[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


6 PC's in a WORKGROUP - can I block another Administrator from local shares but allow remote (internet) access through the shared line?

Posted on 2006-03-23
Medium Priority
Last Modified: 2013-12-23
There are 6 PC's. All run XP. All are sharing the same one connection to the internet.

4 are "Users" granted permissions to certain folders on the local network.

2 users are Admins.

How can I completely block the other Admin from the local folders,
but still let him access the external internet on his own PC?
(basically so he can screw up his own system with pr0n and warez
but not the others!)?

The big problem is, he owns the laptop, so he MUST be an Admin,
just cannot take those rights away from him, sorry! But I want to
let him get on the external nternet and not mes with the other local
users accounts etc. Since he is in fact an Admin this sounds impossible
to me!

Its just a normal home setup with a dad as admin and his eldest son
also an admin. If you ask me, he should control his son and tell him
he can either have an "User" account and not have any access to
the local folders OR stop messing about! Thats AN answer but maybe
you can block another Admin?  problem is, he could block you the
same way if he found out how so its really very silly! Hence 500 points.
Question by:EE33
  • 3

Expert Comment

ID: 16300879
you are describing the main reason networks move to a domain

Accepted Solution

jonoakley earned 2000 total points
ID: 16301279
In a Workgroup setting all administration is done locally. So by it s very nature the local admin has complete rights to network user access to files the local system. You sound like a candidate for centralization. Set up one system as file server. Have all files required by everyone located on that system. create Username/Pasword for all user on the file server.
When setting up shares and users on a workgroup the Authentication information must be manually maintained locally.

Grant the proper access to critical files.

The fileserver does several things for you. It gives you a central location for backup and restore. It supplies your users with one set of files instead of 6 copies. Nesw users and password only need to be duplicated on the single system
If your troubled admin crashes his system he can rebuild and your files are safe.
The downside is you must keep critical files off his system and the file server has to be on when files are needed.

Author Comment

ID: 16310223
I think I understand it... one PC has all the
user accounts (Active Directory?) and in this
case - no matter what the other users are,
(Admins or not) only the one domain controller
(the main one with the 6 accounts in Active
Directory) can say whether that admin can
access this domain? In fact it does not make
ANY difference what he is does it?! As long as
I set the permissions, he has no access to this,
but does have access to the line outside, because
after all, he just has to install a modem and know
the username to log onto the internet - thats not
Active Directory though and that can have its own

I will have to give you the points, I never even thought
of the simplicity of it, Active Directory of course!

Expert Comment

ID: 16322748
Before we go futher
You stated you were in a Workgroup
With additional information and feedback, I to believe you have a domain and AD setup. If that is the case ignore the first post. A Workgroup is by definition lacking a Domain Controler.

The two types of networks are WorkGroup and Domain.As I stated the user authorization is handled by the local machine. So the local system would need a user/password entered to authorize access. in a Domain the Controller handles the authorization and grants premission to network resources. With a DC added to the mix, the local machines become network resources.
At the same time the can still contain local premissions

So if you have a DC, make the trouble spot a simple user and grant permissions as needed. He can maintain a local profile on lhis personal system as admin but as soon as he logs onto a different system he becomes a simple user and no longer has admin permissions. These permission can also extend to not allowing him to log onto any system but his own.

So in short with a Domain you have all sorts af administrtive possibilties. and you are right at the cusp of where i would start think of a simple domian (5)


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question