows offline folder use; you normally use it in cases where you don't want to risk data loss when two users change the same file in an offline mode. You always use this option when sharing a folder with databases (such as an Access database) in it. - b. Click OK.
- a. Choose an offline storage option.
- Click Next.
You see the Shared Folder Permissions dialog box.
The standard permissions allow users and administrators specific levels of usage permission. In many cases, you have to set a custom permission strategy to account for specific folder requirements, such as a collaboration by a particular group of users.- a. (Optional) Choose Customize Permissions.
- b. Click Custom.
You see the Customize Permissions dialog box, where you can add or remove special permissions as needed. To add a new permission, click Add, provide the name of the user or group you want to add, and then click OK. Highlight the new entry and set the permissions for that user or group by checking options in the lower dialog box. To remove a permission, highlight the user or group entry and click Remove.
You must also provide rights to the drive or folder for the user or group you add. Share security provides remote access to the resource only. To add security access, select the Security tab and add or remove users and groups as necessary to provide the proper rights to the folder. - c. Click OK.
- Click Finish.
You see a success dialog box that summarizes the share you created. Verify that the sharing information is correct. Notice the check box at the bottom of the success dialog box. Checking this option runs the Create New Shared Folder Wizard again. Simply follow Steps 2 through 8 to create the new share. - Click Finish.
You see the share added to the list.
Creating a share using Windows Explorer is a little less structured. Windows Explorer depends on your knowing what to do from the outside and provides less help. Use these steps to share a folder with Windows Explorer:
- Choose Start → Programs → Accessories. Right-click the Windows Explorer
entry and choose Run as Administrator from the context menu.
You see a copy of Windows Explorer open. - Locate the drive or folder you want to share in the Windows Explorer
hierarchy. Right-click the entry and choose Share from the context menu.
Windows displays the drive or folder Properties dialog box. Notice that the dialog box tells you whether this resource is already shared. If the resource is shared, you can click Share to determine more information about the share. - Click Advanced Sharing.
You see the Advanced Sharing dialog box. This dialog box already has entries in it, to show you how they would appear on your system. - Check the Share This Folder option.
- Type a name for the share in the Share Name field.
- Define the number of simultaneous users you want to allow for this
resource in the Limit the Number of Simultaneous Users To field.
Normally, you set limitations on resource usage by limiting the number of users that the server supports. This feature gives you the additional option of limiting access to a particular resource. For example, you might have a licensing limitation for a database or an application. Setting a limit here helps ensure that you don't go over the licensed limit. - Type a description of the share in the Comments field.
- Click Permissions.
You see a Permissions dialog box and you set the permissions using the same approach as for that dialog box. Remember that this dialog box sets the share permissions only. - Click OK.
- (Optional) Click Caching.
You see an Offline Settings dialog box. Configure this dialog box using the same approach that you do when using the Create a New Shared Folder Wizard. Click OK when you finish configuring the Offline Settings dialog box. - Click OK.
The information on the Sharing tab, changes to show the shared status of the resource. - Click Close.
The resource icon in Windows Explorer changes to show the shared state of the resource.
Eventually, you need to change the sharing information for a particular resource. The groups that use the resource will change, you might need to stop sharing completely, or the share may require different permissions (perhaps you provided too many or not enough permissions at the outset). In all these cases, you can change the share settings by right-clicking the share in the Shares folder of the Computer Management console and choosing Properties from the context menu. A share Properties dialog box, where you can change any of the settings you configured using the wizard or Windows Explorer.
If you choose to stop sharing the resource, right-click the share in the Shares folder of the Computer Management console and choose Stop Sharing from the context menu. Windows asks whether you're sure that you want to stop sharing the resource. Click Yes and the system stops sharing the share. You can use the same steps as before to re-create the share when necessary.
In this tutorial:
- Working with Workgroups
- Understanding Workgroups
- Preparing to Create a Workgroup
- Considering Centralized versus Group Sharing
- Configuring the Server for a Workgroup
- Adding users to the workgroup
- Removing users and groups from the workgroup
- Performing User Configuration for a Workgroup
- Working with Peer Name Resolution Protocol