Solved

How can I limit the access of a WIN Millennium machine to the rest of a Network of WIN XP's

Posted on 2006-10-19
10
229 Views
Last Modified: 2010-03-18
We have a LAN with three WIN XP SP2 systems and one WIN ME system, all with access to each other and to the internet via a router and DSL modem.  We want to move the WIN ME system to the semi-public room outside the office and use it for teaching via our wireless connection and the internet.  We expect eventually to let some teachers and students use it locally.

The problem is that we don't want to compromise the security of the three machines that are still in the office.  WIN ME doesn't seem to have real security.  So I'm wondering if there is an easy way to set up the WIN ME machine so that some random person in the public room couldn't turn it on and gain access to the machines in the main office.  It might be OK if the person, who might be a student or teacher, could access the internet only.

The minimum scenerio would be something like this:  The WIN ME computer would sit in the semi-public room.  For certain classes, the teacher of the class would be able to turn it on and use it in, e.g., a language class, by using the internet.  After the class, the ME computer would be turned off.  In the meantime, if somebody else came in an turned on the ME machine, we would want that person to have no access whatsoever to the XP machines on the same network.  If it could be arranged, that person could surf the web, but that isn't a requirement right now.  And the person would not be able to change the name of the computer or user, or fool around in other ways to gain access to the other machines.

It is also the case right now, that all the XP machines have the same user name for users and administrator.  It would be nice if the people in the office didn't have to login and logout all the time.
0
Comment
Question by:DentRouge
10 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 17763854
does your router support vlans or differnet subnets as you could put the me pc on a differnet vlan or subnet

0
 

Author Comment

by:DentRouge
ID: 17763878
Ianth,

We are using a Linksys WRT45.  I'm not sure, at the moment, it if does.
0
 

Author Comment

by:DentRouge
ID: 17763891
Ianth,

If the router allows this, that would probably allow for the initial configuration.  But for later we might want to have some access between machine for OK people.  The network name on the ME machine is protected by password?  Could one (and OK person) change the network name on the ME machine and then access the regular subnet?  That is, can the wireless portion allow for two subnets, and can a subnet exit partially on the wired part and the wireless part?
0
 
LVL 8

Expert Comment

by:saw830
ID: 17770783
Hi,

What you will want to do is to create accounts on the WinXP machines and grant only those accounts access to files and such on the WinXP shared files.  Create matching username and passwords on the WinME machine for those people that should have access to the WinXP machine.

Hope this helps,
Alan
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 

Author Comment

by:DentRouge
ID: 17770930
Hi saw830,

I was hoping to be able to exclude the ME machine without forcing everyone on the XP machines to start logging in and out.  Is there no other way to say don't allow the ME machine in here at all?
0
 

Author Comment

by:DentRouge
ID: 17778956
Hi again saw830,

I have checked out your suggestion.  It works as far as it goes.  Say a user is logged in to the ME machine and is denied access to any of the XP machines.  The hole in the idea is that any user can create a new account on an ME machine, log in to that new user account, and then access the other machines on the network.  They can do that, because the other machines don't have this new account set up on them (and set to deny everything).

Bob
0
 

Author Comment

by:DentRouge
ID: 17782184
Well, we figured it out ourselves.  By using the McAfee and Norton firewalls, we can ban specific IP addresses, and so ban the specific machines that should be excluded.  This should work, except that I don't know the circumstances under which an IP address might change, given that they are assigned by the router.  This seems like it would have been an easy 500 points for anyone in the know.  Maybe it was too easy.
0
 
LVL 8

Expert Comment

by:saw830
ID: 17829730
Ghostmod-
DentRouge's own solution is a cleaner solution, if it does what is required.  I don't have a preference on the points, I'm here for the technical challenge.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17849781
Closed, 500 points refunded.
DarthMod
Community Support Moderator
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now