NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WDTV Streaming Read Access rights vs. Admin Write Backup
Greetings, I am trying to determine the best approach to setup my user (and groups if necessary) and permissions on my Readynas102 on OS6 and a WDTV Live Streamming device. I will be using the NAS...
It is definitely a good idea to think about security now.
You might try changing the "everyone " access to read-only on the media shares, and uncheck it altogether on the backup folders (also unchecking "allow anonymous access). You do that on the access tab of the share settings. That should solve the issue with the WDTV without needing to give it a special account. You will need to change "everyone access" anyway if you want to prevent anonymous users from seeing or deleting files.
That will likely also have the same effect on the PCs if I understand your setup correctly - so you would either need to use your existing admin account for them, or create one or more user accounts.
-By default, Windows presents your windows user/password to the NAS when you connect. If that user name is not configured on the NAS, you get anonymous access. You can over-ride this default behavior using the windows credential's manager (in the control panel for Win7, Win8). It also exists in other windows versions, but is a bit harder to find. Anyway, you specify the NAS name or IP address (name is better) and set the username/password you want to use.
So you have several options:
(a) leave everything as is, and don't worry about the WDTV writing back.
(b) Change settings for "everyone" access on the NAS as noted above, and use windows credentials manager to tell your PCs to use your existing admin account. If the PC logon name is "admin' already, the PC might not remember the password correctly on restart - in which case you will need to re-enter it. (Vista has that problem, not sure about other versions of Windows).
(c) Change settings for "everyone" access on the NAS as noted above, create a single user account on the NAS for all PCs to share and use windows credentials manager to tell all your PCs to use that user/pass when using the NAS.
(d) Change settings for "everyone" access on the NAS as noted above, create a user account for each PC that matches their existing windows user/password. Whenever you change the PC password, you'll need to change it on the NAS as well.
(e) change settings for "everyone' to totally block anonymous access to every share. Create a WDTV account for the WDTV. Create a user account for each PC that matches their windows user/password (leaving all accounts in the user group). Explicitly configure access rights for each user to each share.
(f) change settings for "everyone' to totally block anonymous access. Create a WDTV account and "mediaplayer" group for the WDTV. Create a user account for each PC that matches their windows user/password (leaving them in the user group). Use Group access controls for each share to specify read/write access to it. If you get more mediaplayers in the future, create accounts for them in the mediaplayer group.
Personally I just use (a) at home. My wife and I are the only users, and my various gadgets (mediaplayers, etc) have never done any damage to my files.
(b) and (c) are also fairly simple and I think provide the security you are looking for, and have the benefit that the files in the shares will all have the same owner.
(d)-(f) are workable, but in my view are more appropriate for enterprise. However, if family members have private files (for instance if you have kids and want to limit their access), and everyone uses their own PC account already, then those methods might be the right ones for you.
BTW, I have two general suggestions for your new NAS:
(1) work out a backup strategy and back it up regularly. RAID-1 is not sufficient to protect your data. A USB or eSATA drive will work (ideally two drives that you swap every week).
(2) Get a UPS for your NAS. A lot of issues we see here start with a power failure. Most UPS have a USB connector that you plug into the NAS (so the NAS will monitor it, and shut down when the UPS battery drains). Make sure you get one that has that connector.
You might try changing the "everyone " access to read-only on the media shares, and uncheck it altogether on the backup folders (also unchecking "allow anonymous access). You do that on the access tab of the share settings. That should solve the issue with the WDTV without needing to give it a special account. You will need to change "everyone access" anyway if you want to prevent anonymous users from seeing or deleting files.
That will likely also have the same effect on the PCs if I understand your setup correctly - so you would either need to use your existing admin account for them, or create one or more user accounts.
-By default, Windows presents your windows user/password to the NAS when you connect. If that user name is not configured on the NAS, you get anonymous access. You can over-ride this default behavior using the windows credential's manager (in the control panel for Win7, Win8). It also exists in other windows versions, but is a bit harder to find. Anyway, you specify the NAS name or IP address (name is better) and set the username/password you want to use.
So you have several options:
(a) leave everything as is, and don't worry about the WDTV writing back.
(b) Change settings for "everyone" access on the NAS as noted above, and use windows credentials manager to tell your PCs to use your existing admin account. If the PC logon name is "admin' already, the PC might not remember the password correctly on restart - in which case you will need to re-enter it. (Vista has that problem, not sure about other versions of Windows).
(c) Change settings for "everyone" access on the NAS as noted above, create a single user account on the NAS for all PCs to share and use windows credentials manager to tell all your PCs to use that user/pass when using the NAS.
(d) Change settings for "everyone" access on the NAS as noted above, create a user account for each PC that matches their existing windows user/password. Whenever you change the PC password, you'll need to change it on the NAS as well.
(e) change settings for "everyone' to totally block anonymous access to every share. Create a WDTV account for the WDTV. Create a user account for each PC that matches their windows user/password (leaving all accounts in the user group). Explicitly configure access rights for each user to each share.
(f) change settings for "everyone' to totally block anonymous access. Create a WDTV account and "mediaplayer" group for the WDTV. Create a user account for each PC that matches their windows user/password (leaving them in the user group). Use Group access controls for each share to specify read/write access to it. If you get more mediaplayers in the future, create accounts for them in the mediaplayer group.
Personally I just use (a) at home. My wife and I are the only users, and my various gadgets (mediaplayers, etc) have never done any damage to my files.
(b) and (c) are also fairly simple and I think provide the security you are looking for, and have the benefit that the files in the shares will all have the same owner.
(d)-(f) are workable, but in my view are more appropriate for enterprise. However, if family members have private files (for instance if you have kids and want to limit their access), and everyone uses their own PC account already, then those methods might be the right ones for you.
BTW, I have two general suggestions for your new NAS:
(1) work out a backup strategy and back it up regularly. RAID-1 is not sufficient to protect your data. A USB or eSATA drive will work (ideally two drives that you swap every week).
(2) Get a UPS for your NAS. A lot of issues we see here start with a power failure. Most UPS have a USB connector that you plug into the NAS (so the NAS will monitor it, and shut down when the UPS battery drains). Make sure you get one that has that connector.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
