Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Non Domain system writing to domain shared folder

Posted on 2012-03-20
2
Medium Priority
?
353 Views
Last Modified: 2012-06-22
I have 3 locked down Windows 7 embedded systems (non-domain systems) that need to write to a domain system folder. I have been able to write to the domain folder if I give it EVERYONE access. This looks un-secure. What is the best way to secure this folder so that only the 3 kiosk system systems can write to this folder but no one else (and the domain admin also of course).
0
Comment
Question by:allenkent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
Paul-B earned 2000 total points
ID: 37743421
You could create a user account on the server for them to authenticate with like "Kiosk" and then add that user to the share with read/write access. You could then also remove the other non system and admin accounts from the share.  Then go each Kiosk box and open file explorer and in the address bar type \\SERVERNAME and hit enter. You should see a list of the shares after you are prompted for login. Enter the Kiosk account info and be cure to check Save Password option. If it was me I would even map the share to a drive letter.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37743500
you can authenticate to a domain server, with a valid domain ID in a script on the non domain computer, just map a drive in a script ussing the /USERNAME: switch. in the script use a highly restricted domain account, and qualifie hte username <DOMAINNAME>\<USERNAME>.  just make damn sure the account it denied on anything except the exact folder you want them to write to. and test throughly before putting it live.

I've used similar scripts when a client has a rented office and they don't want the tenant in their files, but the tenant just can't seem to handle authenticating once a day to print and so on.

the script command would look something like

Net use z: \\ServerName\ShareName /USERNAME:DomainName\UserName /password|pooky'spassword

I can never rember the exact passowrd switch syntax but it's not hard to figure out while testing.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question