?
Solved

WINDOWS 8 DIRECTORY PERMISSIONS

Posted on 2013-02-03
17
Medium Priority
?
333 Views
Last Modified: 2013-02-15
How do I set permissions for a specific directory on the root (or the whole root) of a WIN 8 laptop to allow access from a specific desktop directory in a peer to peer by router setup?

When the laptop is in the field  connected to said desktop by 'remote desktop connection', I want the same security

Presently their permissions are set to share but that is too indiscriminate.  The desktop is a windows 7 pro.  Are the configs for both the same?

Please advise
Thanks!

Steve
0
Comment
Question by:SteveDico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
17 Comments
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38848980
You should be able to share the specific folder (say c:\routersetup) and that should work. That does not share out the whole C:\ structure. It will work the same way in Windows 7 and in Windows 8.

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38850879
Allow me to be more specific... can I grant full rights to a directory so that if this laptop is on an office network or in the cloud, only one specific inbound computer can map to that directory?
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38850895
It certainly should work within an Office network. I have done that multiple times by granting rights to users or to Everyone for a specific folder.

If the laptop is on the internet somewhere, it may require access through the internet. You would have to test this.

... Thinkpads_User
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 
LVL 56

Expert Comment

by:McKnife
ID: 38852338
Your setup is described very vague. To really help, details are needed.
-there is no "laptop in the cloud" - what should that mean?
-you can setup shares that are accessible via internet, yes, but not like you would like to have it, so "only one specific inbound computer can map to that directory". You would need ACLs and ACLs will use user accounts.
You should also accept the following advice: if someone does not know how to share via internet, it's very likely he does not know how to properly secure this.
That said, maybe it's better to use something like dropbox or skydrive or mega to share data. Have a look at mega's security model, sounds good: "Uploaded files are encrypted and only the user holds the decryption keys." [only the user, not mega].
0
 

Author Comment

by:SteveDico
ID: 38868133
Clarification of issue:  A windows 8 laptop configured to 'remote desktop' into a windows 7 pro desktop unit in the office  (and go to a mapped drive) presently can do so.  The desktop needs to see the laptop in return.  Simply granting sharing rights to all (for a directory on the mobile) is not acceptable, because I do not know where the user will plug into the cloud from.

How do I convince the laptop to allow a connection from that particular office desktop (only) to it's shared directory?  What buttons to push grant "rights to a specific computer"?
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38868180
If you need to have a computer connect remotely to an office computer, you need a VPN connection (for security) or else you need Logmein, GotomyPC or like product. I think you can set Logmein to allow connections from the outside without a person present, but you need to check that. You need one of the two above approaches as a direct connection would not be secure. Once you provide this, the remote computer can access the office computer by IP address or by computer name (depending on your setup).

.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38870066
LogMeIn et al, have been decided against by management, so a VPN solution is indicated.

1.  If I set this mobile unit's directory rights to 'share', I imagine data is not at risk when user is  looking at the cloud from behind their home or office router, correct?  

2.  If they plug into a wireless connection at the coffee shop, then that  is a concern, yes?

3. In short, before I invoke the VPN solution, I must set the WIn 8 mobile's directory to 'share' (per user's request to have bilateral comm 'tween the two units right away). This will be for 'all users'. There is no ability to choose a user. Correct?

if I toggle that sharing flag to on, then I believe that anytime a router is involved, this laptop would not be vulnerable to unwelcome eyes. . .other than a radio connection. Is that correct?

Thanks
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38870086
!. Yes, with VPN, correct.

2. Office coffee shop wireless is generally insecure and at risk. I use a USB Internet Stick and then VPN to clients as I need. With strong IPsec VPN, a coffee shop connection may be OK because the data is secured in a tunnel. Beware of double NAT's that screw up most VPN connections.

3. It depends. If you use a hardware VPN box and people access the box, then you have more control over user permissions in the same the person accessing those shares within the office environment.

Last: I think the answer is yes, but I am still supposing the use of a VPN connection. If so, then Yes.

..... Thinkpads_User
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38870155
Also to be clear on coffee shop wireless, the main insecurity is to the user's computer and then spreading any malware to your network. The VPN tunnel itself is secure, but no matter if the user hoses their computer.
.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38870283
Thanks for the detailed answer, Thinkpads

 ( I have repaired so many T-Pads for spilled stuff...heh heh...).

Coffee shops are not on the expected list of venues, but I used it to advance my concern for an 'unknown, uncontrolled environment'.  

How may I avoid duplicitous network address translation issues?  I hear that VPN is a spoiled child and, high-maintenance at that. Any guidance from the person walking ahead of me in this thick jungle?   I am new to VPN and look forward to grabbing the keyboard and massaging the router.  

S
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38870295
You cannot avoid double NAT's if that is what is on offer in the network you wish to use. And if the VPN application won't work through double NAT's, there is not much you can do. That is a prime reason why I carry my own USB internet key. I know what I will get at all times.

I now use NCP Secure Entry (www.ncp-e.com) because it will traverse double NAT's. It is not cheap (but not real expensive for the traveller who needs access).

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38871278
How do I build the internet key?
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38871307
A USB Internet Key is a USB stick you get from an ISP along with a plan for usage. The key will come with the connection application and it will install it when you plug it in.

So now at this point, if you have selected the main strategy (VPN) and at least some of the connection point strategies, the remaining setup details (lots of them) may be different questions.

.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38873382
I will ask the user to request the usb key from ISP and I will explore the VPN possibility.

I have never done a VPN and look forward to the learning experience (but from what I have heard, a head exam is probably indicated  for 'looking forward to it').

What can I expect from a support perspective in terms of what usually goes VPN wrong, and the user rings you up at ungodly hours?  ;-0
0
 
LVL 97

Accepted Solution

by:
Experienced Member earned 1500 total points
ID: 38873460
VPN is a skill all by itself. There is a whole topic area devoted to it here. If you have never done a VPN, you will need a skilled consultant to set it up for you. I recommend hardware VPN so that once you make a connection, everything via VPN is the same as in the office. You set up everything you need in the office (folders, permissions, access, etc.) and it will then all work through a properly set up VPN.

In terms of support, I set up the users locally, use a top notch VPN application (NCP Secure Entry), test it all thoroughly, and then normally support calls are minimal.

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38893370
In  light of the issues presented by secure connection, user elected to employ unilateral communications only, negating the need for further configuration.

Resolution: no changes to system.  Thanks to all that responded
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 38893479
@SteveDico - Thank you and I was happy to help you with this.
..... Thinkpads_User
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question