Solved

File security on an XP pro network

Posted on 2003-12-10
11
345 Views
Last Modified: 2010-03-19
I have a small network of 4 computers all running XP pro and using simple “workgroups” MS networking. I want all users to file/save all their work in one specific partition on the biggest of the 4 machines ( aka the Server). So far so good……However if anyone makes a change to a file I would like this to be as a new version only, and leave the original intact. Similarly I do not want anyone ( except me!)  to be able to delete files which are on the Server. The files will be a broad spectrum of everything from MS word docs to Autocad drawings……Any ideas?
0
Comment
Question by:SeanPP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 4

Expert Comment

by:Jivko
ID: 9911618
This partition should be formated with NTFS file system
So you can make accounts for all users and you on "aka the Server" with apropriate NTFS permisions for the "specific" partition

Regards
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9912605
Windows security does not have the ability to mask file permissions in that way in any practical sense.

You are looking for a version control system, or document management system.
Sharepoint is Microsoft's offering.
If you're using Autocad, you should visit http://www.oasys-software.com/

0
 
LVL 6

Expert Comment

by:Sebo2000
ID: 9912658
there is many ways to do that, creatre folder for each user and one for everyone, in the one for everyone put all the files, and give them just read access, then give them full accces to their folders, and tell them to take a job from the all user folder and safe it in their folders, you need NTSF partition on the server for that. plus you need account and passwords of all the users created on the server same like they have on the local machines, this way they will not be prompted for the password each time they conenct to shares

Take Care
Sebo
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:SeanPP
ID: 9934384
nice idea Sebo..but that does rely on the users ...er, shall we say listening to what they are told. I thought about putting everything in one folder on the server and making everything read only. That way when they make changes they would have to "save as". I am making all file names made up of title and date...yes that is cumbersome but it keeps things simple......

Anyone have a better idea?
BTW all partitions are NTFS

Ps great answer Sebo and Chicagoan...
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9934793
That's about the most practical work-around, run a cron job to flag them RO or take ownership with cacls.
If you can get your checkbook and head around a proper document management system you won't be sorry.

0
 

Author Comment

by:SeanPP
ID: 9935049
Sorry Chicagoan......what is "cron job"  and also "calcs"? Also, can you reccomend a documnet managment system?

Thanks

Sean
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9935091
Document management systems:
If you're using Autocad, you should visit http://www.oasys-software.com/
Sharepoint is Microsoft's offering. http://www.microsoft.com/sharepoint/

Windows includes a task scheduler
http://www.informit.com/isapi/product_id~%7B36A56CAB-A3C5-4101-A099-24D742D50FB5%7D/content/index.asp
cron is a scheduler ported from unix, try the above to see if it works for you first.



CACLS.exe

Display or modify Access Control Lists (ACLs) for files and folders.

Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL's from the folder where it was created.


syntax
      CACLS pathname [options]
      CACLS pathname
key   options can be any combination of:   /T Search the pathname including all subfolders.
   /E Edit ACL (leave existing rights unchanged)   /C Continue on access denied errors.
   /G user:permission      Grant access rights, permision can be:          R Read
         C Change (write)
         F Full control
   /R user      Revoke specified user's access rights (only valid with /E).
   /P user:permission         Replace access rights, permission can be:          N None
         R Read
         C Change (write)
         F Full control
   /D user Deny specified user access.    In all the options above "user" can be an NT Username
   or an NT Workgroup (either local or global)

   If a username or groupname includes spaces then
   it must be surrounded with quotes e.g. "Authenticated Users"

   If no options are specified CACLS will display the ACLs for the file(s)
Other features to try

Wildcards can be used to specify multiple files.
You can specify more than one user:permission in a single command.
The /D option will deny access to a user even if they belong to a group that does have access.

Using CACLS

The CACLS command does not provide a /Y switch to automatically answer 'Y' to the Y/N prompt. However, you can pipe the 'Y' character into the CACLS command using ECHO, use the following syntax:

ECHO Y| CACLS /g <username>:<permission>


To edit a file you must have the "Change" ACL (or be the file's owner)


To use the CACLS command and change an ACL requires "FULL Control"


File "Ownership" will always override all ACL's - you always have Full Control over files that you create.


If CACLS is used without the /E switch all existing rights on [pathname] will be replaced, any attempt to use the /E switch to change a [user:permission] that already exists will raise an error. To be sure the CALCS command will work without errors use /E /R to remove ACL rights for the user concerned, then use /E to add the desired rights.


The /T option will only traverse subfolders below the current directory.

Examples:

Adding new file permissions to a group of users
CACLS myfile.txt /E /G "Power Users":F

If we now grant Read permissions to the same group they will still have FULL control
CACLS myfile.txt /E /G "Power Users":R

This command will replace the first ACL granted and allow only Read access:
CACLS myfile.txt /E /P "Power Users":R

0
 

Author Comment

by:SeanPP
ID: 9935799
Wow.......Fantastic answer Chicargo......It is going to take me a little while to understand this, but am giving it a go.....Thanks again, i'll let you know how i get on. Sean
0
 

Author Comment

by:SeanPP
ID: 9936924
On allmost the same subject......Is there a way of locking folders?....I mean some kind of password protection that one unlocks at the start of the day and then locks again when one has finished work. The files then being protected in case of ever being stolen?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
ID: 9937355
Files ARE locked, more or less, until you log in.
XP automates the login process for you but it doesn't have to be that way.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/usercpl_secureboot.asp
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSH setup on ASA 5505 17 127
GET INFO ABOUT WHAT THE PRINTER IS DOING ? 11 77
DESKTOP MONITORING 41 87
ICT security firms and audit/assurance offerings 3 39
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question