Network Security!
hello everyone i would appreciate any help in somehting that is happening in my local network that maybe is so easy but im missing something that i can't figure out;
i have for now two computer on my LAN ( im trying to put 2 more that i have but my mom will take me out of the house with my computers if i do so ), in the workgroup appear two computers, i can access perfectly to the computer B from A and see almost everything i want, of course i set permissions for this so its ok, i only let enabled the accounts i need for the user and me as administrator only, and when i want from computer B get into computer A from the workgroup where i see the computer connected it says that is not available that i dont have any permissions, granted permissions to go in, and i can't get in, there is no resource to put a username and password or something like that, i am trying to get access to both computers from one to another and viceversa using logged administrators accounts so there should be no restritions about control, so where am i missing the poit here, i tryed to deny access from A to B but it looks like i can go anytime, there should be an account or any kind of user that is logging in the pc and has restricted access right? and each user should be "everyone" but i can't figure out permissions for this.
i hope im enought clear on what is happening, im not having problems with this for now but i want to know what is happening and also how can i allow and deny access to computers in a workgroup where i have for example 20 and 15 of them require password and the 5 left dont.
thank you for your help!
however i can access to the shared folders that i have on computer B and computer B can access shared folders in computer A so there is no problem on this point, i can also use the printer that i have on computer B that is a network printer and works perfectly.
i have for now two computer on my LAN ( im trying to put 2 more that i have but my mom will take me out of the house with my computers if i do so ), in the workgroup appear two computers, i can access perfectly to the computer B from A and see almost everything i want, of course i set permissions for this so its ok, i only let enabled the accounts i need for the user and me as administrator only, and when i want from computer B get into computer A from the workgroup where i see the computer connected it says that is not available that i dont have any permissions, granted permissions to go in, and i can't get in, there is no resource to put a username and password or something like that, i am trying to get access to both computers from one to another and viceversa using logged administrators accounts so there should be no restritions about control, so where am i missing the poit here, i tryed to deny access from A to B but it looks like i can go anytime, there should be an account or any kind of user that is logging in the pc and has restricted access right? and each user should be "everyone" but i can't figure out permissions for this.
i hope im enought clear on what is happening, im not having problems with this for now but i want to know what is happening and also how can i allow and deny access to computers in a workgroup where i have for example 20 and 15 of them require password and the 5 left dont.
thank you for your help!
however i can access to the shared folders that i have on computer B and computer B can access shared folders in computer A so there is no problem on this point, i can also use the printer that i have on computer B that is a network printer and works perfectly.
Formule One Racing Addict...
Comments
-
Ten9t6 Member Posts: 691Ramsek
I believe I understand what you are trying to do.....If you are logging into each XP pro computer with the username Administrator and the same password on each machine....and they are part of the same work group than you should be able to access everything that is shared...That is why you are seeing the shared folders on each machine. If you have not changed the default share names of the C drive then you can map a drive to the hidden share.. \\computername\C$ .. this will allow you to see everything on the C drive of the other pc.
As far as security in a workgroup... All usernames and passwords are authenticated locally...so if you want to make sure that other pcs can not access them (By a typical user) then make sure that the usernames and passwords that are on that pc are not on the other pcs....Or..if you are using XP pro on all computers, you can go to the properties of the network card and check mark the box that says hide computer from network.
Hope this helps.....Let me know if I misunderstood what you were asking..Kenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
RamsesK Member Posts: 86 ■■□□□□□□□□Ten9t6 wrote:Ramsek
I believe I understand what you are trying to do.....If you are logging into each XP pro computer with the username Administrator and the same password on each machine....and they are part of the same work group than you should be able to access everything that is shared...That is why you are seeing the shared folders on each machine. If you have not changed the default share names of the C drive then you can map a drive to the hidden share.. \\computername\C$ .. this will allow you to see everything on the C drive of the other pc.
As far as security in a workgroup... All usernames and passwords are authenticated locally...so if you want to make sure that other pcs can not access them (By a typical user) then make sure that the usernames and passwords that are on that pc are not on the other pcs....Or..if you are using XP pro on all computers, you can go to the properties of the network card and check mark the box that says hide computer from network.
Hope this helps.....Let me know if I misunderstood what you were asking..
understood sir, about going in to the network card properties and check mark the box that says hide my computer from network i couldn't find each check box in the network card properties and i also searched in another places relating to the network and i couldn't see that box these computers are both Win XP Pro.
however we are getting the medal, after play and play with permissions and shares on computer B i finally make the computer B secure, now from any computer in the network it requests a user account with password even for a shared folder wich i can see but i cannot access without login in that computer and! it looks like i have to have the same account in that computer in wich im logged on in the source computer, it says that Multiple connections to a server or a shared resource by the same user, using more then one user name, is not allowed, looks like i have to disconnect all previous resources to the server or shared resource and then try again. lets get clear something at this point, these are clients systems and not server/client computer so here it is why windows XP pro only allow one simultaneous connection, the computers in conflict have both Windows XP professional and in the collegue where i study doing this same thing to a server computer we can join there normal so it allows more accounts to join in a single OS (the target)(please let me know if i am wrong on this but theorically is like that).
so the legend continues...Formule One Racing Addict... -
RamsesK Member Posts: 86 ■■□□□□□□□□something else, whay kind of logon proccess occur when you access to a resource on a network in a win xp pro machine? it should be local but it belongs to the veryone group or what else? how the target machine validates the user attemting to the local folder of each computer?
thanks everyoneFormule One Racing Addict... -
RamsesK Member Posts: 86 ■■□□□□□□□□i just checked my study book for win xp pro (MCSE Guide to Microsoft Windows XP Professional, Course Technology Thomson Learning. wich i tought is a good one) and it does not have a clear explanation of this problem but i rescued some points:
windows XP is designed to check access permissions for every request before granting access to resources.and it is mandatory, about this; does the system creates an access token for the user that is trying to access each resource, shared folder or whatever, does it asociate the account type with any SID for each user?
when implementing security in a Point to Point network each computer of the network need to have the same accounts for every user for authentication purposes so the target and the source computer can compare SIDs and ACLs;
please let me know if im wrong or if im not clear on what i am trying to understand about networking security and permissions to usersFormule One Racing Addict...