Solved

Preventing access to local drives but allowing mapped drives

Posted on 2001-06-29
9
347 Views
Last Modified: 2008-03-06
I wish to prevent Write access to local drives but still allow access to server mapped drives.


The environment is NT server V4 using policies on win 95/98 clients.

The users should still have access to the local hard drive for read purposes as the applications are stored there.

PLease advise.
0
Comment
Question by:sebdb
9 Comments
 
LVL 23

Expert Comment

by:slink9
Comment Utility
You don't have this type of built-in security using 95/98 clients.  I am sure there are third-party utils that will allow this, I just can't find one at the moment.
Of course, you could always build systems without floppies so there is no way a user can install a program and then use the NT policies to restrict what the user can receive/run.
0
 

Author Comment

by:sebdb
Comment Utility
we can do the policty thing but they can still get access to the HDD via  explorer
0
 
LVL 23

Expert Comment

by:slink9
Comment Utility
How savvy are these users?  You could use something like tweakui to restrict cretain functions of the desktop - http://support.microsoft.com/support/kb/articles/Q253/2/12.ASP?LN=EN-US&SD=gn&FR=0&qry=powertoys&rnk=9&src=DHCS_MSPSS_gn_SRCH&SPR=W95 (method 2 has both 95 and 98 versions).
And here is a link to two additional programs - http://www.zdnet.com/anchordesk/stories/story/0,10738,2628657,00.html
0
 
LVL 2

Expert Comment

by:haasjoh
Comment Utility
Try useing secure PC. It's kind of like policy editor but a whole program of it's own. We use it to lock our hacking corrections people down.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Take a look at these

QUOTE

Folder Guard helps you to keep sensitive files and folders safe and secure on your computer. It's highly configurable and very easy to administer, with excellent documentation readily available. An Explorer-style interface allows you to easily select folders to protect. You can choose to hide the contents of individual folders, tag folders and contents as read-only, or render them unavailable and totally invisible. The features work not only in Explorer, but also in any file dialog in other applications. The main program is protected by an administrative password, and you can assign individual passwords to gain access to protected folders. A separate program is included to let you quickly toggle the protection on and off.
Reviewed on May 17 2000.

UNQUOTE
http://www.zdnet.com/downloads/stories/info/0,,000DQW,.html



QUOTE

Sentinel is an interesting security utility you can use to apply very specific restrictions to files on your PC. It runs from the system tray, enforcing restictions you've imposed on selected files and folders. The specific security options are available from a new tab the program adds to the Properties dialog box you can access by right-clicking any file or folder in Explorer. You can log and/or deny access to any unauthorized user that attempts to open, read, and/or write to files, and you can deny access to the contents of selected folders. An available control panel allows you to toggle this functionality on and off, and turn it off for a specific period of time. Other features include stealth mode and logging support. Sentinel is a snap to use, and provides the power and versatility you need to protect your sensitive data files.
 
UNQUOTE
http://www.zdnet.com/downloads/stories/info/0,,00125K,.html



QUOTE

Encryption Plus? Folders Freeware is a fast easy-to-use program that performs on-the-fly encryption. You just put your confidential files in a single folder and point-and-click. You don't have to think about security or remember anything except your password. Folders Freeware does all the work behind the scenes, encrypting and decrypting your files automatically and transparently as you use them. Super easy-to-use. Windows 95/98/ME and Windows NT/2000 compatible. Full-featured versions of Encryption Plus? for Folders are available for purchase in Standard and Enterprise editions.

