Re: Folder Security

Another possibility is to put another workstation in that location. Then
have one workstation for your users and another for public users. You can
configure the user rights for logon locally and deny logon locally to make
sure which users can logon to which computer and keep the password for the
local administrator account confidential. The workstation for your users
should be physically secured to reduce the risk of compromise such as
keyboard loggers if that is a concern. If it was me I would still rather
move public shares to another computer but adding another workstation may be
more economical if you want don't mind that added risk and would be much
better than using a shared workstation. -- Steve


"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:MZidnSlJsPVKIBjZnZ2dnUVZ_tCdnZ2d@xxxxxxxxxxxxxx
OK. I think I got what you are asking. You have a server with shares and
you want to any user who logs onto the insecure location from being able
to access those sensitive shares but be able to access other shares on the
same server. I don't know of any way to do that as from what I know is
that other then configuring share permissions for "users" it is an all or
nothing affair and you may want to consider moving the public shares to
another computer that does not have any sensitive data. Ipsec can be used
to authenticate computers with each other before network access is allowed
but it can not be share selective as you can only list ports/protocols/IP
in the ipsec rules. --- Steve


"Scaled Techie" <ScaledTechie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1569EE0B-45E1-43B0-A750-8F690B5AB9FD@xxxxxxxxxxxxxxxx
I want it to be 'machine' selective. My users all have access to the
folders
in question from their own or other machines on the network. This machine
is
in a location where our customer could gain access if my user should fail
to
log out, etc. I don't want information on other customers and/or projects
to
be available at that machine, but adminstrative functions such as time
sheets, ect. should still be available. So I guess my question really is,
is
there a way to secure folder access by which machine is trying to access
it
rather than by which user?
--
Engineering is the art of making what you want from things you can get.


"Steven L Umbach" wrote:

Keep in mind that NTFS permissions apply to any users that accesses the
computer either through the network or logged on interactively. Share
permissions apply only to network users. A network user's effective
access
will be the most restrictive of the two. In other words if a use has
full
control permission to the share but only read NTFS permissions to the
folder
that is shared the network user can only read files in the folder. So
you
need to configure the NTFS permissions on the folders to restrict those
that
logon locally. If a user has no permissions to a folder then that user
has
no access to the folder. Keep in mind that a users access is also based
on
group membership so if users/everyone have access to a folder then any
user
can access the folder assuming they do not explicitly or by group
membership
have a deny permission also the folder. For instance if you have a
folder
called data1 that you want to restrict local user access to then remove
users/everyone from the list and make sure that only the users or group
you
want to have access have the necessary permissions. You can create your
own
group and add local users to the group rather than add a bunch of users
in
the permission list.

XP Pro can use simple file sharing so disable that if you want to
control
what users can access a network share on the computer and make sure the
guest account is disabled. Also keep in mind that if a computer is not
physically secured to some degree then is usually is trivial for a
malicious
user to access non encrypted data on the computer without you ever
knowing
it and that any local administrator can do the same. The links below
may
help if you have not seen them yet. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml

"Scaled Techie" <ScaledTechie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:C615DC4B-F157-4AE4-8E69-45C0B4889E1D@xxxxxxxxxxxxxxxx
I have one computer on the network that is in a somewhat insecure
location.
I
would like to restrict certain shared folders on the server from being
accessed by any user who logs in from that computer, but other shared
files
would still be accessable. After fighting 'shares' and 'permissions'
and
'security' unsucessfully for a couple days, does anyone have
suggestions?
--
Engineering is the art of making what you want from things you can
get.







.