RE: Remote Access

Here is one more:

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/filesharing.mspx

If you click the path link at the top of the page, it is a light purple
color, you will be taken to the home page of this section and can access more
information. You can do the same on the last link I provided as well. It will
take you to the Home and Small Business Networking site on Microsoft. Good
luck and have a great day. Please let me know how things work out for you.
Thanks,
--
Seree


"seree" wrote:

Hi again, here is another aritcle you may find usefull:
http://www.microsoft.com/windowsxp/using/networking/security/permissions.mspx

Hope this helps,
--
Seree

Small disclaimer: My posts are directed primarily towards home and small
office networks as I am not an IT expert. However I am learning fast and
quickly gaining knowlege, ;-)


"seree" wrote:

Good morning Mike, I need some clarification on the OSs you are using on your
workgroup. Are you using Home, Pro, or Media or a mixture of some of these?
How the permissions apply by default is determined by which version(s) you
are using, and in particular which your son is using. For example: If you son
is using Home, then Simple File Sharing is the only choice on how files are
shared on his computer and how he connects to other shares. Now, I am not
sure how it works if there is a mixture of OS(s) on a workgrouup network. As
I wrote on my posts I am not yet an expert, but learning rapidly. I think if
there is a Home OS on a Workgroup, that Simple File Sharing has to be used as
this is the only File Sharing Home can do, NTFS permissions are disabled by
default. You could, conceivably, attain NTFS File Permissions on a Home OS,
by going into Safe Mode and then the Security Tab in available in the
Properties of each folder and file. In Pro and Media the Security Tab is
displayed when Simple File Sharing is disabled. As you are not on a Domain,
then Simple File Sharing has to be manually disabled, by going into the
Folder Options and deselecting the box in front of "Use Simple File
Sharing---Reccomended". This uncovers all of the NTFS Permissions and changes
the face of shares and resources on stand alone workstantions.

Here are a couple of great articles on NTFS Permissions:

http://www.microsoft.com/kb/308418

http://www.microsoft.com/kb/308419

If an individual in just discovering these settings for the first time, it
is confusing and can be unsettling. Plus, you have to be careful not to lock
yourself out of your own files. However, the NTFS Permissions is a very
granalur method of controlling who can access shares, and how they can access
shares. As your son does not have identical accounts on each computer on the
network, it sounds like Simple File Sharing is enabled, and he is accessing
the shares authenticated by the Guest Account. With Simple File Sharing
identical accounts is not needed to access shares accross a network, and
anyone can acccess them via authentication via Guest, but are limited to the
privleges the Guest Account provides, which are the most restricted. He may
be able to access the shares, but won't be able to do more than have Read
Acess. At least that is what I think is true. If he has the ability to
actually modify these shares, then something is going on I am not aware of.
The single best method of checking what File Sharing system you have now is
to go into any Windows Explorer window, to Tools, then select Folder Options;
or go into Control panel-Folder Options. On the dialog box which appears
select the View Tab and then scroll to the bottom of the settings there and
see if Simple File Sharing is enabled. If there is a check mark in the box in
front of it, then it is enabled. You can disable it by taking out the check
mark, but only if he is not using Windows Home Edition. I am not sure how a
mixed network of different OSs works with NTFS, but it seems logical that if
one networked computer has Simple File Sharing, then all will have to use it
as well. At least as far as shares on the network are concerned. He would
HAVE to authenticate via the Guest Account, and as Simple File Sharing HAS to
use the Guest Account, then the Guest Account has to be enabled. You could
conceivably disconnect your son's computer from the network and hook up a
printer to his machine, if the other computers have sensitive material you
don't want him viewing. That is an option for you to consider. I will look
for some KB articles or other information at Microsoft concerning a mixed
network if you want me too. I am now curious too, and perhaps I will post a
question regarding this issue. Good luck and let me know how things work out,
at the least let me know if Simple File Sharing is enabled and which OSs you
are using in your Workgroup. Have a nice day,
--
Seree

Small disclaimer: My posts are primarily directed towards home and small
office users, as I am not yet an IT Professional, but learning fast. ;-)



"mchjr01" wrote:

Seree,

Thanks for your reply.

I tried logging in under my son's user id and I was able to access the other
hard drives on the other workstations. I did not established his id on the
other worksttions though. My suspicion is maybe because I have my file and
printer sharing enabled that is why under his id they could be accessed.

Your thoughts please.

Mike

"seree" wrote:

For users of networked "workgroup" to access anything on the network, each
account has to be added to each networked computer with the same identical
account name and password. With this setup the user can gain access to shares
and is authenticated with s/he user account and the privleges attached to it.
If a user's account is not set up identicall on each networked computer, then
s/he is authenticated with the Guest account, with all the limitations of the
Guest Account. However, if the guest account is not enabled, and to do so and
have the network work, then Simple File Sharing has to be disabled, and NTFS
file permissions enabled. If you have Windows Home on the network, then by
default Simple File Sharing has to be enabled in order to gain network access
and all users are authenticated as the Guest Account with its limitations.
However, as the Simple File Sharing uses the Guest Account for authentication
purposes, everything on the Netowrk is accessable and the Guest Account is
considered the Creator Owner, and as the Creater Owner has full access to all
folders and files which are shared. If you have Professional or Media Edition
OSs, then you can disable both Simple File Sharing, and the Guest Account,
not duplicate your son's account on any other computer and he will not be
able to access the network. That would shut him out of any computer except
his own.

Now, if you are using Media Edition or Professional in your son's computer,
there are other things you can do to restrict his use of his own compuer. As
he is your son you are the legitimate owner and have the right to configure
it anyway you choose. You can use Group Policy to set over 1400 limitations
which will provide great limitations, from not allowing downloads, to
inability to change settings you make in Internet Explorer, or the desktop,
or any area you feel needs restricting. If he or he and ohter children are
the sole users, this is a great way to ensure safety. When Vista is released
these types of settings can be applied to different groups on the same
machine. Until then, the settings now affect every user account on the
machine, but not every machine on the network.

I hope this helps you in your quest to restrict your sons use, have a great
day,
--
Seree

Small disclaimer: My posts are primarily directed towards home and small
office users, as I am not yet an IT Professional, but learning fast. ;-)


"mchjr01" wrote:

I have a home network and I access my desktop remotely via remote access
(broadband has static ip port forwarded to my desktop).

I gave my son a user id with limited access - now how do I further restrict
his access to only the desktop and will not have access to other drives on
other workstations on the network.

Your help will be greatly appreciated.

Mike
.