EE33
asked on
6 PC's in a WORKGROUP - can I block another Administrator from local shares but allow remote (internet) access through the shared line?
There are 6 PC's. All run XP. All are sharing the same one connection to the internet.
4 are "Users" granted permissions to certain folders on the local network.
2 users are Admins.
How can I completely block the other Admin from the local folders,
but still let him access the external internet on his own PC?
(basically so he can screw up his own system with pr0n and warez
but not the others!)?
The big problem is, he owns the laptop, so he MUST be an Admin,
just cannot take those rights away from him, sorry! But I want to
let him get on the external nternet and not mes with the other local
users accounts etc. Since he is in fact an Admin this sounds impossible
to me!
Its just a normal home setup with a dad as admin and his eldest son
also an admin. If you ask me, he should control his son and tell him
he can either have an "User" account and not have any access to
the local folders OR stop messing about! Thats AN answer but maybe
you can block another Admin? problem is, he could block you the
same way if he found out how so its really very silly! Hence 500 points.
4 are "Users" granted permissions to certain folders on the local network.
2 users are Admins.
How can I completely block the other Admin from the local folders,
but still let him access the external internet on his own PC?
(basically so he can screw up his own system with pr0n and warez
but not the others!)?
The big problem is, he owns the laptop, so he MUST be an Admin,
just cannot take those rights away from him, sorry! But I want to
let him get on the external nternet and not mes with the other local
users accounts etc. Since he is in fact an Admin this sounds impossible
to me!
Its just a normal home setup with a dad as admin and his eldest son
also an admin. If you ask me, he should control his son and tell him
he can either have an "User" account and not have any access to
the local folders OR stop messing about! Thats AN answer but maybe
you can block another Admin? problem is, he could block you the
same way if he found out how so its really very silly! Hence 500 points.
jonoakley
you are describing the main reason networks move to a domain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think I understand it... one PC has all the
user accounts (Active Directory?) and in this
case - no matter what the other users are,
(Admins or not) only the one domain controller
(the main one with the 6 accounts in Active
Directory) can say whether that admin can
access this domain? In fact it does not make
ANY difference what he is does it?! As long as
I set the permissions, he has no access to this,
but does have access to the line outside, because
after all, he just has to install a modem and know
the username to log onto the internet - thats not
Active Directory though and that can have its own
password.
I will have to give you the points, I never even thought
of the simplicity of it, Active Directory of course!
user accounts (Active Directory?) and in this
case - no matter what the other users are,
(Admins or not) only the one domain controller
(the main one with the 6 accounts in Active
Directory) can say whether that admin can
access this domain? In fact it does not make
ANY difference what he is does it?! As long as
I set the permissions, he has no access to this,
but does have access to the line outside, because
after all, he just has to install a modem and know
the username to log onto the internet - thats not
Active Directory though and that can have its own
password.
I will have to give you the points, I never even thought
of the simplicity of it, Active Directory of course!
Before we go futher
You stated you were in a Workgroup
With additional information and feedback, I to believe you have a domain and AD setup. If that is the case ignore the first post. A Workgroup is by definition lacking a Domain Controler.
The two types of networks are WorkGroup and Domain.As I stated the user authorization is handled by the local machine. So the local system would need a user/password entered to authorize access. in a Domain the Controller handles the authorization and grants premission to network resources. With a DC added to the mix, the local machines become network resources.
At the same time the can still contain local premissions
So if you have a DC, make the trouble spot a simple user and grant permissions as needed. He can maintain a local profile on lhis personal system as admin but as soon as he logs onto a different system he becomes a simple user and no longer has admin permissions. These permission can also extend to not allowing him to log onto any system but his own.
So in short with a Domain you have all sorts af administrtive possibilties. and you are right at the cusp of where i would start think of a simple domian (5)
You stated you were in a Workgroup
With additional information and feedback, I to believe you have a domain and AD setup. If that is the case ignore the first post. A Workgroup is by definition lacking a Domain Controler.
The two types of networks are WorkGroup and Domain.As I stated the user authorization is handled by the local machine. So the local system would need a user/password entered to authorize access. in a Domain the Controller handles the authorization and grants premission to network resources. With a DC added to the mix, the local machines become network resources.
At the same time the can still contain local premissions
So if you have a DC, make the trouble spot a simple user and grant permissions as needed. He can maintain a local profile on lhis personal system as admin but as soon as he logs onto a different system he becomes a simple user and no longer has admin permissions. These permission can also extend to not allowing him to log onto any system but his own.
So in short with a Domain you have all sorts af administrtive possibilties. and you are right at the cusp of where i would start think of a simple domian (5)