• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

is there a way to PW protect a folder in win2k3?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
nahmus

nahmus

Member
Joined
Apr 5, 2002
Location
Sailing the Azure seas
Hi all,
I'm trying to help a friend out getting his office a little more organized. they have a win2003 server. they have a general "shared area" where all users can put their files. they would also like to have a private area where they can put stuff and others cannot get to them. the 5 PC's that they login from have generic logins (station1 station2 etc) this works for them because they usually just use the pc's to access the internet and take any open PC.

It would not work for them to logout and login after each user. I was hoping to creat folders in the "shared area" and put a password on each one. So far I cannot figure out how to do that other than making them compressed (which i don't want to do) I can play with permissions making each folder only readable by admin and the user i want but when i login as station1 and try to go to the fred folder, instad of getting a login/password prompt I just get the message that I do not have permissions.

This is a workgroup and not a domain.

Any suggestions?

thanks!!
 
Without logging off and on as different users, you cannot assign different permissions to different users using the standard systems in Win2k3 Server. That's kind of the major point of it; you can use user level security, blah blah blah.

Now, you could probably create separate shares on each folder and teach each person the path to their shares and only give them access to that share. They can then map that share with their network user account without being logged on as long as the credentials they have currently logged on are not specifically keeping them out of the share (e.g. don't have Everybody specifically 'denied access').

From an administration standpoint, it's a lot easier to train them to log off and on again, and perhaps try to stick to the same computer. Otherwise you are just asking for headaches. However, there are probably some programs and utilities out there that can accomplish what you are asking for.
 
It is possible to have XP/2k not save user/pass for network resources. It is an option in the local security policy. If the option is enabled a password will be asked for the first time a resource is accessed. After that initial connection the resource will be accessable until the user logs out of the machine. A password will be requested again after the next logon. Unfortunetly Windows caches passwords until the end of the current session (http://support.microsoft.com/kb/281249/EN-US/) and there is no way around that.

So, if you want to avoid individual logons for each user, you could enable the 'Network Access: Do Not Allow Storage of Credentials or .NET Passports for Network Authetication" local policy on each workstation. Then instruct the users of the shares to logout and back in when they are done using the shares. That way only the users who need special access need to do anything different. This is not great for security though as the user needs to remember to do something.

You will still need to make an individual server account for each share user in order for this to work, but they will not logon to the workstations using that user/pass, just the network shares.
 
thanks fro the suggestions. theres about 10 sales people sharing 4 pc's they do reality and just need to get on the web to check some listing and then done. at most maybe type up a contract or some other type of paperwork. its pretty hectic and i can already see if i tried to have them log off/on then they would just leave one person logged on and i'd be right back where i started. I'm gonna look around for some utilities that might help.

If they all had their own PC's this would be cake, but they don't
 
ok so the server is 2k3, is this a domain perhaps? or jsut a workgroup.

There is a I beleive group policy to prevent saving of passwords. After that I'd go with what Slack suggested in making shared folders with only that users permissions. This way they brose to the folder, it prompts for thier password, they do what they need to and password is gone when the folder is left closed for a while. That way you dont have to worry about changing logins around and people leaving computers open but you still have security, other than that Im not really sure since there are no password prompts for local folders, only network. Since it assumes if your at the computer under one username you shouldnt be doing anything else or you wouldve logged in under the appropriate user ;) Probably for auditing reasons.
 
pik4chu said:
ok so the server is 2k3, is this a domain perhaps? or jsut a workgroup.

There is a I beleive group policy to prevent saving of passwords. After that I'd go with what Slack suggested in making shared folders with only that users permissions. This way they brose to the folder, it prompts for thier password, they do what they need to and password is gone when the folder is left closed for a while. That way you dont have to worry about changing logins around and people leaving computers open but you still have security, other than that Im not really sure since there are no password prompts for local folders, only network. Since it assumes if your at the computer under one username you shouldnt be doing anything else or you wouldve logged in under the appropriate user ;) Probably for auditing reasons.
Click to expand...

Did you even bother to read the posts in this thread or just the subject?
 
kct2 said:
Did you even bother to read the posts in this thread or just the subject?
Click to expand...

oo boo who did someone accidentaly repeat something ina thread on a message board? god forbid.

