Windows Server 2000/2003 Thread, Password protect a folder in Technical; HT wants a password protected folder on the network (Server 2003) that only certain users can access:
1. Folder must ...
22nd September 2010, 09:32 AM #1
Password protect a folder
HT wants a password protected folder on the network (Server 2003) that only certain users can access:
1. Folder must be password protected, and prompt user for credentials each time its used.
2. Only specific users can access
I've sorted #2 using groups and permissions - easy, but struggling with #1. Anyone know of a way to do it? Even with 3rd party software? Maybe an external encrypted HDD?
22nd September 2010, 09:37 AM #2
Why does it have to be password protected as well as using permissions? If you have a problem with people using staff logons that don't belong to them that needs to be sorted out first.
22nd September 2010, 09:56 AM #3
We have a similar setup here for management. When staff log on they all get a mapped drive to the management share but only users listed in the security tab can access it. So far it is working well.
22nd September 2010, 10:07 AM #4
We only map the 'Office Admin' share to relevant staff... all 5 of them. The top secret Bursar and HT folders that they use for staff issues, etc have additional security on them so the rest of the office staff cannot access them.
22nd September 2010, 10:08 AM #5
Nope its not a problem with staff using logons that dont belong to them, thats already strictly forbidden. More a case of a new HT whos hot on safeguarding. Wants all childrens photos protected by this 2nd level of password. Doesnt want anyone to be able to jump onto a logged in machine (if the teacher has left it logged in) and just take a look into the 'photo' folder! We have already been through the options that each user already has their own password and could 'lock' the workstations when leaving them, but thats open to someone forgetting to do it...
Originally Posted by elsiegee40
22nd September 2010, 10:12 AM #6
Your correct it that, but if a user has logged on and left the workstation unattended then the folder can be accessed by anyone, and that is what the HT wants to prevent. Yes, they can lock the workstation, but it doesnt happen in practice.
Originally Posted by jinnantonnix
22nd September 2010, 10:17 AM #7
I have to say that this is a sledgehammer to crack a wallnut - and I'm an e-safety trainer btw.
If staff practice is lax and they are not locking their machines when they walk away from them, then that must be corrected.
Our AUP, which all staff have signed and all have been trained (it's part of new staff induction), makes it very clear that failure to ensure the security of your login is a disciplinary offence. I won't say our staff are perfect, because they aren't. But after a recent login sharing issue I happened upon at the start of this term that SLT took very seriously, things have improved hugely (and one person has ignored me for the last fortnight )
22nd September 2010, 10:22 AM #8
Your scheme is no better; someone forgetting to close the folder (example: jumps up to investigate sudden screaming in the next room) poses exactly the same problem.
Originally Posted by bertster
Secondary authentication just inconveniences and annoys legitimate users, it does almost nothing to fix the authentication problems society already has.
22nd September 2010, 10:44 AM #9
As much as I agree with your comments, they are all already been raised in discussions with the HT and they still want it implemented. So much so that I've been allocated an extra day just to work on a solution. Its definately not a staff problem as there are strict policies in place re computer use, unattended workstations etc. Apparentley HT's previous school had this in place and he wants it here as well. My task is to implement the solution he wants, even if it still has the flaws as you all mention (HT is aware). I'm looking for technical solutions please.
22nd September 2010, 10:54 AM #10
I've done this before, for concealing sensitive information from someone with domain admin rights...
Install truecrypt on any machines you want to have access to the folder, create a truecrypt container, with whatever password they choose... move the container on to a shared area, and rename it to something not very obvious (I created a 2gb container and called it "School Prospectus DVD.avi"). Show the members of staff how to mount the container within truecrypt and remind them to disconnect once they've finished!
You may have issues with multiple users connecting at one time, but that situation never arose for us before.
Thanks to Dom_ from:
bertster (22nd September 2010)
22nd September 2010, 11:06 AM #11
What about using a web-based access to the folders with a password protected realm and session time outs. Would resolve most potential issues with being left unattended.
22nd September 2010, 11:12 AM #12
In addition to whatever solution you decide upon, are you going to limit the timeout so anyone who has access to this information also has a very low timeout before their screen locks in the case they are away from their desk?
22nd September 2010, 11:26 AM #13
If a password prompt is what he wants, give him it. It doesn't have to be difficult.
Make a small program in AutoIt which prompts for a password. When compiling to an executable, give it an icon that is the one used in Windows Explorer to represent a folder. Then make your actual secure folder "hidden" so it's not visible. Users should see the "folder" (the prompt program), click on it, and up comes the prompt for a password. When someone enters the correct password, just launch Explorer and point it to the path of the secure hidden folder.
You could make it go full-screen, black, green text, and a nice Hollywood-style message: "Classified. Please enter authentication credentials."
2 Thanks to webman:
elsiegee40 (22nd September 2010), SimpleSi (27th September 2010)
22nd September 2010, 02:18 PM #14
I like this solution
Originally Posted by webman
26th September 2010, 11:34 AM #15
SecureFolder might be worth a try too, although I really like WebMan's idea.
Secure Folder is an easy-to-use folder security software that hide, lock & encrypts folder with a password. Folders secured cannot be deleted, renamed, moved, copied, modified, accessed.
By karldenton in forum Windows
Last Post: 8th July 2010, 09:22 AM
By Trapper in forum Windows
Last Post: 25th June 2010, 10:06 AM
By pbaddhan in forum Windows Server 2000/2003
Last Post: 19th May 2010, 11:39 AM
By FN-GM in forum Internet Related/Filtering/Firewall
Last Post: 15th June 2009, 05:27 PM
By binky in forum Wireless Networks
Last Post: 30th August 2007, 03:36 PM