Solved

Password protected folder on Windows 2008 server share?

Posted on 2013-06-28
7
5,749 Views
Last Modified: 2013-07-02
I'm a network administrator, it's a Windows 2008 file server and Windows XP/7 network with domain. Each user login to domain with their password.
The problem is, how can I secure the folder by password, not by user permission.
We have a few managers, each manager has 2 or 3 assistants (or secretary), these assistants know the manager's Windows login password, so when the manager is not in the office, they can access their computer to get information to assistant our customers.
But each manager has some confidential documents on the share on file server which are not supposed to expose to these assistants. I think if I can put a password on these folders then the manager can access them but assistant.
In Outlook I have done it by assign password to PST files, but in Windows obviously there is no easy way to do it.
(Please do not recommend use different login on the computer, it's too complicated for the end user to understand user profiles.)
Thanks!
0
Comment
Question by:urbuddy
7 Comments
 
LVL 10

Assisted Solution

by:honestman31
honestman31 earned 84 total points
ID: 39285535
There seems to be some confusion here about terminology. Regardless of what Ondrej has posted up to this point, there is no way in Windows (any version) to password protect a shared folder, it simply is not possible without some kind of 3rd party software

source
http://social.technet.microsoft.com/Forums/windowsserver/en-US/30038f03-83aa-4281-b93c-8bd09e970e48/windows-server-2008-password-protect-network-folders
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 83 total points
ID: 39285537
There are a few utilities to do this but none that I know of that are free...

http://www.iobit.com/password-protected-folder.html
0
 
LVL 7

Assisted Solution

by:dec0mpile
dec0mpile earned 83 total points
ID: 39285554
Windows has the ability to encrypt folders. However, in your case this is not useful because they know the password and can log in as the user and still view the file.

The only option left in this case is to use third party application that you install on the user's PC to protect the folder.

I recommend: http://www.winability.com/folderguard/

But you can try to find free software that can do it, like:
http://www.axantum.com/Start.html - I think it only does files
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 14

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 83 total points
ID: 39285568
@urbuddy: Consider the information security concepts of availability, integrity, confidentiality, and accountability.  Accountability would dictate that each assistant must be given their own unique username.  This way you can audit and track changes made by individual assistants while avoiding exposure of manager credentials and giving assistants plausible deniability.

Once the accountability and confidentiality considerations are taken into account, you may then apply permissions as needed.  Consider creating an assistants group for each manager and using that group object when applying permissions to relevant files.

In short, create a unique user for each assistant, create assistant groups as needed, have the managers change their passwords, and apply proper file permissions.

If this creates the perception of "too much administrative overhead" due to frequent turnover, etc., at the very least consider creating a dedicated "assistant" user object and apply permissions at that level, and then have your managers change their passwords.

No need to add additional layers of security if you incorporate best practices.
0
 
LVL 2

Assisted Solution

by:nate0187
nate0187 earned 83 total points
ID: 39285597
Use peazip or any other zipper program to encrypt the folder with a password
0
 

Author Comment

by:urbuddy
ID: 39285644
Thank you all for the reply!
The problem is, there are a few proprietary software that installed on the manager's PC, the assistants need to access them. If I create a new user account for the assistant, then this would created new user profiles on the computer, these would involve in reconfiguration of the software, licensing, etc etc.
Logically the first solution to think about is to create user accounts for each assistants, but it just does not work in my case.
The most folder encryption utilities only work on local drive, not a network shared drive. These managers needs to share the "password protected folders". Not just encrypt a file.
I can setup another stand along file server (not part of domain) and store file there with different login password, that is my last resort if I can not get a better solution here.
I'll take a look at the links that provided here.
Thanks!
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 84 total points
ID: 39285872
these assistants know the manager's Windows login password, so when the manager is not in the office, they can access their computer to get information to assistant our customers.

I know why this has been done (for reasons of convenience) and it breaks every tenet of windows security.  It is out and out the wrong way to do things. Since more than 1 person knows the username / password combination then there is no way that you can prove who did what and when. Was it the manager or was it one of the assistants? Which assistant? You will never be able to prove it. Even as an enterprise administrator I don't know your password. I can reset it but that action leaves an identifiable record and the user will know right away that the password has been changed since their password will no longer work.

Truecrypt is a good option for you in the short time just as long as the password is not again shared (for convenience)..  Security is always at odds with convenience.  Going through TSA scanners and removing ones shoes is inconvenient but in order to fly you have to put up with it.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now