JOSHUABT
asked on
Everyone group in Windows 2003 server
Hello there,
I have a Windows 2003 file server that has a shared folder for users' access.
We have multiple users and they login to their local Windows with the same name ( HRUser) and password.
Each window(XP) has a mapped network drive to the shared folder of the server.
We do not have a Domain Controller.
My question is regarding 'Everyone' Group.
If I remove Everyone group from the share permission of the shared folder in the server, will it be safer?
Thanks for your time.
I have a Windows 2003 file server that has a shared folder for users' access.
We have multiple users and they login to their local Windows with the same name ( HRUser) and password.
Each window(XP) has a mapped network drive to the shared folder of the server.
We do not have a Domain Controller.
My question is regarding 'Everyone' Group.
If I remove Everyone group from the share permission of the shared folder in the server, will it be safer?
Thanks for your time.
Jay_Jay70
your life will get extremely hard!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
May I ask why my life will get extremely hard?
May I ask why you haven't made the Windows 2003 server a DC and then have everyone log into it?
Oh boy, amen on that Jay!
What Jay means is that if you take away the everyone group then you will have to have the users on the clients with passwords and the same clients on the server with the same passwords essentialy. That is way too much overhead IMHO. You could possibly use the "guest" account, but I still wouldn't do that. My philosophy is that if people are not in my domain then I don't want them to get any network access to my main network. This is a totally different situation though.
If you have more than 10 workstations then I would suggest moving to a domain if possible.
What Jay means is that if you take away the everyone group then you will have to have the users on the clients with passwords and the same clients on the server with the same passwords essentialy. That is way too much overhead IMHO. You could possibly use the "guest" account, but I still wouldn't do that. My philosophy is that if people are not in my domain then I don't want them to get any network access to my main network. This is a totally different situation though.
If you have more than 10 workstations then I would suggest moving to a domain if possible.
ASKER
To ResourcePc : We don't have a Domain Controller because of the extra cost for the license. We do have CAL for all 50 users but I think Domain User License is more expensive than regular Windows CAL. Please correct me if I'm wrong.
TO kshays : All the client PCs use the same user name to login their Windows. So I don't have to create so many user accounts in the server.
Now, will my life be still extremely hard if I remove "Everyone" group from the share permission?
Thanks for your responses.
TO kshays : All the client PCs use the same user name to login their Windows. So I don't have to create so many user accounts in the server.
Now, will my life be still extremely hard if I remove "Everyone" group from the share permission?
Thanks for your responses.
Ok.
I would just test it and see. For what may be hard or easy for me might be different for you. Honestly I would just remove the group from the share and put in authenticated users instead and then lock them down or modify the ntfs permissions then test, test test :)
Kevin
I would just test it and see. For what may be hard or easy for me might be different for you. Honestly I would just remove the group from the share and put in authenticated users instead and then lock them down or modify the ntfs permissions then test, test test :)
Kevin
Thanks kev,
you should still be able to just add the one user to that share, but honestly, i would leave as is, security obviously isnt a huge thing for you or you would have a domain
you should still be able to just add the one user to that share, but honestly, i would leave as is, security obviously isnt a huge thing for you or you would have a domain