WIN2003 Server Security

Posted on 2006-05-03
Last Modified: 2013-12-04
We have Win2003 Server and a server folder of program files & data is being shared with access from Windows XP PC's. The server folder is set-up as a mapped drive on the client PCs.  We want the users to be able to run the program files which will access the data, but not be able to get to the data via other software such as Windows Explorer.  How can we restrict users in this way?
Question by:tkgallagher
    LVL 11

    Expert Comment

    Try something called:
    Windows Server 2003 Access-based Enumeration

    Windows Server 2003 Access-based Enumeration makes visible only those files or folders that the user has the rights to access. When Access-based Enumeration is enabled, Windows will not display files or folders that the user does not have the rights to access. This download provides a GUI and a CLI that enables this feature.
    LVL 11

    Expert Comment

    Additionaly have a look at
    Windows Server 2003 Security Guide

    Author Comment

    Access-based Enumeration sounds useful, but I dont think it addreses our core issue, whixh I will try to explain more clearly with a simplified example.
    The Win 2003 Server has a folder called BIZAPP. On the WinXP client machines BIZAPP is mapped to say the G: drive.
    Then the user will use a shortcut to run G:\APP1.EXE  on his PC and APP1.EXE will read and write data files G:\DATA1.DAT, G:\DATA2.DAT, etc (about 100 data files in reality).
    We want the security set-up to allow the user to use APP1.EXE to access the data files on G:\  i.e. the server's BIZAPP folder,
    but the user must NOT be able to view/copy those data fiels usin gother applications such as Windows Explorer.
    We can split the APP1.EXE and the DATA files into separate folders if that helps.
    (For other reasons Terminal Services cannot be used as the workaround.) Thanks.
    LVL 11

    Accepted Solution

    Than at this point access control lists are your best bet. Since the application and users run under different access levels, it will be possible to separate the security from the actual data. Good Luck.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now