+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 29
Windows Server 2000/2003 Thread, Password protect a folder in Technical; HT wants a password protected folder on the network (Server 2003) that only certain users can access: 1. Folder must ...
  1. #1

    Join Date
    Jan 2008
    Location
    Essex / Suffolk border
    Posts
    207
    Thank Post
    38
    Thanked 28 Times in 18 Posts
    Rep Power
    18

    Password protect a folder

    HT wants a password protected folder on the network (Server 2003) that only certain users can access:

    1. Folder must be password protected, and prompt user for credentials each time its used.

    2. Only specific users can access

    I've sorted #2 using groups and permissions - easy, but struggling with #1. Anyone know of a way to do it? Even with 3rd party software? Maybe an external encrypted HDD?

    Thanks

  2. #2

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,831
    Thank Post
    1,825
    Thanked 2,254 Times in 1,659 Posts
    Rep Power
    805
    Why does it have to be password protected as well as using permissions? If you have a problem with people using staff logons that don't belong to them that needs to be sorted out first.

  3. #3

    bladedanny's Avatar
    Join Date
    May 2009
    Location
    Sheffield
    Posts
    1,289
    Thank Post
    190
    Thanked 307 Times in 229 Posts
    Rep Power
    131
    We have a similar setup here for management. When staff log on they all get a mapped drive to the management share but only users listed in the security tab can access it. So far it is working well.

  4. #4

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,831
    Thank Post
    1,825
    Thanked 2,254 Times in 1,659 Posts
    Rep Power
    805
    We only map the 'Office Admin' share to relevant staff... all 5 of them. The top secret Bursar and HT folders that they use for staff issues, etc have additional security on them so the rest of the office staff cannot access them.

  5. #5

    Join Date
    Jan 2008
    Location
    Essex / Suffolk border
    Posts
    207
    Thank Post
    38
    Thanked 28 Times in 18 Posts
    Rep Power
    18
    Quote Originally Posted by elsiegee40 View Post
    Why does it have to be password protected as well as using permissions? If you have a problem with people using staff logons that don't belong to them that needs to be sorted out first.
    Nope its not a problem with staff using logons that dont belong to them, thats already strictly forbidden. More a case of a new HT whos hot on safeguarding. Wants all childrens photos protected by this 2nd level of password. Doesnt want anyone to be able to jump onto a logged in machine (if the teacher has left it logged in) and just take a look into the 'photo' folder! We have already been through the options that each user already has their own password and could 'lock' the workstations when leaving them, but thats open to someone forgetting to do it...

  6. #6

    Join Date
    Jan 2008
    Location
    Essex / Suffolk border
    Posts
    207
    Thank Post
    38
    Thanked 28 Times in 18 Posts
    Rep Power
    18
    Quote Originally Posted by jinnantonnix View Post
    Good point. What's the head trying to achieve, apart from an extra layer of delay?

    If a file is on the network, the network/file security will take care of the access permissions.
    Your correct it that, but if a user has logged on and left the workstation unattended then the folder can be accessed by anyone, and that is what the HT wants to prevent. Yes, they can lock the workstation, but it doesnt happen in practice.

  7. #7

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,831
    Thank Post
    1,825
    Thanked 2,254 Times in 1,659 Posts
    Rep Power
    805
    I have to say that this is a sledgehammer to crack a wallnut - and I'm an e-safety trainer btw.

    If staff practice is lax and they are not locking their machines when they walk away from them, then that must be corrected.

    Our AUP, which all staff have signed and all have been trained (it's part of new staff induction), makes it very clear that failure to ensure the security of your login is a disciplinary offence. I won't say our staff are perfect, because they aren't. But after a recent login sharing issue I happened upon at the start of this term that SLT took very seriously, things have improved hugely (and one person has ignored me for the last fortnight )

  8. #8

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by bertster View Post
    Doesnt want anyone to be able to jump onto a logged in machine (if the teacher has left it logged in) and just take a look into the 'photo' folder! We have already been through the options that each user already has their own password and could 'lock' the workstations when leaving them, but thats open to someone forgetting to do it...
    Your scheme is no better; someone forgetting to close the folder (example: jumps up to investigate sudden screaming in the next room) poses exactly the same problem.

    Secondary authentication just inconveniences and annoys legitimate users, it does almost nothing to fix the authentication problems society already has.

