Prevent directory listing of Windows 2000 server shared folder
Posted on 2006-03-29
We have Pegasus Opera II program and data files stored in a share on our Windows 2000 Server.
The data directory which holds the MS Visual Foxpro dbf database files needs to be left with the security group Domain Users having full access.
Obviously, we can restrict access to the payroll through Pegasus Opera itself however, today a network user has browsed into the directory either via the mapped network drive letter or UNC and opened one of the payroll dbf files using MS Excel!
I now have a method to hide the payroll files in a directory of their own with restricted Windows 2000 NTFS file permissions. However, my FD is concerned about the remaining data files which contain sensitive data such as cost prices, profit margins, customer data, etc.
Due to the way Opera works (when a sales invoice is raised for example, the user requires access to the sales ledger, stock & invoicing data files) all of the remaining data files must be left with full access permissions to all users who require access to Opera.
The user who accessed the file needs to have access to Opera to perform their duties as do about 90% of the companies computer users so I can't just deny him/them access via NTFS permissions.
As the database files can be opened with MS Excel, MS Access or an ODBC link, my thought is to "hide" them from directory listings so that users simply can't see them.
This sounds good in theory but I'm not sure that it can be done. Does anyone have any ideas, suggestions or software solutions please? I have asked our opera reseller who basically said, "yes, this is a known issue with no known solution" but there must be something. Surely companies can't be expected to leave their data files open to this level of abuse.