• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 675
  • Last Modified:

6 PC's in a WORKGROUP - can I block another Administrator from local shares but allow remote (internet) access through the shared line?

There are 6 PC's. All run XP. All are sharing the same one connection to the internet.

4 are "Users" granted permissions to certain folders on the local network.

2 users are Admins.

How can I completely block the other Admin from the local folders,
but still let him access the external internet on his own PC?
(basically so he can screw up his own system with pr0n and warez
but not the others!)?

The big problem is, he owns the laptop, so he MUST be an Admin,
just cannot take those rights away from him, sorry! But I want to
let him get on the external nternet and not mes with the other local
users accounts etc. Since he is in fact an Admin this sounds impossible
to me!

Its just a normal home setup with a dad as admin and his eldest son
also an admin. If you ask me, he should control his son and tell him
he can either have an "User" account and not have any access to
the local folders OR stop messing about! Thats AN answer but maybe
you can block another Admin?  problem is, he could block you the
same way if he found out how so its really very silly! Hence 500 points.
0
EE33
Asked:
EE33
  • 3
1 Solution
 
jonoakleyCommented:
you are describing the main reason networks move to a domain
0
 
jonoakleyCommented:
In a Workgroup setting all administration is done locally. So by it s very nature the local admin has complete rights to network user access to files the local system. You sound like a candidate for centralization. Set up one system as file server. Have all files required by everyone located on that system. create Username/Pasword for all user on the file server.
When setting up shares and users on a workgroup the Authentication information must be manually maintained locally.

Grant the proper access to critical files.

The fileserver does several things for you. It gives you a central location for backup and restore. It supplies your users with one set of files instead of 6 copies. Nesw users and password only need to be duplicated on the single system
If your troubled admin crashes his system he can rebuild and your files are safe.
The downside is you must keep critical files off his system and the file server has to be on when files are needed.
0
 
EE33Author Commented:
I think I understand it... one PC has all the
user accounts (Active Directory?) and in this
case - no matter what the other users are,
(Admins or not) only the one domain controller
(the main one with the 6 accounts in Active
Directory) can say whether that admin can
access this domain? In fact it does not make
ANY difference what he is does it?! As long as
I set the permissions, he has no access to this,
but does have access to the line outside, because
after all, he just has to install a modem and know
the username to log onto the internet - thats not
Active Directory though and that can have its own
password.

I will have to give you the points, I never even thought
of the simplicity of it, Active Directory of course!
0
 
jonoakleyCommented:
Before we go futher
You stated you were in a Workgroup
With additional information and feedback, I to believe you have a domain and AD setup. If that is the case ignore the first post. A Workgroup is by definition lacking a Domain Controler.

The two types of networks are WorkGroup and Domain.As I stated the user authorization is handled by the local machine. So the local system would need a user/password entered to authorize access. in a Domain the Controller handles the authorization and grants premission to network resources. With a DC added to the mix, the local machines become network resources.
At the same time the can still contain local premissions

So if you have a DC, make the trouble spot a simple user and grant permissions as needed. He can maintain a local profile on lhis personal system as admin but as soon as he logs onto a different system he becomes a simple user and no longer has admin permissions. These permission can also extend to not allowing him to log onto any system but his own.

So in short with a Domain you have all sorts af administrtive possibilties. and you are right at the cusp of where i would start think of a simple domian (5)

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now