Re: Win 2000 secutity
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: Thu, 09 Sep 2004 04:46:05 GMT
You could restrict access to your computer by either computers or users. To restrict
by computers you would have to use either an ipsec filtering policy or a software
firewall to restrict access by allowing only certain IP addresses which may not be
effective unless the other computers have static IP addresses. Ipsec can also be used
to allow only certain other W2K or XP Pro computers to access your computer if your
computer has an ipsec require policy and the other computers have a compatible ipsec
policy using either kerberos [domain computers], computer certificate or preshared
key for authentication. Ipsec is an advanced topic but if interested see the link
Otherwise you can restrict what "users" can access your computer by configuring share
permissions to only contain those users/groups you want to allow access and what kind
os access. Share and ntfs permissions both restrict a users access to a share with
the most restrictive setting of the two being the effective permission. The links
below explains share permissions in more detail.
You can also modify the Local Security Policy of your computer for the user rights
for logon locally and deny logon locally to control who can access your computer. Try
not to use the deny logon locally and never add users or everyone to that user right.
User rights are found in Local Security Policy [ secpol.msc ] under security
settings/local policies/user rights. The "effective" setting is the setting that is
applied and should only be of a concern to domain computers.
If a user is not prompted for credentials when they access shares on your computer
that means they are logging onto their computer with a logon/password that exists in
the local users on your computer [or domain controller for domain computers], or have
a mapped drive with persistent credentials that matches a local user on your
computer. The exception would be if you have the guest account enabled which it would
not be by default but be sure to check in Local Users and Group/users on your
computer or use the command " net user guest " and see if it is listed as no for
active. You can enable auditing of logon events on your computer to see how users are
connecting by looking in the security log in Event Viewer and also use Computer
Management/shared folders - sessions to see as what user a connected user is being
authenticated as. --- Steve
"KRISH" <email@example.com> wrote in message
> Any one help me.
> I am using win 2000 professional (OS).
> (1) I want only few computers which I specify, can to
> connect to my computer in my office but I should be able
> to connect to all. How can it be possible? is it possible?
> (2) another problem is when my system is connected from
> remote system say win95 or 98. Its not asking my systems
> password. But if the remote system is win 2000 then its
> asking username and password always. Kindly help me how to
> solve these problems.
> Thanks for any help.