Folder security on a network share.

[J741]

O.K. I ran the 'Network Wizard' on Windows XP pro to enable file and printer sharing on a small network. It works fine, and my network shared folder is accessible (both read and write) from all other computers on my network worgroup, without the need for the remote user's login ID or password to be entered in the local user accounts on this computer. Excelent.

Next, I created a BACKUP.CMD batch file to copy the contents of the 'Documents and Settings' folder of the remote computer to a folder within the network shared folder on this computer. For this I used Microsoft's RoboCopy command, and exclude specific files and folders such as the 'temp' and 'temporary internet files' folders.

This works great, and maintains a central backup of each user's documents (which also has another backup). However, this signifigantly reduces security as all of the network shared folder is fully accessible to everyone who connects to the network. So, if someone takes the time to look at the nework resources, they can find each user's private documents. This is very undesireable.

So, what I would like to do is create another batch file which would change the access permissions of specific folders within the network shared folder, and then change the permissions back to the original settings at the known time when the backup is performed. The problem is, I don't know how to check or change folder permissions from the command line. Can anyone help me with this ?

Ideally, I'd like to set folder read and write permissions to be accessible only from the computer name (not the user name) from which they were originally created via the network, but I'm not even sure if this is possible.

- James.


My memory is not as good as it should be, and neither is my memory.

I have forgotten more than I can remember

 

[markdmac]

Forget your current line of thinking. Create a share adn at the end of the name put a "$" which will make it a hidden share. Security is a total afterthought if you are going to not require passwords to access the shares so hide the share so no-one can browse to it.

You might also want to look at the File and Settings Transfer Wizard. This will gather a little more info for you than you RoboCopy solution and will compress the data a bit too. And better yet use USMT which you can automate.

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/usermigr.mspx

I hope you find this post helpful.

Regards,

Mark

 

[J741]

Thank you for your input. I had not thought of using a hidden share. It is a very good idea.

As for the USMT tool, the Microsoft article you reference states "USMT requires a client computer that is connected to a Windows Server domain controller." This is not feasable for us, as this is a small busines network which does not use a Windows Server Domain Controller. Only peer-to-peer Windows XP Pro systems.

As for requiring passwords to access the network share, I would love to do this, but Windows XP seems to want both a user name and a password, and wants it to match one in the 'Users and Computers' list. This creates more complication than is desirable in this situation. What I desire is a simple password-only approach much like what was used for network shared resources in Windows 95 and Windows 98.

- James.


My memory is not as good as it should be, and neither is my memory.

I have forgotten more than I can remember

 

[markdmac]

J741, you should consider implementing SBS.

http://www.microsoft.com/windowsserver2003/sbs/default.mspx

Low cost server solution for Small Businesses.

I hope you find this post helpful.

Regards,

Mark