Bit of a query really - is it posibile to give access to a shared folder (using NTFS permissions) to any user on a particular computer. In this case we're going to have several computers with a scanner plugged in, and we need anyone using that particular computer to have access to a shared folder on the network. At the moment just adding the computer account only really gives the service accounts access but not anyone on the computer, and as there's quite a few people who could be using the computer a group with users is possible but a bit of work. Optimisitc or has anyone managed it before? Many Thanks

Share permissions then when you want more granularity you do ntfs permisisons. NTFS is file permissions and not involved in the sharing. I hope this clarifies this for you. All users have accounts on the server. You share the scanner folder to the generic group Everyone which will give anyone logged into the server from the workstation access to the folder.

To be honest that will give everyone on the domain access which we don't really want but I get what you mean, it was more of a case of just the users using that particular computer who could be anyone in a particular area (possibly about a 100 users) without having to create a group and manually add the users by hand - more laziness than anything really especially. I just wasn't sure if you could give file access to everyone from a particular computer but it's unlikely execept for the service accounts as I've not found anyone else who's done it.

Permissions are based on user access and not computer access. So short answer: No. You could have a 'Scanner' account (user) that users can log in with to scan, and set whatever permissions you want from there. Just a thought.

How do these users login to these computers? Do they use a guest login or are these computers not a part of the domain? We have scanners on our domain and how we did it was by creating a user group called Scanners then gave the group rights to the Scans fold on our share. Then all I had to do was add people to that group.

archsteve it always helps to get the proper answer to a question when you include all the criteria in the question. Given your situation I would suggest you setup an account called scanner and restrict it to only logon from that machine. It would have all rights to the scanner network folder and no one else [since that appears to be the restriction]. Any user would logon that machine using that account. That account could only be used on that machine. This is how we handled our scanner station and it has worked for eight years flawlessly.

To be fair setting up a group and giving access to the folder is what we would have done in the first place (and have done since) but it was more of a "could this be done" rather than a proper technical query. Luckily we've developed a web frontend which gives management rights to the group which accesses this folder and the department in question can add the 100 or so users needed themselves, which they're welcome to! The overall reason for looking for an easier way is that it's a ward and the number of users changes very often (doctors and nurses change very often, usually between wards or leaving altogether) - so the whole aim was to try and reduce this admin overhead if possible, especially since we don't always know who these people actually might be (as a guide we have about 12,000 people on the AD in total - god bless the NHS) but thanks for the help anyway.