A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive on every computer in the network. A common practice in Peer to Peer networking is not having a computer running a Windows Server operating system. In the absence of a designated and capable Server, one is reliant on a peer to peer network to reach the files they need. Every computer on the network is more or less equal in terms of capabilities while remaining subject to unique settings.
Peer to peer networks are VERY common in small offices. It's difficult for small organizations to justify the cost of an extra computer with a relatively expensive operating system such as Windows Server 2010, let alone afford the professional configuration and ongoing maintenance of a specialized system. As long as files can be shared throughout the organization and security requirements are modest, a Server-based system can be hard to justify.
The purpose of this paper is to serve the needs of those who operate peer to peer networks and want to have defined levels or partitions for file sharing. Their purposes could be different but here we’ll assume that their objectives more or less fit into this list:
- Some files are confidential and should only be accessible by the owners or top management.
- Some files are confidential and should only be accessible by employees who understand the requirements of company and personal information security (for example, HIPPA).
- Some files are valuable and should not be subject to being deleted or modified except by designated people.
- Some file storage locations are casual and can be used and modified by anyone.
We will start with a small organization that has made file sharing easy. We still want to make it easy but within defined limits of access (to “read” or copy files) and defined limits of removal or modification (which amounts to “writing” into or over those files). The assumption is that “Everyone” (a descriptive term referring to file access in Windows) has effective Read/Write access to all the files in the organization.
An Approach to File Sharing
If there are going to be levels of access then it makes sense to start out by defining categories of files according to business objectives:
- Files only accessible by Owners or Management
- Files only accessible to Workers (and Owners and Management)
- Files only Read accessible to Workers.
- Files only Read accessible to Everyone.
- Files Read/Write accessible to Everyone.
The idea here is to create a very simple file structure: those tied down very tightly, those tied down somewhat and those not tied down at all. With this in mind, it’s probably easy to envision all manner of variations – but we’ll not explore that possibility too much.
It is very important that the organization determine which files, or types of files, will fall into which of their defined categories. Keeping it as simple as possible is important.
Once the file partitioning ideas have been drafted then it’s time to decide how access to real people will be implemented. Just as files are organized into groups, so are the people. But these groups of files and groups of people don’t necessarily match up one to one. Presumably, managers can see all the files and visitors can only see the more casual files.
When file sharing is made very simple and Everyone can see shared files then the file security mechanisms are generally obscured. They are still there but have little practical impact. Let’s take a few minutes to examine our familiar computer network in some detail regarding network file access.
The UNIX and Windows logon models
Networked computers were around before Windows. UNIX was a very influential computer operating system and remains today in a number of variants including LINUX. We can see the influence of UNIX on the Windows architecture even though they have at least one very significant difference. In the UNIX world, computers were often centralized and many people would need and want to use them at the same time.
This led to a Multiuser approach that allowed users to log on to the centralized computer all at the same time – as if the others weren’t there at all. This was a natural result of there being a centralized computer (as compared to personal computers) that was accessed using computer terminals (generally a keyboard and a monitor and no mouse). In this environment, users had their own file space and were more or less given the impression that the entire computer was “theirs” for doing their work. To be sure, file sharing and Read/Write privileges were available in UNIX.
In contrast, among other things, Windows is built to operate a personal computer. So, it would appear at least that there are different kinds of logons. First, there are the logons of the Users who normally use that computer at the keyboard. For these Users, the computer can have one of them logged on or more than one of them logged on but only one of them active in the sense that the active User has control of the keyboard and monitor. In that sense, it appears that there is only ONE user logged into the computer / operating system at a time.
In common use, these logons are really about which people can use the computer: run programs, enter data, etc. and when they can do it. But where file sharing is concerned, things are much more like the UNIX approach. In the UNIX context we might say that there was no “Owner” or primary user or even the notion of “which user is logged on?” because all users were more or less created equal in that broad context. Because of the UNIX influence we believe this is a good model for looking at file sharing in Windows. For file sharing purposes, all users in Windows are more or less created equal – whether they are sitting at that computer, have logged onto that computer (and may have walked away from it), are a non-person logon, or were sitting at a terminal in another office.
Note: The “computer” that we’re talking about here is the one computer that has file storage. Any other computers are merely “terminals” for this discussion. This is very much a “one way” situation. It doesn’t matter which User is logged onto the computer while others are accessing the files. In fact, there need be NO logon at the computer which is providing file storage. That aspect has no bearing on file sharing.
