Re: Folder Security

I want it to be 'machine' selective. My users all have access to the folders
in question from their own or other machines on the network. This machine is
in a location where our customer could gain access if my user should fail to
log out, etc. I don't want information on other customers and/or projects to
be available at that machine, but adminstrative functions such as time
sheets, ect. should still be available. So I guess my question really is, is
there a way to secure folder access by which machine is trying to access it
rather than by which user?
--
Engineering is the art of making what you want from things you can get.


"Steven L Umbach" wrote:

Keep in mind that NTFS permissions apply to any users that accesses the
computer either through the network or logged on interactively. Share
permissions apply only to network users. A network user's effective access
will be the most restrictive of the two. In other words if a use has full
control permission to the share but only read NTFS permissions to the folder
that is shared the network user can only read files in the folder. So you
need to configure the NTFS permissions on the folders to restrict those that
logon locally. If a user has no permissions to a folder then that user has
no access to the folder. Keep in mind that a users access is also based on
group membership so if users/everyone have access to a folder then any user
can access the folder assuming they do not explicitly or by group membership
have a deny permission also the folder. For instance if you have a folder
called data1 that you want to restrict local user access to then remove
users/everyone from the list and make sure that only the users or group you
want to have access have the necessary permissions. You can create your own
group and add local users to the group rather than add a bunch of users in
the permission list.

XP Pro can use simple file sharing so disable that if you want to control
what users can access a network share on the computer and make sure the
guest account is disabled. Also keep in mind that if a computer is not
physically secured to some degree then is usually is trivial for a malicious
user to access non encrypted data on the computer without you ever knowing
it and that any local administrator can do the same. The links below may
help if you have not seen them yet. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml

"Scaled Techie" <ScaledTechie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C615DC4B-F157-4AE4-8E69-45C0B4889E1D@xxxxxxxxxxxxxxxx
I have one computer on the network that is in a somewhat insecure location.
I
would like to restrict certain shared folders on the server from being
accessed by any user who logs in from that computer, but other shared
files
would still be accessable. After fighting 'shares' and 'permissions' and
'security' unsucessfully for a couple days, does anyone have suggestions?
--
Engineering is the art of making what you want from things you can get.



.