Network rights

[ericwi]

Hi all,

Recently , my co-worker is trying to secure his group of PCs. His PCs are in the workgroup. They are connected to the same hardware switch as the office lan. My Office lan is running AD. At the moment, any pc in the office lan can view the files shared out from any of the pc in the workgroup. He is concerned about this and ask me whether is there a way to protect the files from accessing but is accessible from any of the pc in the workgroup?

Thanks for replying

 

[IllogicallyLogical]

Are all computers part of your Active Directory domain? If so you should set up groups in AD and set permissions on the folders to specific groups or certain people. When setting up folder shares you can set both Share permissions and NTFS permissions. The most restrictive permissions between the two will prevail. This being said, the best way to set up permissions is to give 'Everyone' full control Share permissions and then control access with the NTFS permissions. This will make troubleshooting permission problems easier if you run into a problem later on. Create a group in AD and add the users to the group you want to give access to. Then right-click the shared folder and select Properties. Click the Shared tab. The 'Everyone' group should already be on the ACL. Tick the Full Control box. Then click the Security tab. Click on 'Everyone' in the list and then click remove. Then add the specific group or person you want to give access to by clicking Add and typing the group or username in the text box (click Check Names to verify you typed the name correctly). Next give them the appropriate permissions that you want them to have. If you don't want them to be able to completely manipulate everything in the Shared folder, do not give them Full Control. Hope this helps.

Here is some detailed reading to elaborate more on the subject if you care to learn more.

- How IT works: NTFS Permissions

http://www.microsoft.com/technet/technetmag/issues/2005/11/HowITWorksNTFS/

- How IT works: NTFS Permissions, Part 2

http://www.microsoft.com/technet/technetmag/issues/2006/01/HowITWorksNTFS/

- How Permissions Work

http://technet2.microsoft.com/windo...5a2e-4001-b659-0c23c90f76f61033.mspx?mfr=true

- Planning Access to Shared Folders

http://technet2.microsoft.com/windo...e891-4107-aa2e-9d180428055d1033.mspx?mfr=true

- Permissions on a file server

http://technet2.microsoft.com/windo...3f74-412f-abb8-c8b22b07257d1033.mspx?mfr=true

- How to configure file sharing in Windows XP

http://support.microsoft.com/kb/304040

- How to Share and Set Permissions for Folders and Files Using Windows XP

http://technet.microsoft.com/en-us/library/bb456988.aspx

Joey
CCNA, MCP, A+, Network+, Wireless#

 

[ericwi]

Thanks for the reply. The three PCs are in workgroup and not part of the AD. I can 'ping' them since they are on the same subnet and connected with the same switch.

 

[IllogicallyLogical]

If the workgroup PC's are running XP Pro, he should disable Simple File Sharing on them. He would then need to create a user account with a password for every user in the workgroup on each PC that is sharing files. For exampe if John Smith has an account with password xxxxx on computerA, create the same account name and password on computerB and C. Then you can begin controlling access by adding the workgroup users to the ACL. This link is a really good step by step process for setting this up.

- Windows XP Professional File Sharing (Simple File Sharing Disabled)

http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm

Joey
CCNA, MCP, A+, Network+, Wireless#

 

[gmail2]

Also maybe enable the windows firewall and configure the exceptions to only allow access from the workgroup PC's.

Good Luck !!

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau