Isolating one machine

  • Thread starter Thread starter Sid Knee
  • Start date Start date
S

Sid Knee

I'm sure I'm missing something obvious here but:

Is there a way I can isolate one machine (Machine-X) on a (workgroup)
network such that:

- Machine-X cannot see or transfer data to/from any other machine

- Every other machine can see and transfer to/from machine-X and each other.
 
That is not as obvious as one would think, I guess. It can be a bit
messy trying to accomplish this with a peer network. The access is
controlled at the NTFS and Share permissions. The more users you have
the messier it is. If users move from one machine to the other in the
office then it's complete mayhem trying to keep a handle on things.

If users always use the same workstations create accounts for them on
all machines, including Machine-X. Give them Share permissions on the
shares on Machine-X. DO NOT create accounts for the users of Machine-X
on the other machines. This won't work too well if users move about
from one machine to the next. If on Fridays John Doe works in office X
on Machine-X, instead of his usual office, he can move information about
as he pleases as he has share permissions everywhere.

Another way around the problem might be to use your firewalls to try to
configure and allow/disallow the incoming/outbound traffic between the
machines. Might be easier to do if the machines have static IP
addresses instead of DHCP.

Probably not the most elegant solutions but maybe something to start
with. The folks in the networking groups would probably have better
solutions, maybe ask them there.

John
 
Thanks for the comments, John. I probably didn't explain the situation
that well. This is a home network 4 (sometimes 5) workstations. My wife
uses only one of the machines, I use the rest at various times (just
greedy I guess).

I have a machine in the basement which I use as something of a "test"
machine where I run shareware/freeware downloaded from internet sources
for example where I have no specific trust level of the originating
site. For this reason, I wipe/re-install that system fairly frequently.

Usually, when I'm playing, I pull the network cable but sometimes I
forget and in some cases it's inconvenient. Isolating the machine form
all others on the network would be a good added precaution though I
would like to have the one-way access.
 
Back
Top