Solved

WINDOWS 8 DIRECTORY PERMISSIONS

Posted on 2013-02-03
17
319 Views
Last Modified: 2013-02-15
How do I set permissions for a specific directory on the root (or the whole root) of a WIN 8 laptop to allow access from a specific desktop directory in a peer to peer by router setup?

When the laptop is in the field  connected to said desktop by 'remote desktop connection', I want the same security

Presently their permissions are set to share but that is too indiscriminate.  The desktop is a windows 7 pro.  Are the configs for both the same?

Please advise
Thanks!

Steve
0
Comment
Question by:SteveDico
  • 9
  • 7
17 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 38848980
You should be able to share the specific folder (say c:\routersetup) and that should work. That does not share out the whole C:\ structure. It will work the same way in Windows 7 and in Windows 8.

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38850879
Allow me to be more specific... can I grant full rights to a directory so that if this laptop is on an office network or in the cloud, only one specific inbound computer can map to that directory?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38850895
It certainly should work within an Office network. I have done that multiple times by granting rights to users or to Everyone for a specific folder.

If the laptop is on the internet somewhere, it may require access through the internet. You would have to test this.

... Thinkpads_User
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38852338
Your setup is described very vague. To really help, details are needed.
-there is no "laptop in the cloud" - what should that mean?
-you can setup shares that are accessible via internet, yes, but not like you would like to have it, so "only one specific inbound computer can map to that directory". You would need ACLs and ACLs will use user accounts.
You should also accept the following advice: if someone does not know how to share via internet, it's very likely he does not know how to properly secure this.
That said, maybe it's better to use something like dropbox or skydrive or mega to share data. Have a look at mega's security model, sounds good: "Uploaded files are encrypted and only the user holds the decryption keys." [only the user, not mega].
0
 

Author Comment

by:SteveDico
ID: 38868133
Clarification of issue:  A windows 8 laptop configured to 'remote desktop' into a windows 7 pro desktop unit in the office  (and go to a mapped drive) presently can do so.  The desktop needs to see the laptop in return.  Simply granting sharing rights to all (for a directory on the mobile) is not acceptable, because I do not know where the user will plug into the cloud from.

How do I convince the laptop to allow a connection from that particular office desktop (only) to it's shared directory?  What buttons to push grant "rights to a specific computer"?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38868180
If you need to have a computer connect remotely to an office computer, you need a VPN connection (for security) or else you need Logmein, GotomyPC or like product. I think you can set Logmein to allow connections from the outside without a person present, but you need to check that. You need one of the two above approaches as a direct connection would not be secure. Once you provide this, the remote computer can access the office computer by IP address or by computer name (depending on your setup).

.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38870066
LogMeIn et al, have been decided against by management, so a VPN solution is indicated.

1.  If I set this mobile unit's directory rights to 'share', I imagine data is not at risk when user is  looking at the cloud from behind their home or office router, correct?  

2.  If they plug into a wireless connection at the coffee shop, then that  is a concern, yes?

3. In short, before I invoke the VPN solution, I must set the WIn 8 mobile's directory to 'share' (per user's request to have bilateral comm 'tween the two units right away). This will be for 'all users'. There is no ability to choose a user. Correct?

if I toggle that sharing flag to on, then I believe that anytime a router is involved, this laptop would not be vulnerable to unwelcome eyes. . .other than a radio connection. Is that correct?

Thanks
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38870086
!. Yes, with VPN, correct.

2. Office coffee shop wireless is generally insecure and at risk. I use a USB Internet Stick and then VPN to clients as I need. With strong IPsec VPN, a coffee shop connection may be OK because the data is secured in a tunnel. Beware of double NAT's that screw up most VPN connections.

3. It depends. If you use a hardware VPN box and people access the box, then you have more control over user permissions in the same the person accessing those shares within the office environment.

Last: I think the answer is yes, but I am still supposing the use of a VPN connection. If so, then Yes.

..... Thinkpads_User
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 90

Expert Comment

by:John Hurst
ID: 38870155
Also to be clear on coffee shop wireless, the main insecurity is to the user's computer and then spreading any malware to your network. The VPN tunnel itself is secure, but no matter if the user hoses their computer.
.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38870283
Thanks for the detailed answer, Thinkpads

 ( I have repaired so many T-Pads for spilled stuff...heh heh...).

Coffee shops are not on the expected list of venues, but I used it to advance my concern for an 'unknown, uncontrolled environment'.  

How may I avoid duplicitous network address translation issues?  I hear that VPN is a spoiled child and, high-maintenance at that. Any guidance from the person walking ahead of me in this thick jungle?   I am new to VPN and look forward to grabbing the keyboard and massaging the router.  

S
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38870295
You cannot avoid double NAT's if that is what is on offer in the network you wish to use. And if the VPN application won't work through double NAT's, there is not much you can do. That is a prime reason why I carry my own USB internet key. I know what I will get at all times.

I now use NCP Secure Entry (www.ncp-e.com) because it will traverse double NAT's. It is not cheap (but not real expensive for the traveller who needs access).

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38871278
How do I build the internet key?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38871307
A USB Internet Key is a USB stick you get from an ISP along with a plan for usage. The key will come with the connection application and it will install it when you plug it in.

So now at this point, if you have selected the main strategy (VPN) and at least some of the connection point strategies, the remaining setup details (lots of them) may be different questions.

.... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38873382
I will ask the user to request the usb key from ISP and I will explore the VPN possibility.

I have never done a VPN and look forward to the learning experience (but from what I have heard, a head exam is probably indicated  for 'looking forward to it').

What can I expect from a support perspective in terms of what usually goes VPN wrong, and the user rings you up at ungodly hours?  ;-0
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
ID: 38873460
VPN is a skill all by itself. There is a whole topic area devoted to it here. If you have never done a VPN, you will need a skilled consultant to set it up for you. I recommend hardware VPN so that once you make a connection, everything via VPN is the same as in the office. You set up everything you need in the office (folders, permissions, access, etc.) and it will then all work through a properly set up VPN.

In terms of support, I set up the users locally, use a top notch VPN application (NCP Secure Entry), test it all thoroughly, and then normally support calls are minimal.

... Thinkpads_User
0
 

Author Comment

by:SteveDico
ID: 38893370
In  light of the issues presented by secure connection, user elected to employ unilateral communications only, negating the need for further configuration.

Resolution: no changes to system.  Thanks to all that responded
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38893479
@SteveDico - Thank you and I was happy to help you with this.
..... Thinkpads_User
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now