|
Posted by Stephan St-Denis on September 19, 2005, 4:22 pm
Please log in for more thread options
Hi,
Being new to the Windows Server family, I'd like to know hoe to do the
folowing thing :
On my server 2003, I have a drive (named DATA) on which I put important
company data ; database files and other documents, located in a few folders,
that are accessed only using an in-house program. Let call the program
INHOUSE.EXE
INHOUSE.EXE must be able to access the entire drive (e.g. read, write files,
directory creation and so on...).
Each user on the network running XP pro have a copy of INHOUSE.EXE.
Now my question is :
How can I share the drive in order to let INHOUSE.EXE access all the data
but restrict all users from accessing the same shared drive ? I don't want
those users to be able to access the drive and extract the data without the
use of the program.
Is there a way to do that ?
Thanks in advance.
|
|
Posted by Paul Adare on September 19, 2005, 5:13 pm
Please log in for more thread options
microsoft.public.windows.server.security news group, Stephan St-Denis
> Hi,
>
> Being new to the Windows Server family, I'd like to know hoe to do the
> folowing thing :
>
> On my server 2003, I have a drive (named DATA) on which I put important
> company data ; database files and other documents, located in a few folders,
> that are accessed only using an in-house program. Let call the program
> INHOUSE.EXE
>
> INHOUSE.EXE must be able to access the entire drive (e.g. read, write files,
> directory creation and so on...).
>
> Each user on the network running XP pro have a copy of INHOUSE.EXE.
>
> Now my question is :
>
> How can I share the drive in order to let INHOUSE.EXE access all the data
> but restrict all users from accessing the same shared drive ? I don't want
> those users to be able to access the drive and extract the data without the
> use of the program.
>
> Is there a way to do that ?
What security context does this application run in? If it is running in
the user's security context, then no, there's really nothing you can do
here.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
|
|
Posted by Stephan St-Denis on September 19, 2005, 5:29 pm
Please log in for more thread options
> microsoft.public.windows.server.security news group, Stephan St-Denis
>
>> Hi,
>>
>> Being new to the Windows Server family, I'd like to know hoe to do the
>> folowing thing :
>>
>> On my server 2003, I have a drive (named DATA) on which I put important
>> company data ; database files and other documents, located in a few
>> folders,
>> that are accessed only using an in-house program. Let call the program
>> INHOUSE.EXE
>>
>> INHOUSE.EXE must be able to access the entire drive (e.g. read, write
>> files,
>> directory creation and so on...).
>>
>> Each user on the network running XP pro have a copy of INHOUSE.EXE.
>>
>> Now my question is :
>>
>> How can I share the drive in order to let INHOUSE.EXE access all the data
>> but restrict all users from accessing the same shared drive ? I don't
>> want
>> those users to be able to access the drive and extract the data without
>> the
>> use of the program.
>>
>> Is there a way to do that ?
>
> What security context does this application run in? If it is running in
> the user's security context, then no, there's really nothing you can do
> here.
>
> --
> Paul Adare
Paul,
I'm not sure to know what the security context is. Can you give me an
example ? All I can say, is that the user opens a session on the server 2003
as a domain user.
Regards,
Stephan
|
|
Posted by Paul Adare on September 19, 2005, 6:12 pm
Please log in for more thread options microsoft.public.windows.server.security news group, <"Stephan St-
Denis" <stephans_at_progicielsconcept.com>> says...
> I'm not sure to know what the security context is. Can you give me an
> example ? All I can say, is that the user opens a session on the server 2003
> as a domain user.
>
So the user just opens your application to run it? It isn't running as a
service of any type? In that case, it will be running in the security
context of the user which means the user's credentials are being used to
access the share, which means you can't hide anything from the user.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
|
|
Posted by Stephan St-Denis on September 19, 2005, 9:38 pm
Please log in for more thread options > microsoft.public.windows.server.security news group, <"Stephan St-
> Denis" <stephans_at_progicielsconcept.com>> says...
>
>> I'm not sure to know what the security context is. Can you give me an
>> example ? All I can say, is that the user opens a session on the server
>> 2003
>> as a domain user.
>>
>
> So the user just opens your application to run it? It isn't running as a
> service of any type? In that case, it will be running in the security
> context of the user which means the user's credentials are being used to
> access the share, which means you can't hide anything from the user.
Paul,
Yes, the user opens and runs the application, it isn't running as a service.
So, as I understand this... it seems that the folder in which the data is
located cannot be hidden from the user. I thought there was a way to let an
application access a folder but not Windows' explorer (e.g. list and access
files within that folder).
Thanks for the information. Now I must go back to the drawing board and try
to find a way to hide the data to the user. I think encryption is the next
solution.
Regards,
Stephan
|
| Similar Threads | Posted | | Windows 2003 Shared Drive Permissions | October 9, 2007, 7:14 am |
| c:\ drive permissions | June 23, 2005, 5:10 pm |
| hide administrative drive | November 1, 2005, 11:00 pm |
| Deny install on c:\ drive | December 10, 2005, 4:43 pm |
| Can't run 16 bit app from network drive in W2003 SP1 | January 30, 2006, 5:09 pm |
| Drive Access Restriction | April 20, 2006, 12:33 am |
| Drive access to particular user | December 3, 2006, 7:54 am |
| CDROM Drive access denied | October 31, 2005, 10:40 am |
| Not able to view secondary hard drive | January 11, 2006, 9:53 am |
| Secrity applications that run on USB flash drive | April 29, 2006, 11:06 am |
|
XML Sitemap