I tried to setup my DNS-320L with some dedicated network shares and user access rights and found it strange how this works. But maybe I'm just too stupid for it...
Here my simplified use case:a list of users:
dad, mum, son, grandma, guestI have all users in 3 groups
-
Intranet this group contains
mum, dad, son-
AllAccess this group contains
grandma, guest-
Boss this group contains
dadthen 3 shares
-
Volume_1/public for internet access, group
Intranet, AllAccess, Boss allowed
-
Volume_1/internal only through my internal network, group
Intranet, Boss allowed
-
Volume_1/bossonly just for group
BossNow the strange things:1) Admin default access rightsThe default user "admin" cannot be restricted or included to any Group or share. He has full access to everything.
The main issue with that: With this admin account you get the full access in mydlink. I am not really paranoic, but why not restricting the file access to a user who has this very general access right through the mydlink website and the mobile phone apps - phew! I like to restrict the access of "admin" to shares - or - use a different user for the mydlink access.
Does anybody know how to restrict the access rights for "admin" or where to change the default user for mydlink?
2) All Users have access to applicationsEvery User who is logged in by a browser for web access to the network shares (My Files), also has access to the applications "FTP/HTTP Download", "Local Backup", "P2P Downloads". I really don't want to grant grandama, guest and UncleBen access to these nice toys.
But how to block that?
3) Group access rights not properly passed on to the UsersWhen I set up a new User, "UncleBen", then put him into an existing group (e.g. "AllAccess"), then he can't access the share on My Files web access through his browser. He can log in, but won't see the share which is opened to the Group he belongs to.
The only way I could work around this: After adding him to the group "AllAccess", I had to go back to the user management for "UncleBen" and click once through all tabs of the User Setup Wizard again. There it copies the access rights from the group to the user.
Very uncommon logic... I mean, the reson of making up groups is that you have a central administration und don't need to go through all users again.
Am I doing something wrong?
4) Accessing a share with explorer under Windows 7 by a different userImagine, you are logged in to Windows 7 with a Windows user ("son"). In the Windows explorer you can see all shares in Network, but only open the shares, which you are belonging to (in my example "Volume_1/public", "Volume_1/internal"). When double clicking on a forbidden share ("Volume_1/bossonly"), a log-in Window pops up where you can enter the user name and password to get access to this share. So far so good...
problem now: Even when you enter the correct user credentials ("dad" + password), you will never get access to the share. Windows will come back again with the login window.
Is there any trick to do so? E.g. something related to the home group?
[Edit] Under XP it works fine. Under Windows 7 only when you enter the IP-address directly into the address bar (like \\192.168.0.111), but not when you use the device's name (\\DNS-320L).
Author
Topic: Account Management, admin and user rights, network shares (Read 3646 times)