No I didnt completely read YOUR post, but I read everything else. and if I just read the thread subject how would I know what one of the replies was? :rolleyes:

now that Ive read your reply would you like me to respond now, oh master of the forums? eh?

The problem with having hte user log-off once they are done with the share is the same as what the OP mentioned where its all shared computers and its unlikely any user would log off when they are done on it. The very reason why seperate logins was not a very viable option. After all its a matter of convenience on the user side. Since there is no downside (to them) of not logging off when they have finished thier work. I do speak frome xperience on that, if the user has no reason to do something extra they generally wont do it. Thus it requires a bit of enforcement or some sort of consequence if it isnt done right to teach them to do it a certain way.
 
Last edited:
pik4chu said:
oo boo who did someone accidentaly repeat something ina thread on a message board? god forbid.

No I didnt completely read YOUR post, but I read everything else. and if I just read the thread subject how would I know what one of the replies was? :rolleyes:

now that Ive read your reply would you like me to respond now, oh master of the forums? eh?

The problem with having hte user log-off once they are done with the share is the same as what the OP mentioned where its all shared computers and its unlikely any user would log off when they are done on it. The very reason why seperate logins was not a very viable option. After all its a matter of convenience on the user side. Since there is no downside (to them) of not logging off when they have finished thier work. I do speak frome xperience on that, if the user has no reason to do something extra they generally wont do it. Thus it requires a bit of enforcement or some sort of consequence if it isnt done right to teach them to do it a certain way.
Click to expand...

Maybe YOU should relax a bit. In your first post you ask a question that was clearly answered in the first post (it is a WORKGROUP, therefore NO GROUP POLICIES). But your suggestion of using GPs was great anyway...

Now, you suggested nearly the same thing I did, but you don't seem to know how XP handles cached passwords, and ignored my post which included a link to Microsoft EXPLAINING now XP caches passwords for network shares until the end of the LOCAL SESSION, not based on a time limit as you incorrectly indicate. So unless the users logout, the password will be saved, and their 'secure' files will be available to anyone who uses the shared workstation. So their definately is a downside to not logging out. This behaviour occurs even if you enable the local policy I indicate in my first post.

Basically what I was suggesting was have the few users with shared folders logout when they were done - explaining it was for the security of their files - and have them log back onto the workstation for the next user. It will take MAYBE a minute, but that just will be the price the user will have to pay to have secure network folders. And it avoids needing EVERY user to have a seperate logon. It is either that or allow all users access to their files, or require every user have a seperate logon. It is either disrupt the workflow for a low number of special users or that of all users.

Good job acting like a child.
 
thanks for the suggestions guys. I really don't want to turn this into a domain because they don't have an IT guy onsite and I'm trying to keep it simple for them. I know that if it was a domain I'd have more options. pik4chu is right. These people want to get in, look at the updates and then back on the road. If they have to login and logout they will just leave someone logged in all the time. Security in not really the main focus here. I'm just trying to help them keep their stuff organazed and keep them from accidently deleteing stuff. I've looked at a few folder password programs on the net that are about 40.00 thats not bad.

At this point I'm probably just gonna leave the folders open (i'm an oldschool unix guy and just hate leaving stuff open :D ) but seeing as they just have random folders on all the machines anyway at least this way there on a server that can be backed up.

As for the password caching i was not aware there were options concerning this. I'm gonna have to play around with this as i seem to be doing more and more windows stuff now.

thanks again all!!
 
You must log in or register to reply here.

Similar threads

don256us
40 BILLION!! Oh. And a mid race update.
Replies
7
Views
255
Grub
Grub
don256us
#1 ppd is held by a new person. Will there be an answer?
Replies
4
Views
420
Farwalker2u
Farwalker2u
don256us
FAQ: What is T32's current standing in the world?
Replies
8
Views
465
dfonda
dfonda
don256us
We have a new 3 billionaire! WOOT!
Replies
11
Views
670
WhitehawkEQ
WhitehawkEQ
don256us
10 billionaire, freshly minted.
Replies
3
Views
367
don256us
don256us
Back