Solved

Win 2003 Server and Active Directory with generic logon trying to access specific user network folders

Posted on 2009-07-08
3
193 Views
Last Modified: 2012-05-07
Good Morning, I have the following Server setup:
  Windows 2003 Server with Active Directory,
  15 Crew Leaders using the same PCs (4),
  Personal Folders on the network.
   Is there a way for me to use a generic logon for all crew leaders and allow them to only see their personal network folder?  I know I can setup each person on the PCs.  What I need is a way for each person to be able to "log into" only their personal folders when using the generic logon.  They will be using OWA to access their emails.
  Thank you.
0
Comment
Question by:ITGuy64
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 100 total points
ID: 24805376
Create a shortcut to each individual share on the "all users" desktop.  When the folder icon is clicked, it should challenge for a security handshake.  At that point, user A puts in her username and password and all should be green.  If user A does not have rights to the other 14 shares, the only downside is 14 extra icons on the desktop (or one that is a folder which has all 15 icons, but you get the idea).

As a side note, this process might not work if the generic user is a domain member.  Since you indicated that your want a generic user, I would suggest you create the generic only on those 4 machines, rather than a domain member.  The reason is that once the OS makes the handshake with the server, it will remember those credentials and try to use them for the next connection.  It would still require the user to log off, even if generic account is used.  This may not be the solution you are looking for. Your problem is that once the client and server make the handshake, the session security is saved until logoff.
0
 

Accepted Solution

by:
ITGuy64 earned 0 total points
ID: 24806022
DrUltima,
  Thank you for the reply.  You are correct on your side note.  Since the PC session has the credentials for user 1, user X would be able to view the personal folders of all the other users before him/her that accessed their folders since the last logoff.  I was hoping someone would know of a process to reset the credentials after someone no longer needs to view their personal folder.  With 15 users throughout 3 shifts and 4 PCs, I either have to be around during all 3 shifts or reset everyone's password before I setup the PCs.  We have had several new PCs in the last 2 years.  Also, there are always new Crew Leaders every month.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 24806126
The only solution I can come up with is to create a GPO on the 4 workstations that forces logoff after X minutes of idle.  It is not a great solution, though.  There may be a third party app that addresses your needs, but I am unaware of it.  I am sorry.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question