Solved

Non Domain system writing to domain shared folder

Posted on 2012-03-20
2
349 Views
Last Modified: 2012-06-22
I have 3 locked down Windows 7 embedded systems (non-domain systems) that need to write to a domain system folder. I have been able to write to the domain folder if I give it EVERYONE access. This looks un-secure. What is the best way to secure this folder so that only the 3 kiosk system systems can write to this folder but no one else (and the domain admin also of course).
0
Comment
Question by:allenkent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
Paul-B earned 500 total points
ID: 37743421
You could create a user account on the server for them to authenticate with like "Kiosk" and then add that user to the share with read/write access. You could then also remove the other non system and admin accounts from the share.  Then go each Kiosk box and open file explorer and in the address bar type \\SERVERNAME and hit enter. You should see a list of the shares after you are prompted for login. Enter the Kiosk account info and be cure to check Save Password option. If it was me I would even map the share to a drive letter.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37743500
you can authenticate to a domain server, with a valid domain ID in a script on the non domain computer, just map a drive in a script ussing the /USERNAME: switch. in the script use a highly restricted domain account, and qualifie hte username <DOMAINNAME>\<USERNAME>.  just make damn sure the account it denied on anything except the exact folder you want them to write to. and test throughly before putting it live.

I've used similar scripts when a client has a rented office and they don't want the tenant in their files, but the tenant just can't seem to handle authenticating once a day to print and so on.

the script command would look something like

Net use z: \\ServerName\ShareName /USERNAME:DomainName\UserName /password|pooky'spassword

I can never rember the exact passowrd switch syntax but it's not hard to figure out while testing.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question