Encryption over a network

Toggle sidebar Toggle sidebar
S

Swampster

Senior member
Mar 17, 2000
349
0
0
I have a server running Windows 2000 Server and two work stations running Windows XP Professional.

Both workstations access the Public folder on the server for their documents. One person is the owner, and the other the office manager, so there is no security problem at that point.

Now, they want to have a project engineer access the files via pcAnywhere 10.5 using XP workstation #1. This means that he would have complete access to anything that this workstation can access. Would it work to encrypt the folder so that only the owner and the office manager would have the key? Is there an easier way to do it?

the Swampster
 
G

gaidin123

Senior member
May 5, 2000
962
1
0
Correct me if I'm wrong but why can't you just have 3 logins to the machine if this is not on a domain? The owner and office manager can have full control and the PCA user can log in to the windows workstation remotely as a 3rd user who only gets read access to the share. I have a feeling I'm missing something though. :)

If PCA won't work right in that scenario, remote desktop (if XP Pro) is another option.

Gaidin
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Gaidin, sure sounds like what you are suggesting will work. Then the server just needs appropriate share or file acl's on the files so the third user doesn't have access.

Bill
 
S

Swampster

Senior member
Mar 17, 2000
349
0
0
Good Morning,
Things are still pretty soggy here in central Florida, but we do have power, so we can continue to work on this problem.

Gaidin: The server IS a domain server.

Let me be a little bit more specific with my needs:

The various folders in the Public folder are accessed as Mapped Drives, and the particular folder that is concerning us contains information that we would rather not be viewed by anyone other than the owner and/or the office manager. This is information that would be valuable to someone should they have the ability to read it and then at a later date leave the company.

This remote user would be signing in under his own name and password, but once in the computer (which is logged into the server under the office manager's credentials), the remote user would be able to use the system as if they were the office manager.

As a workaround, the office manager is deleting the Mapped Drive to these confidential files at the end of her shift, and then remapping it the next morning.
 
I

InlineFive

Diamond Member
Sep 20, 2003
9,599
2
0
Well, I think what you can do is set up a seperate user for each person in the office. Then specify NTFS permissions to those files for specific users. And for the remote user bit I believe what you need is simply VPN (with Remote Desktop?).

I'm a newbie to Windows Server so someone correct me if I am wrong.
 
G

gaidin123

Senior member
May 5, 2000
962
1
0
Originally posted by: Swampster

This remote user would be signing in under his own name and password, but once in the computer (which is logged into the server under the office manager's credentials), the remote user would be able to use the system as if they were the office manager.

As a workaround, the office manager is deleting the Mapped Drive to these confidential files at the end of her shift, and then remapping it the next morning.
Click to expand...

This is the confusing part for me. Why does the PCA user log in to an existing Windows session? I'm not too familiar with PCA but will it not work if they authenticate as the remote user and those credentials can't get passed on as the workstation login? If that is the case is having them use remote desktop a possibility? It's exactly like terminal services where the remote user must authenticate against the domain and you can do all your shares and permissions that way.

Basically if the PCA user is somehow logging into a machine that is already authenticated against your domain as your office manager, deleting the mapped drive is doing the whole security through obscurity thing. If your PCA user knows the UNC path of the file share he can get to the info. This would also allow him to open up Outlook and read your office manager's email if he *is* the office manager according to your domain.

Gaidin
 
A

Abzstrak

Platinum Member
Mar 11, 2000
2,450
0
0
dont use pcanywhere, use remote desktop... dont login under the mangers login, make his his own and limit his access to what he needs only.
 
S

Swampster

Senior member
Mar 17, 2000
349
0
0
Abzstrak,

OK, answer this . . . does the Mapped Drive go with the user or is it effective for any user on that system? If it is only effective for the currently logged in user, then it would be simple to create a second user with lesser permissions and just not have that folder mapped to him.

 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: Swampster
Abzstrak,
OK, answer this . . . does the Mapped Drive go with the user or is it effective for any user on that system? If it is only effective for the currently logged in user, then it would be simple to create a second user with lesser permissions and just not have that folder mapped to him.
Click to expand...

The mapped drive goes with the user, not the machine.

Best,
Bill
 
A

Abzstrak

Platinum Member
Mar 11, 2000
2,450
0
0
yea, just make people login scripts, and make a different login script for the castrated user...
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom