Secure sharing over a large network

[zmaster]

The setup is as follows
Users>Active directory
Now i need to set up a folder on the server that is going to be highly protected and only 3 users will have access to it. Within the folder will be document files (.doc,.exl) that need to be modified by those three users on the fly, and also being able to save there easily.

In other words i need something that will stop others from accessing that folder, but is easy enough to set up for the 3 that can edit it. I know windows server has decent password encryption, but i need something beyond that.

Any ideas?

 

[imported_snikt]

Set up your share, afterwards set the NTFS permissions for it.

NTFS permissions

 

[RebateMonger]

Not sure what you are wanting. The standard way of limiting access to a folder on a Windows server is to set the Sharing to "Everyone, Full Control", give Security rights to the desired Users or Groups, and to remove the default "Read Only" access for "Users".

If you want some improvement in logon security, you can consider the use of SmartCards for multi-factor authentication.

There are a couple of gotcha's in all this:
a) Unless encrypted, backups can be read by anybody who has possession of them.
b) The same with the hard drives themselves. Anybody who has physical access to the Server can access the files if determined enough.
c) If the User doesn't lock his/her computer and walks away, anybody sitting down at that PC can access the files.

 

[zmaster]

ok. maybe i was not making myself clear.
I run a server that users use to store files. Now i would like to give one folder an extra layer of protection, more than windows server can offer me.
I was thinking of rarring that entire folder and putting a password on it, but most people dont know how to use winrar. So i was thinking if there is a program similar to winrar, but easier to use.

 

[Fardringle]

It is very easy to use NTFS permissions to set it so that only those three users can view or access the files and the folder (properly set, other users can't even see that the folder exists). Why do you need more security than that?

 

[RebateMonger]

Originally posted by: zmaster
I was thinking of rarring that entire folder and putting a password on it, but most people dont know how to use winrar. So i was thinking if there is a program similar to winrar, but easier to use.

You could apply EFS file encrytion to the folder. Permissions to users other than the owner must be done one user at a time. User permission to decrypt the files will still be based upon their AD User authentication. Before using EFS, be sure to read and understand Microsoft's papers on EFS and understand what preparation is needed to be able to recover the files in case of the loss of your Server's operating system. There are other encryption options avalable, too.

 

[zmaster]

thanks guys. you were really helpful.