password protected individual folders with in a common share

I have a situation where I need to have one generic logon account shared by multiple people and then when any person using that account navigates to the common share and accesses their individual folder be prompted every time to enter individual credentials without the option to save those credentials.  Also having an administrative privledge set that allows that administrative user full access to each individual folder.

generic account has access to
>common share  (beneath this folder are where individual creds are needed)
         >bob          
         >steve
         >henry

bob steve and henry have individual accounts and individual creds.

I have server 2012 r2 available, no sharepoint and an AD domain.
cmkeurAsked:
Who is Participating?
 
Lionel MMSmall Business IT ConsultantCommented:
no that cannot be done with native windows explorer -- not unless each user has it's own shared folder and not in the way you have described
0
 
it_saigeDeveloperCommented:
You cannot, natively, password protect files and/or folders in Windows.  Instead, rights are used to control access to files and/or folders.

Ultimately, it would make more sense to use individual users.

-saige-
0
 
cmkeurAuthor Commented:
ok that is what i thought.  i was going to give proper permissions for the individual folders but couldn't figure out how to easily teach the users how to enter their un/pw and then not allow saving the creds.
Sounds like I need a sharepoint server, i think it can do what i want.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
cmkeurAuthor Commented:
Couldn't i use windows digital rights management for the prompting of user creds?
0
 
cmkeurAuthor Commented:
sorry meant, Active Directory Rights Management Services
0
 
Walter CurtisSharePoint AEDCommented:
Google NTFS and you will be enlightened.
0
 
it_saigeDeveloperCommented:
@SneekCo - Encryption is not password protection.  It is protection (don't get me wrong).  What the author is after is file/folder level *authenticated* access where potentially one (or more) users will have access to the same resources.

-saige-
0
 
McKnifeCommented:
If you insist on using a folder password however, please look at folderguard http://www.winability.com/folderguard/

Please be aware that normally, your scenario is not encountered. Why is that? Because we should not share accounts - as simple as that. It bears many risks.
0
 
Walter CurtisSharePoint AEDCommented:
NTFS is not encryption. NTFS is all about authentication and authorization. You are probably confusing NTFS with EFS, Encrypted File System.

Your shared account is what is called an anonymous account, or in NTFS security settings, (not encryption), that account is the "everyone" account (which should not be used), or the "Domain/all users" account, or in your case, "local machine\user account".

So set up your root folder, (share it on the network if need be), and grant everyone access. The subfolders under that "root" folder can then have individual and granular security (access) via the NTFS file system.

Again, this is Computer Science 101. Google is you best friend on this. Here are a few links that may help. Check them out before you Google it.

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Windows-NTFS-Permissions.html

http://www.ntfs.com/ntfs-permissions.htm

Hope that helps
0
 
it_saigeDeveloperCommented:
@SneekCo - Agreed, however, when you post something as non-descript as "Google NTFS and you will be enlightened", it's hard to determine if your intention was "Google NTFS password protect folders"; which results in this as the top link (they discuss using NTFS encryption to secure your files/folders); or something else.

Your second post is much more descriptive and more inline with what the author has requested and what has already been recommended.

-saige-
0
 
Walter CurtisSharePoint AEDCommented:
NTFS was not mentioned before my post. And that is the correct approach. The difference between the two post is one during the day when time is limited and one after work. I think "Google NTFS" is very helpful, especially in this case. Might have been in the middle of the posters day also, so a short answer might have been appreciated.

Main point, hope it helped the poster. Don't care about points, just care about helping.
0
 
it_saigeDeveloperCommented:
No worries mate.  I guess (to me at least) NTFS was implied when the author posted:
I have server 2012 r2 available, no sharepoint and an AD domain.
-saige-
0
 
Walter CurtisSharePoint AEDCommented:
Just hope we helped him one way or the other. I will take a little longer next time on answers, even during the busy day :-)
0
 
Lionel MMSmall Business IT ConsultantCommented:
I agree that each user should have their own logon--without that you cannot hold users accountable for actions on systems they use--they could simply blame others. Regardless you wanted a solution for your sebnario and as mentioned above encryption or password protecting files and folders are possible. There are many options--check this one out and the editors review on CNET http://download.cnet.com/I-Folder-Locker/3000-2092_4-75450069.html. Here is list of many more arranged by highest editor reviews
0
 
Walter CurtisSharePoint AEDCommented:
There is no need for a third party tool. Yes, as mentioned each user should have their own login, but using the built in security settings for files and folders, based on the NTFS (out of the box) file system, it is available to use, with no addition cost. Again, this is basic Windows Server Operating System stuff. If there is not a how-to article on this site, Google is your best friend.

Hope that helps,
0
 
cmkeurAuthor Commented:
thanks for all the answers but they point is being missed.  The main account is a shared account and it has access to list a folders contents but no read/write access to the folders contained within.  There are 5 users and each users has a folder in the main folder.  I wanted to know if I can natively have windows explorer prompt for user and password each time the individual folders are accessed. I don't want third party tools and don't need a lecture on best practice.
0
 
cmkeurAuthor Commented:
ok thank you.  that is what i thought but i was hopeful i was missing/overlooking something.
0
 
Walter CurtisSharePoint AEDCommented:
You can use Windows explorer in the context of a different user. That means, find the windows explorer in the start menu of on your desktop or in the task bar, or wherever, Then with the mouse hovering over the icon, press and hold one of the shift keys, then right mouse click, a menu will open and among the list of things one of them will be "Run as different user". When you click on that, a window will open that will allow your users to enter their credentials. (User name and password). The windows explorer will be running with that users permissions.
0
 
cmkeurAuthor Commented:
thanks and i understand that but the creds will be stored until the generic account is logged off.  I was hoping for an apache/iis  logon/logoff mechanism within explorer.
0
 
Walter CurtisSharePoint AEDCommented:
When the windows explorer window is closed, the sessions with those credentials is also closed. Good luck.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.