Security Question ???

  • Thread starter Thread starter Laser
  • Start date Start date
L

Laser

We have a small peer to peer network with nine XP-Pro Computers networked
and connected to the Internet through a DSl router/modem. One computer is
used as a file server where we store files for the various departments in
separate folders. On this computer, we have added all the users that may
need to access these files from the network. This works great for us since
we can control the access to these folders from the remote computers though
XP's shares permission settings. Like I said, This works well, except,
anyone can log on to the file server computer and then have access to all
the files.

My question is: Is there any way of limiting access to folders when someone
is signed on to the local machine. Better yet, is there a way that I can
restrict someone from signing on to the local machine while still allowing
them to sign on remotely from the network?

Thanks in advance

Mike
 
You have a couple of choices here.

1) If the files are on a volume that is formatted with NTFS, then you can
apply the same permissions via NTFS and then access would only be allowed if
appropriate, even when logged on locally.

2) You can remove the right for anyone but Administrators of the file server
computer to log on locally.
A) Make 100% sure you have the username and password of an account in
the Administrators group on the file server.
This is important. If you don't do this, you won't be able to
log on later, so make sure.
B) Start Menu -> Control Panel -> Administrative Tools -> Local Security
Policy
C) Expand Local Policies and click on User Rights Assignment
D) Add "Administrator" to "Log on Locally" (or alternatively another
Administrative account that you have the password to - just being safe here)
E) Remove everythig but "Administrators" and the account you added in
step D from "Log on Locally".

And that should do it. If need be, you can create other groups of people to
add to "Log on Locally" if you want them to be able to log on but don't want
them to have administrative rights. In this case, those other people would
have access to all the files unless you also implemented Option 1.
Administrators on a computer can always get access to any non-encrypted file
on the system, even if it is locked down with permissions, so always make
sure that only people you trust are Administrators.
 
Thanks,

I think this will do it

Mike


Matt DuBois said:
You have a couple of choices here.

1) If the files are on a volume that is formatted with NTFS, then you can
apply the same permissions via NTFS and then access would only be allowed if
appropriate, even when logged on locally.

2) You can remove the right for anyone but Administrators of the file server
computer to log on locally.
A) Make 100% sure you have the username and password of an account in
the Administrators group on the file server.
This is important. If you don't do this, you won't be able to
log on later, so make sure.
B) Start Menu -> Control Panel -> Administrative Tools -> Local Security
Policy
C) Expand Local Policies and click on User Rights Assignment
D) Add "Administrator" to "Log on Locally" (or alternatively another
Administrative account that you have the password to - just being safe here)
E) Remove everythig but "Administrators" and the account you added in
step D from "Log on Locally".

And that should do it. If need be, you can create other groups of people to
add to "Log on Locally" if you want them to be able to log on but don't want
them to have administrative rights. In this case, those other people would
have access to all the files unless you also implemented Option 1.
Administrators on a computer can always get access to any non-encrypted file
on the system, even if it is locked down with permissions, so always make
sure that only people you trust are Administrators.
Click to expand...
 
Back
Top