How can I restrict access to our network?

[Tim]

Hi there,

We have a cable connection and use a Belkin 54g wireless router, 2 computers
connect to this router via there Belkin 54g wireless PCI cards.

How can I allow one computer to only access the Internet but not share or
see any files on any of the other computers connected to the network?

I know I can Disable NetBIOS over TCP/IP or un-tick File & Print sharing
box in CP/Network Connections but then the user of computer 1 could
just re-tick it and thus see the other files on other computers connected
to the network is there a more secure way of restricting what one
computer can see in terms of files/folders on other computers yet still gain
access to the Internet?

Is there a way of setting up a private workgroup and would this restrict
access?

Many thanks for any advise or pointers, Tim.

 

[Hans-Georg Michna]

We have a cable connection and use a Belkin 54g wireless router, 2 computers
connect to this router via there Belkin 54g wireless PCI cards.

How can I allow one computer to only access the Internet but not share or
see any files on any of the other computers connected to the network?

I know I can Disable NetBIOS over TCP/IP or un-tick File & Print sharing
box in CP/Network Connections but then the user of computer 1 could
just re-tick it and thus see the other files on other computers connected
to the network is there a more secure way of restricting what one
computer can see in terms of files/folders on other computers yet still gain
access to the Internet?

Is there a way of setting up a private workgroup and would this restrict
access?

Tim,

which operating systems do you use?

Hans-Georg

 

[Jetro]

You can restrict access to the Network Properties, services, and registry
using local policy. Depending on OS, it can be gpedit.msc or poledit.exe
editor.

 

[Tim]

Hi there,

Sorry should have said XP Pro SP2 on all machines.

Can this be done simply or is it very complex?

Many thanks, Tim.

 

[Doug Sherman [MVP]]

If the user of computer 1 is not a member of the local administrators group
he/she will not be able to re-enable File and Printer sharing. If the user
of computer 1 is a member of the local administrators group, he/she will be
able to undo any changes you make on computer 1.
You could prevent this through Group Policy in a domain environment. In a
workgroup environment with Simple File Sharing disabled, you can deny
network access to a user account on each of the other machines or simply not
create the user account on the other machines. Also, with XP Pro SP2 on the
other machines, you can use the Advanced tab on the Firewall to block
certain IP address.

Doug Sherman
MCSE Win2k/NT 4.0, MCSA, MCP+I, MVP

 

[Tim]

Hi there,

Many thanks Doug this is what I have done so far>

I have added each computer to each other computer that I want to
share files with as users, disabled Simple
file sharing on each of these computers and Disabled in Security options
Limit local use of blank password.

Then on each folder that I wish each of the computers to share files and
folders I have set permissions to set users and removed Everyone from all
the Share permissions and have repeated this in the Security option of each
Folder and file.

Now this works but it seems somewhat cumbersome when all I want to do is
stop just one computer from seeing our files and folders.

I have noticed that the computer that cannot see our folders and files can
see the Folders that are set to share but when they click on them they then
get an access prevention message saying they don't have permission that is
good but I wish it were easier.

On the computer that I don't want to see the rest of our network I have
disabled NetBIOS over TCP/IP and that then prevents them even seeing the
Workgroup.

But surely there must be a better way, not sure I can disable computer 1 as
an administrator as they need to load and remove their own software etc.

Any more pointers or things to try?

Many thanks for everyone's input, Tim.

 

[Jetro]

Properly restricted access to the particular tools and floppy and CD drives
restricts Admin as well.

 

[Tim]

Hi there,

Oh what a struggle I've been having. I thought I'd go the route as
described in my previous post and for a time it worked but then the other
computers who we were sharing files could not see the files in the folders
on one computer and every time we tried to access those file from the other
computers we kept getting access denied pop ups. Then tried to alter the
file permissions on the errant computer and all hell broke loose could even
open or delete file on this computer good job I did a back up and Ghost.

So re-ghosted the errant machine and rebuilt all our files and adopted
Simple File Sharing just to check we could see and work with all files
across all three machines.

So now I am going to have to study more about NTFS and permissions to try
again to restrict access by the forth computer.

Are there any good sites which can point me in the right direction as I
would like to get it sorted?

Again many thanks for anyone and everyone's help, Tim.

 

[Tim]

Hi there,

Can someone verify that if I am going to set NTFS permissions what user
names do I use when setting up users on each computer is it the User name or
the Network ID name or the computer name?

Many thanks, Tim.

 

[Hans-Georg Michna]

Can someone verify that if I am going to set NTFS permissions what user
names do I use when setting up users on each computer is it the User name or
the Network ID name or the computer name?

Tim,

ideally you should use group names only, but you can use the
user name as well. It has to be the short user name, the
leftmost one in Computer management, Local users and groups,
Users.

Hans-Georg

 

[Tim]

Hi there,

I've setup individual users and then set up different groups with those
users in them to access different folders and files and have used those
groups in the sharing section of permissions. But when I set Permissions on
folders there is also a Security tab next to sharing which has
Administrators, Everyone, System and Tim in it should 'Everyone' be in the
Security section?

So far all seems to be working fine.

Tim.

 

[Hans-Georg Michna]

I've setup individual users and then set up different groups with those
users in them to access different folders and files and have used those
groups in the sharing section of permissions. But when I set Permissions on
folders there is also a Security tab next to sharing which has
Administrators, Everyone, System and Tim in it should 'Everyone' be in the
Security section?

Tim,

all users have to go through the object (folder, file, printer)
permission barrier. Remote users first face another barrier, the
share permissions. They have to get through both.

If you like you can give permissions to Everyone. You don't have
to, it's your free choice.

I sometimes give all share permissions to Everyone, then set the
actual permissions I want to give directly in the folders or
files. This is sensible when the same users can also walk up to
the computer and log on locally, because the same permissions
apply there too.

But that's just one way to do it. It depends on what you want to
achieve.

So far all seems to be working fine.

That's good to hear.

Hans-Georg

 

[Tim]

Hi there,

Hopefully final question.

If I do a BackUp of My Documents does the BackUp save the Folder settings in
terms of Sharing and Security?

Many thanks, Tim.

 

[Hans-Georg Michna]

Hopefully final question.

If I do a BackUp of My Documents does the BackUp save the Folder settings in
terms of Sharing and Security?

Tim,

that depends entirely on what program you use to make the backup
and how you set it up.

For example, if you just copy the folder, the sharing settings
will not be copied along. The other extreme is a backup of the
entire partition, which would keep such settings.

Using the backup program that comes with Windows XP Professional
and backing up the system state along with the data would also
preserve the sharing settings.

But I think the share settings should be one of your least
worries, because they can be recreated quickly.

Hans-Georg