Solved

WINDOWS 8 DIRECTORY PERMISSIONS

Posted on 2013-02-03
17
323 Views
Last Modified: 2013-02-15
How do I set permissions for a specific directory on the root (or the whole root) of a WIN 8 laptop to allow access from a specific desktop directory in a peer to peer by router setup?

When the laptop is in the field  connected to said desktop by 'remote desktop connection', I want the same security

Presently their permissions are set to share but that is too indiscriminate.  The desktop is a windows 7 pro.  Are the configs for both the same?

Please advise
Thanks!

Steve
0
Comment
Question by:SteveDico
  • 9
  • 7
17 Comments
 
LVL 94

Expert Comment

by:John Hurst
ID: 38848980
You should be able to share the specific folder (say c:\routersetup) and that should work. That does not share out the whole C:\ structure. It will work the same way in Windows 7 and in Windows 8.

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38850879
Allow me to be more specific... can I grant full rights to a directory so that if this laptop is on an office network or in the cloud, only one specific inbound computer can map to that directory?
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38850895
It certainly should work within an Office network. I have done that multiple times by granting rights to users or to Everyone for a specific folder.

If the laptop is on the internet somewhere, it may require access through the internet. You would have to test this.

... Thinkpads_User
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 54

Expert Comment

by:McKnife
ID: 38852338
Your setup is described very vague. To really help, details are needed.
-there is no "laptop in the cloud" - what should that mean?
-you can setup shares that are accessible via internet, yes, but not like you would like to have it, so "only one specific inbound computer can map to that directory". You would need ACLs and ACLs will use user accounts.
You should also accept the following advice: if someone does not know how to share via internet, it's very likely he does not know how to properly secure this.
That said, maybe it's better to use something like dropbox or skydrive or mega to share data. Have a look at mega's security model, sounds good: "Uploaded files are encrypted and only the user holds the decryption keys." [only the user, not mega].
0
 

Author Comment

by:SteveDico
ID: 38868133
Clarification of issue:  A windows 8 laptop configured to 'remote desktop' into a windows 7 pro desktop unit in the office  (and go to a mapped drive) presently can do so.  The desktop needs to see the laptop in return.  Simply granting sharing rights to all (for a directory on the mobile) is not acceptable, because I do not know where the user will plug into the cloud from.

How do I convince the laptop to allow a connection from that particular office desktop (only) to it's shared directory?  What buttons to push grant "rights to a specific computer"?
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38868180
If you need to have a computer connect remotely to an office computer, you need a VPN connection (for security) or else you need Logmein, GotomyPC or like product. I think you can set Logmein to allow connections from the outside without a person present, but you need to check that. You need one of the two above approaches as a direct connection would not be secure. Once you provide this, the remote computer can access the office computer by IP address or by computer name (depending on your setup).

.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38870066
LogMeIn et al, have been decided against by management, so a VPN solution is indicated.

1.  If I set this mobile unit's directory rights to 'share', I imagine data is not at risk when user is  looking at the cloud from behind their home or office router, correct?  

2.  If they plug into a wireless connection at the coffee shop, then that  is a concern, yes?

3. In short, before I invoke the VPN solution, I must set the WIn 8 mobile's directory to 'share' (per user's request to have bilateral comm 'tween the two units right away). This will be for 'all users'. There is no ability to choose a user. Correct?

if I toggle that sharing flag to on, then I believe that anytime a router is involved, this laptop would not be vulnerable to unwelcome eyes. . .other than a radio connection. Is that correct?

Thanks
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38870086
!. Yes, with VPN, correct.

2. Office coffee shop wireless is generally insecure and at risk. I use a USB Internet Stick and then VPN to clients as I need. With strong IPsec VPN, a coffee shop connection may be OK because the data is secured in a tunnel. Beware of double NAT's that screw up most VPN connections.

3. It depends. If you use a hardware VPN box and people access the box, then you have more control over user permissions in the same the person accessing those shares within the office environment.

Last: I think the answer is yes, but I am still supposing the use of a VPN connection. If so, then Yes.

..... Thinkpads_User
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38870155
Also to be clear on coffee shop wireless, the main insecurity is to the user's computer and then spreading any malware to your network. The VPN tunnel itself is secure, but no matter if the user hoses their computer.
.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38870283
Thanks for the detailed answer, Thinkpads

 ( I have repaired so many T-Pads for spilled stuff...heh heh...).

Coffee shops are not on the expected list of venues, but I used it to advance my concern for an 'unknown, uncontrolled environment'.  

How may I avoid duplicitous network address translation issues?  I hear that VPN is a spoiled child and, high-maintenance at that. Any guidance from the person walking ahead of me in this thick jungle?   I am new to VPN and look forward to grabbing the keyboard and massaging the router.  

S
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38870295
You cannot avoid double NAT's if that is what is on offer in the network you wish to use. And if the VPN application won't work through double NAT's, there is not much you can do. That is a prime reason why I carry my own USB internet key. I know what I will get at all times.

I now use NCP Secure Entry (www.ncp-e.com) because it will traverse double NAT's. It is not cheap (but not real expensive for the traveller who needs access).

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38871278
How do I build the internet key?
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38871307
A USB Internet Key is a USB stick you get from an ISP along with a plan for usage. The key will come with the connection application and it will install it when you plug it in.

So now at this point, if you have selected the main strategy (VPN) and at least some of the connection point strategies, the remaining setup details (lots of them) may be different questions.

.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38873382
I will ask the user to request the usb key from ISP and I will explore the VPN possibility.

I have never done a VPN and look forward to the learning experience (but from what I have heard, a head exam is probably indicated  for 'looking forward to it').

What can I expect from a support perspective in terms of what usually goes VPN wrong, and the user rings you up at ungodly hours?  ;-0
0
 
LVL 94

Accepted Solution

by:
John Hurst earned 500 total points
ID: 38873460
VPN is a skill all by itself. There is a whole topic area devoted to it here. If you have never done a VPN, you will need a skilled consultant to set it up for you. I recommend hardware VPN so that once you make a connection, everything via VPN is the same as in the office. You set up everything you need in the office (folders, permissions, access, etc.) and it will then all work through a properly set up VPN.

In terms of support, I set up the users locally, use a top notch VPN application (NCP Secure Entry), test it all thoroughly, and then normally support calls are minimal.

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38893370
In  light of the issues presented by secure connection, user elected to employ unilateral communications only, negating the need for further configuration.

Resolution: no changes to system.  Thanks to all that responded
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 38893479
@SteveDico - Thank you and I was happy to help you with this.
..... Thinkpads_User
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question