Solved

Security on a shared network folder

Posted on 2007-11-29
19
1,775 Views
Last Modified: 2012-06-27
We have 75 mobile data users logging into laptops with one generic windows account.  Each of them has their own network account and email, but for ease of administration, they login to windows with another generic account.  Each user has a shared folder on our file server to store documents.  Is there a way to give the individual user account access to their folder without having to give the generic account access? In other words, is there a way to map a drive using different login information that how the person is logged into windows?  


0
Comment
Question by:turtletrax
  • 6
  • 6
  • 5
  • +1
19 Comments
 
LVL 4

Expert Comment

by:superfooz74
Comment Utility
I don't think there is a way to do that, unless there is a 3rd party program out there for it.
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
That's a tough one.  I don't think you're going to get what you really want either :(

I first thought about a bat file they could click on with this in it.
net use y: \\servername\home\%username%

BUT it would try and map the folder with the current username which is generic.
You may be able to possibly write a vb script that will do the same thing except have an input box for them to type in the Shared Folder Name they wish to map to.

Here is an example.
sNewName = ""      'declare a string to hold computername in
'loop while sNewName is null
Do
    sNewName = InputBox("Enter Laptop BarCode","BarCode")
loop While (sNewName="")

'do until the length is less than 6 prepending 0's to the barcode
do while (len(sNewName)<6)
   sNewName = "0" & sNewName
loop

sNewName = "Laptop-" & sNewName            'build the computername

0
 
LVL 8

Expert Comment

by:YGregersen
Comment Utility
I would think that you could have them login using their network accounts. When they are remote (away from the network) they would just need to login as workstation only or Windows will use their cached credentials.

And yes they can login into a share without giving the generic account
Under Vista you set up a network drive
Just be sure to check off Reconnect at Logon
But underneath you should click on 'Connect using a Different User Name'
This will make them give their network share name and password.

When they start the machine with the generic account
they should get an error type prompt saying that the system cannot connect to a share and to provide credentials.

Good luck
0
 

Author Comment

by:turtletrax
Comment Utility
When we try to use the "connect using a different user name" we supply the user and password, but it returns an error saying "The network folder specified is currently mapped using a different user name and password. To connect using a different user name and password, first disconnect any existing mappings to this network share."   We don't have any drives mapped to this folder already, so I'm not sure why its giving us that error.  Ideas?
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Are you using target machinename\username?
0
 

Author Comment

by:turtletrax
Comment Utility
I used domain\username
0
 
LVL 8

Expert Comment

by:YGregersen
Comment Utility
So when you do the drop down on the drive letters you don't see that folder mapped elsewhere?


Strange  - I will have to research that.
0
 

Author Comment

by:turtletrax
Comment Utility
Nope, there is only one other mapped drive in the drop down, and its to an entirely different server.  Thanks!
0
 
LVL 4

Expert Comment

by:superfooz74
Comment Utility
I'm pretty positive you can not give everyone separate shares if they are using the same user name, but why not just use the generic user name wit ha number on the end (example: generic1,generic2,generic3, etc....)

That would be very easy because you could give everyone their own username and their own share. You could just make an OU in active directory, apply a group policy with the desired settings, and put all the "generic" accounts in there.

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 8

Expert Comment

by:YGregersen
Comment Utility
Superfooz74: Giving them their own 'generic' name and number would be the same giving them a userid.  


turtletrax: That is really strange it should work. Does this happen to more than one person's machine you have tried this on?
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Back to reading the question again these are mobile users.  Is this an active directory domain as well?  I would suggest whenever possible that you have your mobile users to login to the domain with their domain account/password.  When this takes place you will map each users "home folders" according to ther username.  EX:  \\server\home\%username%

How are they going to get access to their shared folders when they are not on the network?  VPN?  If they cannot log into the domain to get access then they shouldn't be able to get to their shared folder then?

I would stay away from generic logins for audit purposes anyway.

My point is if they can login to the domain then they should because this is where you will have your gpo's and other security policies, drive mappings, etc... will be.
0
 

Author Comment

by:turtletrax
Comment Utility
For testing purposes we were trying to make this work from a couple of different PC's that are just on the domain (not remote vpn users).  Each PC was logged on with their unique user.  When trying to map a drive to a folder which that user does not have permissions to, we selected the option to connect using a different user name.  That is when we entered a user which does have permission to the shared folder.  We still get the same error.

The reason we are using one generic account to login to windows is these 75 mobile users switch between laptops depending on which car they are driving.  We dont want to have to setup profiles for every user on every laptop.
0
 
LVL 16

Accepted Solution

by:
kshays earned 500 total points
Comment Utility
Ok, I agree with you on that.  Have you tried to connect using the IP instead of the NetBios name?


Ex:  \\IP\share\folder
EX: \\servername\share\folder

If you are using a generic account instead of domain\username with vpn then how are you going to give access to a shared folder that resides on your network?  Surely you won't be creating those 75 folders on each laptop will you?

Cheers
0
 

Author Comment

by:turtletrax
Comment Utility
Strange, not sure why but using the IP address worked.  Thanks!
0
 
LVL 8

Expert Comment

by:YGregersen
Comment Utility
Turtletrax: Can you click your way through the network path or type the whole thing in an explorer window?
0
 
LVL 8

Expert Comment

by:YGregersen
Comment Utility
Your DNS is not fully functional
0
 

Author Comment

by:turtletrax
Comment Utility
The strange thing is now that I try it using the name, it also works.  I did reboot that server this morning so perhaps there was just something on the server it was confused about.
0
 
LVL 8

Expert Comment

by:YGregersen
Comment Utility
To make it easier on the folks, you may want to consider creating a logon batch file that ask for user credentials. It could ask for input and drop in the username and password in the correct place along the command example ed below.

net use [drive letter]: \\netpath\User_Name /USER:passoword\User_name

This way when they boot the machine they can get the drive or skip but when they reboot it goes away so the next person can get prompted. Maybe make the 'autoloader' available on the desktop too.


Good luck - I am glad it was figured out that this was doable and got the correct instructions working.
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Glad to hear that.  Usually that means DNS is not working like it should, but rebooting the server fixed it.  I would probably do a netidag /v on your DC to check for DNS errors also.

Yeah, my first thought was a vscript or another script that asks for input for username/password to map a drive based on username.

Cheers
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now