How can I limit the access of a WIN Millennium machine to the rest of a Network of WIN XP's

Posted on 2006-10-19
Medium Priority
Last Modified: 2010-03-18
We have a LAN with three WIN XP SP2 systems and one WIN ME system, all with access to each other and to the internet via a router and DSL modem.  We want to move the WIN ME system to the semi-public room outside the office and use it for teaching via our wireless connection and the internet.  We expect eventually to let some teachers and students use it locally.

The problem is that we don't want to compromise the security of the three machines that are still in the office.  WIN ME doesn't seem to have real security.  So I'm wondering if there is an easy way to set up the WIN ME machine so that some random person in the public room couldn't turn it on and gain access to the machines in the main office.  It might be OK if the person, who might be a student or teacher, could access the internet only.

The minimum scenerio would be something like this:  The WIN ME computer would sit in the semi-public room.  For certain classes, the teacher of the class would be able to turn it on and use it in, e.g., a language class, by using the internet.  After the class, the ME computer would be turned off.  In the meantime, if somebody else came in an turned on the ME machine, we would want that person to have no access whatsoever to the XP machines on the same network.  If it could be arranged, that person could surf the web, but that isn't a requirement right now.  And the person would not be able to change the name of the computer or user, or fool around in other ways to gain access to the other machines.

It is also the case right now, that all the XP machines have the same user name for users and administrator.  It would be nice if the people in the office didn't have to login and logout all the time.
Question by:DentRouge
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 30

Expert Comment

ID: 17763854
does your router support vlans or differnet subnets as you could put the me pc on a differnet vlan or subnet


Author Comment

ID: 17763878

We are using a Linksys WRT45.  I'm not sure, at the moment, it if does.

Author Comment

ID: 17763891

If the router allows this, that would probably allow for the initial configuration.  But for later we might want to have some access between machine for OK people.  The network name on the ME machine is protected by password?  Could one (and OK person) change the network name on the ME machine and then access the regular subnet?  That is, can the wireless portion allow for two subnets, and can a subnet exit partially on the wired part and the wireless part?
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Expert Comment

ID: 17770783

What you will want to do is to create accounts on the WinXP machines and grant only those accounts access to files and such on the WinXP shared files.  Create matching username and passwords on the WinME machine for those people that should have access to the WinXP machine.

Hope this helps,

Author Comment

ID: 17770930
Hi saw830,

I was hoping to be able to exclude the ME machine without forcing everyone on the XP machines to start logging in and out.  Is there no other way to say don't allow the ME machine in here at all?

Author Comment

ID: 17778956
Hi again saw830,

I have checked out your suggestion.  It works as far as it goes.  Say a user is logged in to the ME machine and is denied access to any of the XP machines.  The hole in the idea is that any user can create a new account on an ME machine, log in to that new user account, and then access the other machines on the network.  They can do that, because the other machines don't have this new account set up on them (and set to deny everything).


Author Comment

ID: 17782184
Well, we figured it out ourselves.  By using the McAfee and Norton firewalls, we can ban specific IP addresses, and so ban the specific machines that should be excluded.  This should work, except that I don't know the circumstances under which an IP address might change, given that they are assigned by the router.  This seems like it would have been an easy 500 points for anyone in the know.  Maybe it was too easy.

Expert Comment

ID: 17829730
DentRouge's own solution is a cleaner solution, if it does what is required.  I don't have a preference on the points, I'm here for the technical challenge.

Accepted Solution

DarthMod earned 0 total points
ID: 17849781
Closed, 500 points refunded.
Community Support Moderator

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question