What may be of some interest though is what level of file access does the user have who is
logged onto the computer itself for general use. That user will generally have broad access as initially configured but may have more restricted access if desired.
The real concern and interest is “how do we implement partitioned access for all the users?” A popular and, for small groups, workable approach is often recommended:
“For every person in the organization, they each will surely have a User Account on their personal computer. Simply add that same User Account name and password to any other computer that they need to access.”
In doing this, the User Account may be an Administrator account on their own personal computer and may be a Standard account on all the other computers. What’s important is the account name and password.
Once the User Accounts have been established, the next step is to give access to each User to various file folders on the computer. While this could be done file folder by file folder, it’s at least conceptually easier to provide file folder access to Groups and to include User Account names in various Groups. This allows file access control to be consolidated and to be more structured.
For example, if we have:
- Managers Joe and Sally;
- Workers Mike and Alice and
- Public members Mary and Tim,
we would assign:
- Joe and Sally to a Group called Managers;
- Mike and Alice to a Group called Workers and
- Mary and Tim to perhaps no Group at all (because we are going to use the existing Group called Everyone for more “public” access).
What’s then left to do is to give file access to Managers, Workers and Everyone at the intended file folders on the “file computer”.
Earlier we said that it doesn’t matter which User Account is logged in to the “file computer” FC. But it does matter which User Account is logged in to any of the “client computers”. Here’s an example:
“FC” has Users as follows.
Joe – a Standard User in the Managers Group
Sally – a Standard User in the Manager’s Group
Mike – a Standard User in the Workers Group
Alice – a Standard User in the Workers Group
Mary – not a member of any special Group
Tim – not a member of any special Group
Then, on another computer “PDX” we have Users as follows:
Joe – an Administrator User
Tim – an Administrator User
Alice – a Standard User
If Joe is the active User on PDX then Manager files on FC are accessible.
If Tim is the active User on PDX then public files only on FC are accessible.
If Alice is the active User on PDX then Worker files on FC are accessible.
So, it does matter which User Account is active on the client computer PDX in accessing files on the “file computer” FC.
So far, all of the file access permissions have been established through the use of a User Account on each computer that’s involved. This isn’t the only way that a User might be granted access. If you open Control Panel / User Accounts, you will be in a dialog window that deals with the current user.
On the left side, there is a link: “Manage your credentials”. If you open it, you will see a dialog that includes “Add a Windows Credential”. If you click on that link, you will be prompted for a computer, username and password. Using this dialog, one can establish a credential for logging into another computer – which may have higher-level privileges than the current User Account on either computer, this client or the “file computer”. But, one must know the username and password for a User Account that has those higher privileges.
Once this is entered, the current user can hereafter log in to other computers with the privileges of a Manager, a Worker … whatever that match the privileges of the credentials just entered. Assuming that a Manager wanted to grant access to a Worker, the Manager could enter the credential information as above without divulging the logon information. Then, when access is no longer needed, the credential could be removed. At this point, access will be terminated if any corresponding session is removed from the “file computer”.
Similarly, this can be accomplished by the current user logging directly nto the “file computer” and attempting to access a blocked file folder. Doing this will result in a message “You don’t currently have permission to get access to this folder / [Continue] [Cancel]. By pressing Continue, a dialog appears that requires the password for an Administrator of the file computer. IF this password is provided then the current User is given permission to access the folder. However, this permission will not carry over to file accesses attempted from another computer.
Universal User Accounts
So far we have addressed the use of individual User Accounts which must be established on all computers involved in file sharing. When the aspect of periodic password changes is included, there may be quite a few computer entries to be changed. Not only is this a task but there is the probability that some will be missed unless there is a very methodical process defined and followed. Going back to practices that made things easy, is there a compromise practice?
One compromise practice is for all Managers to use the same logon and for all Workers to use another logon that’s the same for them. This eliminates security between the Manager’s computers and files and it increases the probability that a logon will be “leaked” to others. But it allows for a single User Account / logon to be used throughout the organization for this Group. Doing this would alleviate some of the concerns mentioned above.
A variant on this theme would be to have both individual User Accounts and a Universal Manager User Account. Then users could log onto their own computer with either one depending on the tasks to be accomplished. There are lots of possibilities.