  9. #9

    Join Date
    Jan 2008
    Location
    Essex / Suffolk border
    Posts
    207
    Thank Post
    38
    Thanked 28 Times in 18 Posts
    Rep Power
    18
    As much as I agree with your comments, they are all already been raised in discussions with the HT and they still want it implemented. So much so that I've been allocated an extra day just to work on a solution. Its definately not a staff problem as there are strict policies in place re computer use, unattended workstations etc. Apparentley HT's previous school had this in place and he wants it here as well. My task is to implement the solution he wants, even if it still has the flaws as you all mention (HT is aware). I'm looking for technical solutions please.

  10. #10
    Dom_'s Avatar
    Join Date
    Dec 2008
    Posts
    1,010
    Thank Post
    151
    Thanked 138 Times in 115 Posts
    Rep Power
    56
    I've done this before, for concealing sensitive information from someone with domain admin rights...

    Install truecrypt on any machines you want to have access to the folder, create a truecrypt container, with whatever password they choose... move the container on to a shared area, and rename it to something not very obvious (I created a 2gb container and called it "School Prospectus DVD.avi"). Show the members of staff how to mount the container within truecrypt and remind them to disconnect once they've finished!

    You may have issues with multiple users connecting at one time, but that situation never arose for us before.

  11. Thanks to Dom_ from:

    bertster (22nd September 2010)

  12. #11

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    What about using a web-based access to the folders with a password protected realm and session time outs. Would resolve most potential issues with being left unattended.

  13. #12


    Join Date
    Sep 2008
    Posts
    1,793
    Thank Post
    331
    Thanked 261 Times in 213 Posts
    Rep Power
    120
    In addition to whatever solution you decide upon, are you going to limit the timeout so anyone who has access to this information also has a very low timeout before their screen locks in the case they are away from their desk?

  14. #13

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,412
    Thank Post
    642
    Thanked 963 Times in 663 Posts
    Blog Entries
    2
    Rep Power
    326
    If a password prompt is what he wants, give him it. It doesn't have to be difficult.

    Make a small program in AutoIt which prompts for a password. When compiling to an executable, give it an icon that is the one used in Windows Explorer to represent a folder. Then make your actual secure folder "hidden" so it's not visible. Users should see the "folder" (the prompt program), click on it, and up comes the prompt for a password. When someone enters the correct password, just launch Explorer and point it to the path of the secure hidden folder.

    You could make it go full-screen, black, green text, and a nice Hollywood-style message: "Classified. Please enter authentication credentials."

  15. 2 Thanks to webman:

    elsiegee40 (22nd September 2010), SimpleSi (27th September 2010)

  16. #14

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,831
    Thank Post
    1,825
    Thanked 2,254 Times in 1,659 Posts
    Rep Power
    805
    Quote Originally Posted by webman View Post
    If a password prompt is what he wants, give him it. It doesn't have to be difficult.

    Make a small program in AutoIt which prompts for a password. When compiling to an executable, give it an icon that is the one used in Windows Explorer to represent a folder. Then make your actual secure folder "hidden" so it's not visible. Users should see the "folder" (the prompt program), click on it, and up comes the prompt for a password. When someone enters the correct password, just launch Explorer and point it to the path of the secure hidden folder.

    You could make it go full-screen, black, green text, and a nice Hollywood-style message: "Classified. Please enter authentication credentials."
    I like this solution

  17. #15


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,143
    Thank Post
    234
    Thanked 2,737 Times in 2,018 Posts
    Rep Power
    800
    SecureFolder might be worth a try too, although I really like WebMan's idea.

    Secure Folder is an easy-to-use folder security software that hide, lock & encrypts folder with a password. Folders secured cannot be deleted, renamed, moved, copied, modified, accessed.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Password Protect Files
    By karldenton in forum Windows
    Replies: 2
    Last Post: 8th July 2010, 09:22 AM
  2. Password Protect a folder in XP
    By Trapper in forum Windows
    Replies: 9
    Last Post: 25th June 2010, 10:06 AM
  3. Password protect a folder within a shared folder
    By pbaddhan in forum Windows Server 2000/2003
    Replies: 7
    Last Post: 19th May 2010, 11:39 AM
  4. Password Protect Network
    By FN-GM in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 15th June 2009, 05:27 PM
  5. Password Protect Internet
    By binky in forum Wireless Networks
    Replies: 1
    Last Post: 30th August 2007, 03:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •