-1

I was wondering if anyone would be able to help me solve this problem. I have a several computers on a network. Of that network, there is one server(Windows server 2003) that acts as a file server. There is a several shared folders in C:\ drive that is shared with all computers on the network. They all run on windows XP, and some in windows 7.

My question is this. is it possible to password protect the shared folder on the fileserver? what i really want is once everyone logging to their computer that's attached on the network, they start trying to gain access to the folder on the fileserver. But before they gain access, they have to supply a password. Now, i'm talking about across the network, not on the local computer.

There are for example 500 client computers that can see the shared drive, but only 100(for example) of those computers must be allowed to access an specific folder by typing the user and password prompted. Manage this requirement adding specific users to permission of the specifics folders become unmanageable, is just for that that i want only setup an different password for each shared folders.

To resume: I only need get the users prompt for a password wnen he tries access to a certain shared folder over the network. There is any method to do this?

Your help is highly appreciated and look forward to hearing from you.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
Mak
  • 15
  • 1
  • 1
  • 3

4 Answers4

4

You really need to bone up on NTFS groups and permissions.

Having said that, this is basic stuff for administration of a Windows environment. Since you're asking about this, I have to assume you have little to no experience here? It would not serve you very well to just read that article I posted and be on your merry way. At the very least, grab yourself a book on administering a Windows Server environment and read it thoroughly.

GregD
  • 8,713
  • 1
  • 23
  • 35
  • Hi, actually i have the system with 800 clients, an the file server fully functional, i know set up the shared permission, and add the specific user or groups for each folder. in this moment when i received a request to grant new permissions to another user i do this. that I want is to change that process, only assign a password for each folder, so when the user try to open this, the user get promptped for a password.. so I have never more add specific users to that security settings. Any workaround to do that, becuase windows server have no that setting nativetly. – Mak Aug 14 '10 at 16:21
  • 1
    So what's the point of "password protecting" a directory if everyone knows the password? And what happens if you have to change that password? o_O – GregD Aug 14 '10 at 16:30
  • everyone no knows the password.. for each folder there are maybe 20 users that use that folder.. only that 20 users know the password for that folder, but they unknow the password for other 300 folders.. by actually I received so many, yes so many request to change the allowed users. then with password i want only assing a password for area and each area said the password to the authorized employees. And then I no received more request of that type. I know also that my solution maybe not be the best solution. In that case I can hear solutions. – Mak Aug 14 '10 at 16:36
  • 2
    Shared passwords are a really bad idea. Once shared, the password becomes worthless. You no longer know who the authorized users are and it's all in an effort to avoid having to do busy work... – GregD Aug 14 '10 at 16:45
  • I haven't seen your second question before, then to answer.. Change the password for a specific folder WILL NOT BE common task(maybe anual task), eventualy i do need to do this, but then i will receive a change request for password, then i changed it and send this to the proper area of the company, that area to communicate to the respective employees about the change. – Mak Aug 14 '10 at 16:50
  • 1
    Use groups and have your users be members of a group that have NTFS access to specific folders. Memberships of these groups should be an easy and routine task to maintain - and it could be delegated to the group owners/managers to do – Oskar Duveborn Aug 14 '10 at 17:36
  • Thanks to all, the only clear here is that i will no use the password protected method. Actually I have AD with many groups for departments. But not all members of an department can see the shared folders... then i will need create another groups for each folder.. but to your suggestions there is the only possible solution.. uhmm, thanks again. – Mak Aug 15 '10 at 00:42
2

You can also pass the busywork on to the departments causing all of the requests. Create a group with the desired permissions to the folder. Then allow the managers in question the ability to add/remove people from this group. Now the folder actually has security, and the endless change requests can be managed quickly and locally.

They likely won't like the idea, as they'll have to learna new tool, but it sounds like the only way to solve the problem without giving up on security.

Kara Marfia
  • 7,892
  • 5
  • 32
  • 56
1

I will preface this by saying that GregD and Oskar are right and that you should be using groups and standard NTFS permissions in an Active Directory domain for an environment of your size.

But to directly answer your question, in a Workgroup environment you can have password prompts for shared resources by creating a local user on the server that is not the same as any of the user accounts on the clients. Then you give that local user permissions to the shared folders and pass out the password to that local user account to everyone. Then when they connect to the resource they use that username and password when prompted.

But, again, this is a CATEGORICALLY BAD IDEA for your size environment with 500-800 client machines. You are MUCH MUCH MUCH better off using an Active Directory domain with NTFS permissions and AD groups.

It is also a horrific prospect from a data security standpoint. Your shared password(s) WILL become known to others who are not supposed to have access to the resources you are protecting from them.

squillman
  • 37,618
  • 10
  • 90
  • 145
0

You can use winsesame downloaded on http://www.winsesame.com It's a powerfull encryption tool wich works on the network. GR.