UNQUOTE
http://www.pcguardian.com/folders_download/index.htm



Windows Security Toolkit
QUOTE

Restrict Access to Passwords Settings, Restrict Access to Network Settings, Restrict Access to Display Settings, Restrict Access to Device Manager, Restrict Access to Hardware Profiles , Restrict Access to Virtual Memory Setting, Restrict Access to File System Setting, Restrict Access to Printer Setting, Restrict User from adding Printer, Restrict User from deleting Printer, Hide Printers General and Details Pages, Hide System Settings Control Panel, Restrict Access to Modem Settings, Restrict Access to Regional Settings, Restrict Access to Internet Settings, Restrict Access to Multimedia Settings, Restrict Access to Add/Remove Programs, Restrict Access to Power Management, Hide All items on the desktop, Remove Favorites Folder from the Start Menu, Remove Documents Folder from the Start Menu, Hide the task bar settings from the Start Menu, Remove Find Command from the Start Menu, Restrict changes to enabled Active Desktop, Disable use of Active Desktop Feature, Clear the recent Documents when Windows Exits, Disable Modification of Start Menu, Remove the Run Command from the Start Menu, Remove the Folders from the Start Menu, Remove the Help Option from the Start Menu, Disable File Sharing over the network, Disable Printer Sharing over the network, Hide Shared Passwords With Asterisk, Disable Save Password Option in DUN-NT, Don't display Username on logging in NT, Disable Caching of NT Domain Password, Hide Workgroup Content from Network Neighborhood, Remove Entire Network from Network Neighborhood,Fix DHCP Security Bug in Windows 9x/NT/2000 to stop hackers from accessing your system, Hacker Guard - Disables Hackers from using a modem to access the Internal Network, Disable MS-DOS mode in windows,   Disable use of real mode Dos Applications, Reset the Content Advisor and Ratings Password, Disable Internet Explorer Content and Ratings Advisor, Restrict User from changing Internet Explorer Advanced Settings, Restrict User from Accessing your personal profiles in Internet Explorer, Restrict User from Accessing Information from your Internet Explorer Wallet, Disable ability to run registry editing tools, Disable Windows Password caching ability, Restrict access to event logs in Windows NT and 2000, Disable use of Windows Hot Keys.

UNQUOTE
http://sensor.hypermart.net/winsecure.htm



Magic Folders  
QUOTE

Your invisible folders and files can't be deleted, viewed, modified, or run. For all practical purposes they don't exist. Use Magic Folders to protect your finances, taxes, business and personal documents. Others won't know these files exist and they won't be able to accidentally delete or modify them either. With Magic Folders you can turn your computer over to your children or co-workers without worrying if they'll delete, modify or view important files.

UNQUOTE
http://www.pc-magic.com/des.htm



Steganos 3 Security Suite
QUOTE

02-23-2001 - The Steganos 3 Security Suite is a complete, easy to use security package. Steganos encrypts and conceals your data. The Steganos Safe is your secure hard drive, which disappears at the click of a button. Includes: Internet Trace Destructor, file shredder, e-mail encryption, password manager, and computer locking

UNQUOTE
http://www.steganos.com/en/


Other considerationsl
http://www.scramdisk.clara.net/
http://www.e4m.net/
http://www.fortunecity.com/skyscraper/true/882/SecureTrayUtil.htm


The Crazy One
0
 

Expert Comment

by:jhawklyn
Comment Utility
I don't believe any of the proposed solutions will provide protection against any knowledgeable user.

- Anyone booting in safe-mode will be able to bypass the normal Windows startup which is required to load the protections listed above.

- anyone booting with a boot disk/device can access the hard drive files.

OTOH, these programs should provide protection against casual users.

For more real security a more secure OS like NT, OS2 or Linux is needed.
0
 
LVL 41

Accepted Solution

by:
stevenlewis earned 300 total points
Comment Utility
Keep in mind that w98 does not have a seperate "system" account, and if you disable all write to the disk, then the OS will not be able to write to it (swap file) and you will have real problems. If you really need this, then upgrade to NT/w2k pro
0
 
LVL 23

Expert Comment

by:slink9
Comment Utility
sebdb, what is the story? How knowledgeable are your users?  Any solution yet?
0
 
LVL 11

Expert Comment

by:griessh
Comment Utility
I think you forgot this question. Please grade the answer(s) given or ask back if there is more information needed. I will ask CS to close this question if there is no more feedback.

Please do not accept this comment as an answer!
======
Werner
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
how to create custom bootable image of Centos 7.2 4 87
AS400 Logging Print device 2 67
Window 7 local DNS 9 80
DNS Dynamic Update 7 58
Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video discusses moving either the default database or any database to a new volume.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now