Windows XP Pro security question

[Dick Sutton]

I have a windows xp security question(s).

I have inherited a small business LAN of 7 computers running Win XP Pro /SP2
& all patches and 1 Win2000 server. The lan has
virtually no access to the outside world. The lan was originally set up as
a small domain. The medical practice had various people
maintain the lan over a period of years (most didn't know what they were
doing). At some point, the domain was taken down and a
workgroup was put in it's place. This was done to simplify admin & increase
performance (I was told). In addition, Simple File Sharing
(SFS) is utilized. They want it that way (not my decision). All is running
well.

An application has been designed such that a file or files are placed in a
specific directory one or more times a day. That directory is
placed the Shared Documents folder and is set up as a simple network share.
On a given computer, another application periodically
looks in those folders on each machine. If there is a file present, it
copies it to the central station for processing. Very simple. It all
works except for 2 of the 8 computers. On 1 of the computers, the files can
be queried but access errors occur when an attempt to
copy them is made. On the other, a Login screen appears.

I don't understand, since SFS is being used, how can there be permission
errors on these computers? I have run cacls on the shared
folders and the only entry that shows up is Everyone (F) permissions. So I
suspect that inheritance is causing the problem but am
confused since SFS is in effect. Any ideas?

Finally, is there any way 'reset' the file system permissions back to the
way they were when the system was first installed? I figure that
someone buggered the system back when it was in a domain.

Thanks for reading this. Hope someone can point me in the right direction.

Dick

 

[Planet Earth]

To answer to the first question, I suggest that you should check wether
Guest account is enabled and uses the same password on every computer in the
workgroup.
To reply to the second question, follow these steps:
1) Click Start > Run
2) Type mmc.exe
3) From the File menu, select Add/Remove snap-in
4) Click Add, then click on Security Templates
5) Click Add, and then close
6) Follow the steps in the details pane to create a new database
7) Then select the compatws.inf security template
8) Finally, follow the steps in the details pane to configure the computer
with the default setting from the security template


I hope I have made myself quite clear and you have understood my English
If you have any new question regarding your problem, please let me know.

-----
Planet Earth
MCP Windows


This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

 

[Dick Sutton]

Thank you, Planet Earth, for your input.

I neglected to mention that I had already checked the guest account on each
system to ensure that they were disabled.

I will try your suggestions this weekend and will report back.

Thanks again...

Dick

 

[NoConsequence]

I have a windows xp security question(s).

I have inherited a small business LAN of 7 computers running Win XP Pro /SP2
& all patches and 1 Win2000 server. The lan has
virtually no access to the outside world. The lan was originally set up as
a small domain. The medical practice had various people
maintain the lan over a period of years (most didn't know what they were
doing). At some point, the domain was taken down and a
workgroup was put in it's place. This was done to simplify admin & increase
performance (I was told). In addition, Simple File Sharing
(SFS) is utilized. They want it that way (not my decision). All is running
well.

An application has been designed such that a file or files are placed in a
specific directory one or more times a day. That directory is
placed the Shared Documents folder and is set up as a simple network share.
On a given computer, another application periodically
looks in those folders on each machine. If there is a file present, it
copies it to the central station for processing. Very simple. It all
works except for 2 of the 8 computers. On 1 of the computers, the files can
be queried but access errors occur when an attempt to
copy them is made. On the other, a Login screen appears.

I don't understand, since SFS is being used, how can there be permission
errors on these computers? I have run cacls on the shared
folders and the only entry that shows up is Everyone (F) permissions. So I
suspect that inheritance is causing the problem but am
confused since SFS is in effect. Any ideas?

Finally, is there any way 'reset' the file system permissions back to the
way they were when the system was first installed? I figure that
someone buggered the system back when it was in a domain.

Thanks for reading this. Hope someone can point me in the right direction.

Dick

FWIW,

My personal opinion is that you should move this back to a Domain
structure. It will make setting up permissions easier and user
maintennance much simpler. In my experience if you have more than
maybe 4 computers, managing file access and permissions becomes
cumbersome as you have to touch EACH machine every time a change is
made.

 

[Dick Sutton]

NoConsequence,

Unfortunately, that's not my decision. That decision is now cast in stone.
They saw a marked improvement in performance. Doesn't matter what I say. I
would like to rebuild the systems from scratch so I know what I'm dealing
with. I'm worried about all kinds of things that may be lurking under the
covers. But again, not my decision.

Dick