Solved

How can I limit the access of a WIN Millennium machine to the rest of a Network of WIN XP's

Posted on 2006-10-19
10
227 Views
Last Modified: 2010-03-18
We have a LAN with three WIN XP SP2 systems and one WIN ME system, all with access to each other and to the internet via a router and DSL modem.  We want to move the WIN ME system to the semi-public room outside the office and use it for teaching via our wireless connection and the internet.  We expect eventually to let some teachers and students use it locally.

The problem is that we don't want to compromise the security of the three machines that are still in the office.  WIN ME doesn't seem to have real security.  So I'm wondering if there is an easy way to set up the WIN ME machine so that some random person in the public room couldn't turn it on and gain access to the machines in the main office.  It might be OK if the person, who might be a student or teacher, could access the internet only.

The minimum scenerio would be something like this:  The WIN ME computer would sit in the semi-public room.  For certain classes, the teacher of the class would be able to turn it on and use it in, e.g., a language class, by using the internet.  After the class, the ME computer would be turned off.  In the meantime, if somebody else came in an turned on the ME machine, we would want that person to have no access whatsoever to the XP machines on the same network.  If it could be arranged, that person could surf the web, but that isn't a requirement right now.  And the person would not be able to change the name of the computer or user, or fool around in other ways to gain access to the other machines.

It is also the case right now, that all the XP machines have the same user name for users and administrator.  It would be nice if the people in the office didn't have to login and logout all the time.
0
Comment
Question by:DentRouge
10 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 17763854
does your router support vlans or differnet subnets as you could put the me pc on a differnet vlan or subnet

0
 

Author Comment

by:DentRouge
ID: 17763878
Ianth,

We are using a Linksys WRT45.  I'm not sure, at the moment, it if does.
0
 

Author Comment

by:DentRouge
ID: 17763891
Ianth,

If the router allows this, that would probably allow for the initial configuration.  But for later we might want to have some access between machine for OK people.  The network name on the ME machine is protected by password?  Could one (and OK person) change the network name on the ME machine and then access the regular subnet?  That is, can the wireless portion allow for two subnets, and can a subnet exit partially on the wired part and the wireless part?
0
 
LVL 8

Expert Comment

by:saw830
ID: 17770783
Hi,

What you will want to do is to create accounts on the WinXP machines and grant only those accounts access to files and such on the WinXP shared files.  Create matching username and passwords on the WinME machine for those people that should have access to the WinXP machine.

Hope this helps,
Alan
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:DentRouge
ID: 17770930
Hi saw830,

I was hoping to be able to exclude the ME machine without forcing everyone on the XP machines to start logging in and out.  Is there no other way to say don't allow the ME machine in here at all?
0
 

Author Comment

by:DentRouge
ID: 17778956
Hi again saw830,

I have checked out your suggestion.  It works as far as it goes.  Say a user is logged in to the ME machine and is denied access to any of the XP machines.  The hole in the idea is that any user can create a new account on an ME machine, log in to that new user account, and then access the other machines on the network.  They can do that, because the other machines don't have this new account set up on them (and set to deny everything).

Bob
0
 

Author Comment

by:DentRouge
ID: 17782184
Well, we figured it out ourselves.  By using the McAfee and Norton firewalls, we can ban specific IP addresses, and so ban the specific machines that should be excluded.  This should work, except that I don't know the circumstances under which an IP address might change, given that they are assigned by the router.  This seems like it would have been an easy 500 points for anyone in the know.  Maybe it was too easy.
0
 
LVL 8

Expert Comment

by:saw830
ID: 17829730
Ghostmod-
DentRouge's own solution is a cleaner solution, if it does what is required.  I don't have a preference on the points, I'm here for the technical challenge.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17849781
Closed, 500 points refunded.
DarthMod
Community Support Moderator
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now