why do things always not work?!!!

  • Thread starter Thread starter WiseMan
  • Start date Start date
W

WiseMan

Greetings,
i manage a small office local network consist of 13 computers. as an
administrator, i created a shared (read only) folder on the server computer
named PUBLIC and set the sharing to read only.
now every one in our local network can see and access this folder which is
fine.
moreover, we offer some additional network cables connected to the
same local network via hubs so that any one has a portable computer may
connect his/her laptop to one of them and connect to the internet using our
broadband connection which is fine too but i don't want those people with
laptops to access the shared folder named PUBLIC (even with read only
permission).
i tried many things to achieve this goal but all failed!!!
today i came up to a new idea, that is to encrypt the PUBLIC folder (since
the hard drive is NTFS formatted) and give a special certificate to only our
13 computers by exporting the certificate with it's private key to a file
and install it in all our computers... but failed too!!!
i know i did something wrong but can't realize what is it because i know
it's
supposed to work!

any ideas?
or kindly, a step by step procedure will be very appreciated

thank you in advance
S. WiseMan
 
Need some more info you doing this on a NT4 server, Server 2000 or server
2003? Then I might be able to suggest the proper course of action, which
will probably be to turn off Everyone and Guest access to the server. Setup
accounts on the server for each of the 13 pc's place those 13 userid or 1
user id if all 13 share the same login. Then allow only that group read
access to the server. A rogue laptop would be able to see the folder but
not access it or see what is inside. If you don't even want them to see the
folder you would have to setup some type of IP filtering on the server
itself via a firewall.
 
Hi Jeremy
i think i did a terrible mistake! the shared folder is not in the server
computer. it's on another computer in the same local network (one of the 13
pcs) but it's a kind of server too because we use it as file server and we
here call it "the fat computer" lol, yes it's fat or what u call a computer
with 3 hard drives each is 80 GB!!?
i'm using that fat computer. Windows XP profesional edition is installed on
all our computers including the server one.
hope you will help
thank you
 
Also so you are aware, XP pro has a hard coded limit of only 10 users
connecting at a time. But again you would need to the same things
mentioned earlier. Hopefully all 13 computers are not using administrator
as the login with no passwords. create userids on the fat pc. Put those
users into a group. You can do that under the administrator tools computer
management and users and groups. When your right click on the folder and
select sharing. Make sure that the group has read-only access. Then remove
the everyone group from that folder. Again this will allow all 13 pcs to
see the folder but only 10 can access the folder at one time. This would
not prevent some one from seeing the folder on the fat pc. This only
prevents them from accessing the folder. They can try and open it and will
get access denied. If you do not want the laptops to see your PC you would
have to setup IP filtering and only allow the IP's from the 13 computers.
 
Mr. Kettelhohn THANK YOU
but you are so fast lol and i do think like an a turtle walk!
now give me some time to do what you said and see
thank you again :)
 
Greetings Jermey,
i failed again with the users and groups thing :( besides all the 13 pcs are
using administrator as the login with no passwords as you guessed!!! so it
wont work even if i did every thing correctly.
and now here's some good news and bad news...
the good i found a solution. i simply installed ZoneAlarm and made my settings --->
Bingo :)))
the bad the fat pc -beside the server ofcourse- is the only one which
use the built-in administrator account with password. NONE can use the fat
pc without my permistion but as you know it must be running in order to
access the PUBLIC folder so i used to restart it and leave it at the welcome
screen when i go home.
now i think u realized the problem, yes it's ZoneAlarm, it woudn't has work
yet when the computer stop booting process waiting for me to enter the
adminstrator password. which means no firewall active yet, and every one can
access the shared folder including the rogue laptops ---> Problem back!!!
now what about the built-in ip filtering? does's it work in this case? if it
does please reply with a step by step procedure because i tried and faild
again lol
Note: all computers except the server one uses dynamic IPs. this is very
important i guess since i can't set a static IPs in the TCP/IP filtering
panel because they keep change!

a reply with details will be very appreciated
Thank you
 
In order to use Ip filtering you would need static IP's for the 13. I'll
warn you now instead of you finding this out the hardway. All your 13 pc's
are hackable in about 10 seconds. Especially if the pc's can be accessed
from the internet lets hope they can't. I also suppose on the Fat pc
using Auto Login with the screensaver password set to 1 minute is out of the
question? That way the fatpc would boot and zone alarm would start. Then
after 1minute the PC goes to the XP locked screen. Which if you wanted to
see that press the windows key on your keyboard and the L key. Not the best
solution but probably the easiest for you. Also to enable autologin the
easiest is to download tweakui from the Microsoft site, look for powertools
for XP.

To get back to the hacking aspect, all the pc's that use the same
administrator login with no password. The entire contents of each hard
drive are accessible by any of the other 13 pc's or anyone else who connects
with administrator with no password. To do that you just type
\\computername\c$ then you have the entire root of the remote computers
hard drive with full access to all the files.
 
Hi Jeremy,
In order to use Ip filtering you would need static IP's for the 13. I'll
warn you now instead of you finding this out the hardway.
Click to expand...

wow i'm not that dump i knew that :)))
All your 13 pc's are hackable in about 10 seconds. Especially if the pc's can be accessed
from the internet lets hope they can't.
Click to expand...

no they can't. and i assure you, all our 13 pc's are NOT hackable in about
10 seconds! not even in 10 centuries!!! you should belive me as i think this
is the only thing i really know it is 100% correct lol
I also suppose on the Fat pc using Auto Login with the screensaver
password set to 1 minute
is out of the question?
Click to expand...

no, i'm not using that method. using it means that any one can access the
fat pc at least for 1 minute :O what's up Jeremy?! it took just one tiny,
unsignificant short minute from Osama Bin Laden to
destroy the WTC!!! i can format one of the 3 80G drives in this ONE
long-as-a-winter-night-without-supper minute!!!
instead, i use "1st Security Agent" Lock screen when i'm away.

well, i think the perfect solution is to leave the fat pc running 24/7
what can i do!!! :(

now if you have any other advanced solustions, please never mind my being
too dump to understand them and reply with details, if you have not, it's
ok. but please let me thank you for your being very very very helful :)

Mr. Kettelhohn THANK YOU

"I shall not waste my life trying to enlong it"
S. WiseMan
 
Back
Top