WIN2003 Server Security

We have Win2003 Server and a server folder of program files & data is being shared with access from Windows XP PC's. The server folder is set-up as a mapped drive on the client PCs.  We want the users to be able to run the program files which will access the data, but not be able to get to the data via other software such as Windows Explorer.  How can we restrict users in this way?
Who is Participating?
Dmitri FarafontovConnect With a Mentor Linux Systems AdminCommented:
Than at this point access control lists are your best bet. Since the application and users run under different access levels, it will be possible to separate the security from the actual data. Good Luck.
Dmitri FarafontovLinux Systems AdminCommented:
Try something called:
Windows Server 2003 Access-based Enumeration

Windows Server 2003 Access-based Enumeration makes visible only those files or folders that the user has the rights to access. When Access-based Enumeration is enabled, Windows will not display files or folders that the user does not have the rights to access. This download provides a GUI and a CLI that enables this feature.
Dmitri FarafontovLinux Systems AdminCommented:
Additionaly have a look at
Windows Server 2003 Security Guide
tkgallagherAuthor Commented:
Access-based Enumeration sounds useful, but I dont think it addreses our core issue, whixh I will try to explain more clearly with a simplified example.
The Win 2003 Server has a folder called BIZAPP. On the WinXP client machines BIZAPP is mapped to say the G: drive.
Then the user will use a shortcut to run G:\APP1.EXE  on his PC and APP1.EXE will read and write data files G:\DATA1.DAT, G:\DATA2.DAT, etc (about 100 data files in reality).
We want the security set-up to allow the user to use APP1.EXE to access the data files on G:\  i.e. the server's BIZAPP folder,
but the user must NOT be able to view/copy those data fiels usin gother applications such as Windows Explorer.
We can split the APP1.EXE and the DATA files into separate folders if that helps.
(For other reasons Terminal Services cannot be used as the workaround.) Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.