• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 338
  • Last Modified:

WIN2003 Server Security

We have Win2003 Server and a server folder of program files & data is being shared with access from Windows XP PC's. The server folder is set-up as a mapped drive on the client PCs.  We want the users to be able to run the program files which will access the data, but not be able to get to the data via other software such as Windows Explorer.  How can we restrict users in this way?
0
tkgallagher
Asked:
tkgallagher
  • 3
1 Solution
 
Dmitri FarafontovLinux Systems AdminCommented:
Try something called:
Windows Server 2003 Access-based Enumeration
http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en

Overview
Windows Server 2003 Access-based Enumeration makes visible only those files or folders that the user has the rights to access. When Access-based Enumeration is enabled, Windows will not display files or folders that the user does not have the rights to access. This download provides a GUI and a CLI that enables this feature.
0
 
Dmitri FarafontovLinux Systems AdminCommented:
Additionaly have a look at
Windows Server 2003 Security Guide

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
0
 
tkgallagherAuthor Commented:
Hi,
Access-based Enumeration sounds useful, but I dont think it addreses our core issue, whixh I will try to explain more clearly with a simplified example.
The Win 2003 Server has a folder called BIZAPP. On the WinXP client machines BIZAPP is mapped to say the G: drive.
Then the user will use a shortcut to run G:\APP1.EXE  on his PC and APP1.EXE will read and write data files G:\DATA1.DAT, G:\DATA2.DAT, etc (about 100 data files in reality).
We want the security set-up to allow the user to use APP1.EXE to access the data files on G:\  i.e. the server's BIZAPP folder,
but the user must NOT be able to view/copy those data fiels usin gother applications such as Windows Explorer.
We can split the APP1.EXE and the DATA files into separate folders if that helps.
(For other reasons Terminal Services cannot be used as the workaround.) Thanks.
 
0
 
Dmitri FarafontovLinux Systems AdminCommented:
Than at this point access control lists are your best bet. Since the application and users run under different access levels, it will be possible to separate the security from the actual data. Good Luck.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now