Page 3 of 3 FirstFirst 123
  1.    14 Apr 2017 #21
    Join Date : Mar 2015
    Sydney, NSW
    Posts : 93
    Windows 10

    Meanwhile, I’ll take this moment to explain a few things.

    Firstly, I’m grateful you mentioned control userpasswords2 because I previously didn’t know of a GUI way of changing an account’s SAM name other than creating a new account.

    Quote Originally Posted by toppinglift View Post
    if any of the PC users CHANGED their user names and passwords from the first time they set up their account, the PC with the shared file only uses the ORIGINAL name of the user to grant permission NOT the CHANGED name.
    Updating a user account’s name is said to be a cosmetic change. The reason for this is as you’ve mentioned: if you change the name of an account you don’t use the updated name to authenticate, you must use the old name because this will be the SAM account name.

    What’s happing here is that when you change the name of an account using the typical account renaming options offered through Settings or the Control Panel, you’re really only updating the “full name” property for that account and not the SAM name. The “full name” field is actually blank after creating a new account. Windows will use the “full name” field to display your user’s name if it is available, otherwise Windows will default to using the SAM account name when displaying your user account’s name.

    The ADSI COM interface exposes user account properties and can be visualised with the help of PowerShell. The following is a representation of an account’s properties after a name change. The “Name” property is the SAM account name, and the “FullName” was initially empty.
    Code:
    PS C:\Users\Pyprohly> [adsi]'WinNT://./Bob' | select *
    
    
    UserFlags                  : {513}
    MaxStorage                 : {-1}
    PasswordAge                : {875756}
    PasswordExpired            : {0}
    LoginHours                 : {255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255}
    FullName                   : {Bob the Builder}
    Description                : {}
    BadPasswordAttempts        : {0}
    LastLogin                  : {4/11/2017 11:55:22 PM}
    HomeDirectory              : {}
    LoginScript                : {}
    Profile                    : {}
    HomeDirDrive               : {}
    Parameters                 : {}
    PrimaryGroupID             : {513}
    Name                       : {Bob}
    MinPasswordLength          : {0}
    MaxPasswordAge             : {3628800}
    MinPasswordAge             : {0}
    PasswordHistoryLength      : {0}
    AutoUnlockInterval         : {1800}
    LockoutObservationInterval : {1800}
    MaxBadPasswordsAllowed     : {0}
    objectSid                  : {1 5 0 0 0 0 0 5 21 0 0 0 112 134 33 206 227 177 8 6 118 36 188 123 241 3 0 0}
    AuthenticationType         : Secure
    Children                   : {}
    Guid                       : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
    ObjectSecurity             :
    NativeGuid                 : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
    NativeObject               : System.__ComObject
    Parent                     : WinNT://WORKGROUP/.
    Password                   :
    Path                       : WinNT://./New
    Properties                 : {UserFlags, MaxStorage, PasswordAge, PasswordExpired...}
    SchemaClassName            : User
    SchemaEntry                : System.DirectoryServices.DirectoryEntry
    UsePropertyCache           : True
    Username                   :
    Options                    :
    Site                       :
    Container                  :
    Interestingly, there is also a “Username” property, but this field seems to go unused.

    Quote Originally Posted by toppinglift View Post
    I think in our situation, where all the user names had been changed in the last year--
    I see clearly now that “Allen_T450” was not a user created for the purposes of this thread. You should have though; eliminate as many variables as possible.
      My ComputerSystem Spec
  2.    16 Apr 2017 #22
    Join Date : Apr 2017
    Posts : 15
    Win 10
    Thread Starter

    Hi Pyprohly,
    Thanks for the explanation--now it makes sense. It appears that what I stumbled upon--no genius here, just discovered it by Google searches--is a way to uncover the SAM name if the User name had been changed and no logs of the SAM name were kept. It appears to be impossible to set NFTS permissions properly unless you had the SAM name, but if you didn't--I believe you would be stuck like I was. Luckily, the <<control userpasswords2>> command reveals the SAM name of the PC even though the User name may have been "cosmetically" changed later.

    So I went PC by PC and changed the user name through <<control userpasswords2>> which apparently let's you revise the SAM name. I then made sure that the credentials on the server PC matched the SAM names of the client PC's. Now the NFTS permissions work just as you said they would and I will be marking this issue SOLVED!.

    But I do have two remaining questions:

    1. What is a Pyprohly? (Google sheds no light on what that is).
    2. Is there any trick to setting Group permissions? I thought I could just add a Group I put together under Computer Management to the Security tab NFTS permissions like individual user names, but it doesn't work for me. Thanks.
      My ComputerSystem Spec
  3.    18 Apr 2017 #23
    Join Date : Mar 2015
    Sydney, NSW
    Posts : 93
    Windows 10

    I’m glad a greater understanding has guided you to the solution.

    Quote Originally Posted by toppinglift View Post
    It appears that what I stumbled upon--no genius here, just discovered it by Google searches--is a way to uncover the SAM name if the User name had been changed and no logs of the SAM name were kept.
    Another quick, and more direct, way is to run the whoami command. Expanding the “%username%” environment variable (echo %username%) also works.

    Quote Originally Posted by toppinglift View Post
    1. What is a Pyprohly? (Google sheds no light on what that is).
    As, surely, a meticulously formed internet handle must be a thing?

    Quote Originally Posted by toppinglift View Post
    2. Is there any trick to setting Group permissions? I thought I could just add a Group I put together under Computer Management to the Security tab NFTS permissions like individual user names, but it doesn't work for me.
    It should. Groups don’t have phantom names like users, so try again.
      My ComputerSystem Spec
  4.    18 Apr 2017 #24
    Join Date : Apr 2017
    Posts : 15
    Win 10
    Thread Starter

    It should. Groups don’t have phantom names like users, so try again.
    I'll try the groups again, but I may be opening a new thread. We'll see.

    As, surely, a meticulously formed internet handle must be a thing?
    I can see that, but it is so damn hard to remember its spelling when typing.

    Another quick, and more direct, way is to run the whoami command. Expanding the “%username%” environment variable (echo %username%) also works.
    Another great shortcut!! Thanks.
      My ComputerSystem Spec

 
Page 3 of 3 FirstFirst 123


Similar Threads
Thread Forum
Insufficient Disc Space ERROR - Egnyte File Sharing "Desktop Sync"
Hello friends, Im using the "desktop sync" function for Egnyte to sync specific folders/files to my lapotop (running Windows 10), so that they are available offline. The sync began and synced about 50gb of the selected data, but now has stopped...
General Support
Want to change File Explorer default View from "Details" to "List"
Hi all, I have been searching the web for an answer to this question since first getting Windows 10 last year. I would like my File Explorer to open using the "List" view rather than the current default of "Details". I have seen many responses...
General Support
Setting Up "Two Sides" Of PC For 2 Users ?
Hello I should have stuck with W7. Here's what I want to do. a. I want to eliminate the need for any and all Passwords. Particularly for sign ins. I clicked on the Start icon, did the R in it, and then entered: netplwiz I...
General Support
Outlook and Word "Could not create the Work File" Errors
I'm getting two similar error messages when I try to open both Outlook and Word.... (Outlook / Word) could not create the work file. Check the temp environment variable. Outlook is not opening at all, and Word will open at the second or third...
Software and Apps
How Can I Change The "From" Email When "Sharing" A Scan?
I'm using the Scan app that came with Windows 10. Scanning with a Canon MG5520. When I complete a scan, and I'm offered the opportunity to Share the screenshot, the "From" email defaults to my GMail address. I have nothing against GMail,...
Network and Sharing
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:55.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums