User security management and share access privileges

I’m condensing this down from the original post into more essential parts. Originally typed on my phone and I was thought-streaming… sorry! There is already one suggestion for Issue 1 in a reply, that I need to try, but please keep the ideas coming.

I’m retired, and I volunteer at a non-profit private library (30 miles away from my home) which is open only 1 day a week. I previously worked in mainframe computing but have of course worked with PCs since their introduction to the market. It is not my strength. Still, I understand general network and PC stuff, and do read user manuals. I usually figure things out eventually. Since I was a system software QA person, if I can’t figure out something out from the device/software itself or the Help or the user manual, it irritates me greatly.

Setting the scene: At the library, we have replaced an old server-based network with a peer-to-peer network of 3 brand new PCs running Win 11. The IT guy who did all that work purchased the WD My Cloud EX2 Ultra for our shared data device on the new network. In order to keep costs down and also to not bug him too much with senior citizen end-user gripes, I’m trying to help out as much as I can to smooth off the rough edges for the users, who are mostly older than I am, and much less computer literate. Please understand that I am more than likely NOT at the library when I’m trying to figure out what to do next. I’m trying to do one extra day a week, though, so I’m collecting ideas to try the next day I go. Please be patient with me if I can’t answer something very specific right away. I’ve been studying how to make this WD work right for nearly a month now, and I’m starting to forget things I knew last week. I have read the user manual, a lot of the threads here on the forum, and used the “answer” sheets for some specific problems put out by tech support. Here’s what I’m currently dealing with:

ISSUE 1: In the initial setup, we had WD users (about 8-10) and their private shares defined through the dashboard; all users had read-write access to only their own private share. Everyone else’s private share in their list was set to no-access. To better serve the needs of the library staff, I want to allow at least read-only access to those shares currently set to no access. But every time I make that change, the user’s own private share is for some unknown reason also only accessible in read-only mode, even though it is still set to read-write in the permissions settings. I have gone into the Dashboard as Admin, re-checked all the users’ settings (read-write ON for their own share, read-only ON for the rest of the list). I checked it both ways - from the user list and from the share list, just to make sure. If I go back and reset the other shares to no access again, all works ok. I’m looking for reasons this could be happening. It makes no sense to me.

ISSUE 2: The other big issue we have had, but that I’m hoping is, well, better managed?? after last Friday’s changes - is the much-encountered user login error described in many previous posts in this community because of different users accessing the WD from the same Windows PC. This is the initial WD login - not the actual attempt to open a share. NOTE: All PCs in the network are shared by all our users. We just find whichever one is open and use it. The IT guy gave us instructions to do a restart after every user session, but restarting doesn’t avoid this problem. After much reading, searching for various reasons for, and answers to, the problem, I ended up going thru the checklist in an “answer” document to make sure all the appropriate Windows services are set to AUTOMATIC for all 3 PCs (some were not), and I created a local user account, also on all 3 PCs, to be used only for accessing the WD and nothing else. Supposedly, using a local user account bypasses some of the credentials checking a normal user has to go thru? (Not sure I’m remembering right…, but that’s the impression I remember.) Because our one open day this week (yesterday) precluded much computer use (water leaks!), I don’t yet know if the local user account approach has solved this problem.

So, I’m still collecting information on solutions to Issue 2 in case I need to do something else. Advice request: Should we still do a restart after each user session, or is a user logoff for a local account sufficient? We still have the regular Win 11 MS account we swap out with, for doing regular things like use some museum web software, let visitors on to browse indexes to the collection, etc. FYI: I attempted to map the drive first, as suggested in several documents that try to address Issue 2, but I could only get mapping to work at the share level, which requires each user’s password, so I gave it up. I may attempt to do the whole drive again, if the current setup doesn’t work. I will try to find the specific instructions again for that.

One possible wrench? The IT guy left the main Win MS user acct, as an Admin account, to make it easier to change things around early-on in the conversion process, with the intent to add a different Admin account later and demote the current account down to a Standard user. This hasn’t yet been done. Could the use of an Admin acct do funny things to user credential checking, and contribute to Issue 2? I’m hoping use of the local account gets around Issue 2, but I plan to make this additional change the next time I’m in the library, anyway. Still, I’d be interested to know if anyone thinks it’s playing a part in either of these issues.

I’ll leave it here for now. More later, if nec. Thanks in advance for any help/ideas you can send my way.

@nupshaw
You need to go back to the community and post your topic in the right sub-forum for your device. Are your devices on Operating System 3 or OS5? Have you read the User Manual for the devices you have? Have you read all the Help information provided in the Dashboard?

You posted under the WDMYCLOUD

image1155×327 52.4 KB

You can move it yourself by editing your initial post and selecting a different subforum. One would select the subforum in the drop down field highlighted in red in the following example:

As the online OS5 My Cloud User Manual indicates one checks the firmware version on the Home page in the Firmware field:

If I understand the wall of text you posted. Issue 1: One can set the Share permissions for each user by accessing the Shares tab in the Dashboard and make the selections in the User Access section for each user. The options are Read/Write (full access), Read Access, No Access. All subfolders and files within a Share inherit the user permissions from the Share itself. Issue 2: No idea what specific Windows login issue you are referring to. Windows itself doesn’t like a user using more than one login per Share. It usually generates an error if you attempt to use different logins for the same Share. Same usually applies when mapping a Share. If one is having issues with My Cloud passwords accessing a My Cloud Share, access the Windows Credentials Manager and delete the My Cloud login name (or names). Reboot the computer then try accessing the My Cloud Share again.

For local network access to a My Cloud one would generally use Windows File Explorer (Windows) or Finder (Apple Macintosh). The WD OS5 My Cloud app is generally used on mobile devices and is geared for remote access to a remote network My Cloud device. For remote network computers they can use the MyCloud.com web portal for remote access to a My Cloud. One will need to setup Remote Access and grant users Remote Access within the My Cloud Dashboard.

More general support and troubleshooting WD Knowledge Base articles can be found at the following WD Knowledge Base page.

My Cloud OS 5: Online User Guide and Solutions
https://support-en.wd.com/app/answers/detailweb/a_id/29633

OS5 Online My Cloud User Manual:
https://products.wdc.com/nas0s5/nasum/en/

Further click on the Knowledge Base link at the top of the page where you will be taken to a page where you can search for additional WD Knowledge Base support that answers many common questions and issues.

Thank you very much for your helpful post. I will try to get this thread moved to the right place.

As to issue 1, I have accessed the Dashboard via the Admin logon and have seen and played with both the list of users (and their share permissions), and the list of shares, with the user permissions per share. I have become quite familiar with how it’s supposed to work. I have come to the conclusion that either the WD security isn’t working right, or it is being overridden somehow.

A typical staff user’s share list would look like (where myshare = the current user’s share):

Public - standard Public settings
myshare - read/write
visitor - read/write
all other shares - read-only

I don’t want to deny access completely to any staff mbr, hence the read-onlys. If I stay away from read-only settings it seems to work fine. So I’m left with either no access or read/write access, which I’m not happy with.

A few key staff mbrs have read/write to all shares, but I don’t see how that could make any difference.

issue 2: I read much already on this forum and also in the tech support “answers” on how to fix this initial login problem. I don’t yet know if what I did is going to work. I was just curious about the effectiveness others have experienced using the local user acct method, and anything to still watch out for if it doesn’t.

Thanks again, and I’ll try to get this thread moved.

I believe this is correct.
Windows credential manager does not like it when a network device has multiple sets of credentials (i.e. a user accessing a NAS device using two or three independent account/password combos). This is a Windows issue; not a WD issue.

When I run into this issue, I have had to go into Windows Credential manager and “delete” sets of credentials to “reset” the system.

The only way I can think to get around it is to create a separate Windows account for each user. . . which has it’s own drawbacks in terms of the user experience; but I have never tested this.

(I did a bunch of testing with multiple shares a few years ago. . . .my answer then was to use a separate computer for each WD share. . . .which is NOT the direction I think you want to go with)

Thank you.

So, what if we set up an independent Windows user account for each user to use on each PC, rather than having the one shared between them? How does that change the picture? Better? or worse?

It means that the desktop will be customized for each user; and files on the PC itself be in each users directory (like a share on the NAS).

Overall, it should be doable; but will complicate the management of the PC itself.

Other than download files, we normally don’t have “local” files of our own. Everything the staff does is kept on the NAS.