I have a local network where PCs exchange files amongst themselves but have no access to Internet. I also have another network on which PCs exchanges files amongst themselves and all have access to internet via a Router. There is ONE PC connected to BOTH of these networks via two NICs. The user of this PC has folders which should be visible to one or the other network, but not both. Is it possible to configure that somehow? Assuming this is possible, could I then just build one big network using a switch/router but block selected PCs from acessing the internet? Sorry, I´m new to networks.

I just found the answer to the first part of my question on another forum: Disallow normal file-sharing and create a workgroup to "contain" permissions within that workgroup. Now I still look for an answer to selectively permit internet access on one single workgroup, as it would simplify the physical network

The easiest way to control who has access to what shares on the multihomed PC is by using user accounts and permissions on the shares For example, the multihomed PC, let's call it PC1, has two shares, A and B. Share A belongs to network 1 and share B belongs to network 2. On PC1, you have users Sue and Bill who are part of Network 1 and should have access to share A, but not share B. You also have users Pete and Jane who are part of Network 2 and require access to share B but not share A. So on the ACL (access control list) for share A you would add users Sue and Bill and give them appropriate R/W access. To prevent Jane and Pete from accessing share A you could either, remove the "Everyone" group from both the NTFS ACL and the "sharing" tab, or, you could add them to the ACL and give them the "no accesss" permission. Then you would do the opposite for share B As to the internet access, unless you enabled ICS on PC1, the multihomed PC, and set it up to share the internet with the second network, it can't share it....so only the one network that you've already given internet access to, will have it.

Thank you Curt R. You have given me food for thought, but I probably wasn´t quite clear enough. Let me clarify, based on your example: There is only one user per PC, so the single user on PC1 must have access to both shares. The other users are on different PCs, making up the two networks. Users on network A may access share A on PC1 and users on network B may access share B on PC1. All users on network A plus PC1 should have internet access. No internet for network B. What I´m looking for is a way for Jane, on PC3 of network A to be able to access share A on PC1 but not share B on PC1. Also, I want her to have internet access. Peter, on PC4 of network B should have access to share B on PC1 but not to share A, and he should have no access to internet. Both Jane and Peter should have access to all shares on the other PCs of their respective networks Claude, the owner of PC1, sees both shares A and B in his own PC1 and all shares on the other PCs of both networks, plus the internet. If I could do that with just one ADSL router/switch, that would be ideal. One port on the switch for each PC. But right now I imagine the solution using an ADSL-Router/switch for network A with internet access, and a separate switch for network B, the local-only network. Their only point of connection would be PC1, which has two NICs. Any additional thoughts are most welcome! Uico in Rio de Janeiro

There is only one user per PC, so the single user on PC1 must have access to both shares. That's how I read it and my response is still bang on the money. You see, because PC1 has dual NIC's (multihomed) and each NIC is configured for one of the two networks, this gives PC1 access to both networks. So, if you had a share on one of the other PC's in each separate network, PC1 could map to both thanks to being a part of both networks. All users on network A plus PC1 should have internet access. No internet for network B. Again, thanks to being multihomed, this is no problemo. As long as the NIC for network 1 on PC1 has the correct gateway address, it'll have internet access just like every other client in network 1. Network 2 won't have any internet connectivity because it will have no external connection. What I´m looking for is a way for Jane, on PC3 of network A to be able to access share A on PC1 but not share B on PC1. Also, I want her to have internet access. As long as user Jane on PC3 network 1's NIC has the correct gateway IP (which will be the IP of the SOHO router you have connected to the internet) she'll have access to share A on PC1 and the internet as well but she will not have access to share B on PC1 if you setup user accounts on the ACL's the way I specified above. Which is to say, she's added to the ACL on share A, but either is not added to Share B, or is added but given the "no access" permission. But right now I imagine the solution using an ADSL-Router/switch for network A with internet access, and a separate switch for network B, the local-only network. Their only point of connection would be PC1, which has two NICs. You're right, but as I said before, unless you used ICS on PC1, or some other 3'd party software, you won't have communication between the networks so you don't need to worry about network 2 having internet access.

OK. It is very clear now! Thanks again for taking your time. Soon I´ll have the chance to actually implement all this!