Re: Folder Security

Thanks, Steve.
You have pretty much verified the conclusion that I came up with this
morning. Now I just have to convince my supervisor. My problem - not yours.

Robert
--
Engineering is the art of making what you want from things you can get.


"Steven L Umbach" wrote:

OK. I think I got what you are asking. You have a server with shares and you
want to any user who logs onto the insecure location from being able to
access those sensitive shares but be able to access other shares on the same
server. I don't know of any way to do that as from what I know is that other
then configuring share permissions for "users" it is an all or nothing
affair and you may want to consider moving the public shares to another
computer that does not have any sensitive data. Ipsec can be used to
authenticate computers with each other before network access is allowed but
it can not be share selective as you can only list ports/protocols/IP in the
ipsec rules. --- Steve


"Scaled Techie" <ScaledTechie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1569EE0B-45E1-43B0-A750-8F690B5AB9FD@xxxxxxxxxxxxxxxx
I want it to be 'machine' selective. My users all have access to the
folders
in question from their own or other machines on the network. This machine
is
in a location where our customer could gain access if my user should fail
to
log out, etc. I don't want information on other customers and/or projects
to
be available at that machine, but adminstrative functions such as time
sheets, ect. should still be available. So I guess my question really is,
is
there a way to secure folder access by which machine is trying to access
it
rather than by which user?
--
Engineering is the art of making what you want from things you can get.


"Steven L Umbach" wrote:

Keep in mind that NTFS permissions apply to any users that accesses the
computer either through the network or logged on interactively. Share
permissions apply only to network users. A network user's effective
access
will be the most restrictive of the two. In other words if a use has full
control permission to the share but only read NTFS permissions to the
folder
that is shared the network user can only read files in the folder. So you
need to configure the NTFS permissions on the folders to restrict those
that
logon locally. If a user has no permissions to a folder then that user
has
no access to the folder. Keep in mind that a users access is also based
on
group membership so if users/everyone have access to a folder then any
user
can access the folder assuming they do not explicitly or by group
membership
have a deny permission also the folder. For instance if you have a folder
called data1 that you want to restrict local user access to then remove
users/everyone from the list and make sure that only the users or group
you
want to have access have the necessary permissions. You can create your
own
group and add local users to the group rather than add a bunch of users
in
the permission list.

XP Pro can use simple file sharing so disable that if you want to control
what users can access a network share on the computer and make sure the
guest account is disabled. Also keep in mind that if a computer is not
physically secured to some degree then is usually is trivial for a
malicious
user to access non encrypted data on the computer without you ever
knowing
it and that any local administrator can do the same. The links below may
help if you have not seen them yet. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml

"Scaled Techie" <ScaledTechie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C615DC4B-F157-4AE4-8E69-45C0B4889E1D@xxxxxxxxxxxxxxxx
I have one computer on the network that is in a somewhat insecure
location.
I
would like to restrict certain shared folders on the server from being
accessed by any user who logs in from that computer, but other shared
files
would still be accessable. After fighting 'shares' and 'permissions'
and
'security' unsucessfully for a couple days, does anyone have
suggestions?
--
Engineering is the art of making what you want from things you can get.






.