Solved

How can I limit the access of a WIN Millennium machine to the rest of a Network of WIN XP's

Posted on 2006-10-19
10
235 Views
Last Modified: 2010-03-18
We have a LAN with three WIN XP SP2 systems and one WIN ME system, all with access to each other and to the internet via a router and DSL modem.  We want to move the WIN ME system to the semi-public room outside the office and use it for teaching via our wireless connection and the internet.  We expect eventually to let some teachers and students use it locally.

The problem is that we don't want to compromise the security of the three machines that are still in the office.  WIN ME doesn't seem to have real security.  So I'm wondering if there is an easy way to set up the WIN ME machine so that some random person in the public room couldn't turn it on and gain access to the machines in the main office.  It might be OK if the person, who might be a student or teacher, could access the internet only.

The minimum scenerio would be something like this:  The WIN ME computer would sit in the semi-public room.  For certain classes, the teacher of the class would be able to turn it on and use it in, e.g., a language class, by using the internet.  After the class, the ME computer would be turned off.  In the meantime, if somebody else came in an turned on the ME machine, we would want that person to have no access whatsoever to the XP machines on the same network.  If it could be arranged, that person could surf the web, but that isn't a requirement right now.  And the person would not be able to change the name of the computer or user, or fool around in other ways to gain access to the other machines.

It is also the case right now, that all the XP machines have the same user name for users and administrator.  It would be nice if the people in the office didn't have to login and logout all the time.
0
Comment
Question by:DentRouge
10 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 17763854
does your router support vlans or differnet subnets as you could put the me pc on a differnet vlan or subnet

0
 

Author Comment

by:DentRouge
ID: 17763878
Ianth,

We are using a Linksys WRT45.  I'm not sure, at the moment, it if does.
0
 

Author Comment

by:DentRouge
ID: 17763891
Ianth,

If the router allows this, that would probably allow for the initial configuration.  But for later we might want to have some access between machine for OK people.  The network name on the ME machine is protected by password?  Could one (and OK person) change the network name on the ME machine and then access the regular subnet?  That is, can the wireless portion allow for two subnets, and can a subnet exit partially on the wired part and the wireless part?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 8

Expert Comment

by:saw830
ID: 17770783
Hi,

What you will want to do is to create accounts on the WinXP machines and grant only those accounts access to files and such on the WinXP shared files.  Create matching username and passwords on the WinME machine for those people that should have access to the WinXP machine.

Hope this helps,
Alan
0
 

Author Comment

by:DentRouge
ID: 17770930
Hi saw830,

I was hoping to be able to exclude the ME machine without forcing everyone on the XP machines to start logging in and out.  Is there no other way to say don't allow the ME machine in here at all?
0
 

Author Comment

by:DentRouge
ID: 17778956
Hi again saw830,

I have checked out your suggestion.  It works as far as it goes.  Say a user is logged in to the ME machine and is denied access to any of the XP machines.  The hole in the idea is that any user can create a new account on an ME machine, log in to that new user account, and then access the other machines on the network.  They can do that, because the other machines don't have this new account set up on them (and set to deny everything).

Bob
0
 

Author Comment

by:DentRouge
ID: 17782184
Well, we figured it out ourselves.  By using the McAfee and Norton firewalls, we can ban specific IP addresses, and so ban the specific machines that should be excluded.  This should work, except that I don't know the circumstances under which an IP address might change, given that they are assigned by the router.  This seems like it would have been an easy 500 points for anyone in the know.  Maybe it was too easy.
0
 
LVL 8

Expert Comment

by:saw830
ID: 17829730
Ghostmod-
DentRouge's own solution is a cleaner solution, if it does what is required.  I don't have a preference on the points, I'm here for the technical challenge.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17849781
Closed, 500 points refunded.
DarthMod
Community Support Moderator
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question