Refusing access to home network just to one user account in windows

3

I'd like to set up a guest account on my laptop so that people can use it at my home, including internet access as usual via my wifi router, but not access the drive shares on my LAN. I have the following drive shares:

  • 2 Windows 7 computers sharing a home zone
  • 1 Linux server with unprotected Samba shares

The laptop is currently running XP, but I could install Windows 7 on it if necessary.

The laptop does currently not see the Windows 7 computers (due to the home zone), so all I'd have to do is to keep it from accessing the Samba shares for that particular XP user account.

I don't want to password-protect the Samba shares for everyone else though since I am too lazy to type the password over and over again when working on my regular computer.

What's the easiest way to achieve this? I guess installing a domain (Windows or Samba) would solve the problem, but it looks like complete overkill for this scenario. Some kind of personal firewall on the laptop with different settings for different users might be another, but I don't know any.

Any ideas would be greatly appreciated! :-)

Adrian Grigore

Posted 2009-11-12T14:54:29.763

Reputation: 1 773

Answers

1

I still could not find a way to access restriction on a per-user basis, so the solution I used in the end is to create 2 equal shares on the samba server: Both point to the same drive directory, but one share works withh and one without a password. Next, I disallowed access to the password-less share to the laptop via "hosts deny" in smb.conf.

Now I can access the drive shares without a password on my regular computer and with a password when working on the laptop. Guests don't have the samba password, so they have to stay out.

Adrian Grigore

Posted 2009-11-12T14:54:29.763

Reputation: 1 773

1

I would tackle this from the point of view of the machines which host the shares. Simply add the 2/3 names of the 'Good Guys' on each share. Just don't add the guest.

Then when the 'Good Guys' try and access the share, they get in. They don't have to give a password at this point (only the once when they logon to their machine).

Guy Thomas

Posted 2009-11-12T14:54:29.763

Reputation: 3 160

Sounds good, but what exactly do you mean by "adding names of the Good Guys on each share"? How does this work on Samba? A link to a tutorial or manual describing this would be great. – Adrian Grigore – 2009-11-13T13:18:25.117

I can start you by saying right-click the folder you wish to share, then select properties. You now want the sharing tab. When you click 'Add' you can select the 'Good Guy's my nickname for those you want to give access. What I don't know is how to add the Samba users. – Guy Thomas – 2009-11-13T19:49:07.887

Sorry, but you seem to have misunderstood the question entirely. FYI: Samba is Linux software which can provide file and print services to windows clients. There are no samba users to set up in my scenario. There are only windows users. I'm sorry for not going any more into details here, but if you are interested, you can read more about Samba at wikipedia: http://en.wikipedia.org/wiki/Samba_%28software%29

– Adrian Grigore – 2009-11-16T19:12:38.987

0

Setup two virtual LANs on your router. Turn wireless security on for one of the LANs and point your two windows 7 and your linux machine to that LAN, and point the XP machine to the other.

Justin Drury

Posted 2009-11-12T14:54:29.763

Reputation: 236

-1

Overviewe of Windows SteadyState.

Windows SteadyState includes the following features to help you manage your shared computers: Windows Disk Protection – Help protect the Windows partition, which contains the Windows operating system and other programs, from being modified without administrator approval. Windows SteadyState allows you to set Windows Disk Protection to remove all changes upon restart, to remove changes at a certain date and time, or to not remove changes at all. If you choose to use Windows Disk Protection to remove changes, any changes made by shared users when they are logged on to the computer are removed when the computer is restarted. User Restrictions and Settings – The user restrictions and settings can help to enhance and simplify the user experience. Restrict user access to programs, settings, Start menu items, and options in Windows. You can also lock shared user accounts to prevent changes from being retained from one session to the next. User Account Manager – Create and delete user accounts. You can use Windows SteadyState to create user accounts on alternative drives that will retain user data and settings even when Windows Disk Protection is turned on. You can also import and export user settings from one computer to another—saving valuable time and resources. Computer Restrictions – Control security settings, privacy settings, and more, such as preventing users from creating and storing folders in drive C and from opening Microsoft Office documents from Internet Explorer®. Schedule Software Updates – Update your shared computer with the latest software and security updates when it is convenient for you and your shared users.

Steady State User Restrictions described

Drive restrictions determine which drives are visible to the user in My Computer. You can select the option to hide all drives, show all drives, or select specific drives that you do not want exposed to the user. These include printers or removable storage devices.

SteadyState Accounts and Profiles

It's simple to create, modify, and remove user profiles with Windows SteadyState. There's no need to log in to the user account, edit the registry, or manipulate files or folders on the hard drive. You control all user restrictions directly from the main console. Rapidly assign high, medium, or low security defaults to each user profile.

Hope this helps you some.

Chris

Posted 2009-11-12T14:54:29.763

Reputation: 1 688

I think you misunderstood my posting. I was asking how to deny access to a network DRIVE share, while SteadyState is used to lock down a computer which is shared between different users. Unless of course it can also control which network shares guest accounts have access to, but that is not mentioned in the text you quoted. – Adrian Grigore – 2009-11-13T13:25:32.300

For creating a "guest account" as you have asked for, I think steady state probably does everything that you're asking for. As you can see from the links provided, you can select the option to hide, show, or select specific drives that you do not want exposed to a user. – Chris – 2009-11-13T14:46:48.563

Yes, but I was not asking how to hide local drives. I was asking how to hide network shares. That's something entierly different. – Adrian Grigore – 2009-11-16T19:08:23.533

Asked: 2009-11-12T14:54:29.763

Viewed: 1 032 times

Active: 2013-07-27T10:17:34.683