|06 Mar 2014||#1|
| || |
Windows 7 Sharing - Security vs Usability
I have a server running Windows 7 and wish to share out files to various users on my home network.
There is a mix of Windows 7 and OSX machines.
I have created local userid's on the server, and allocated the appropriate shares to the appropriate users. For ease of use I create local userid's with the same details as the user is using on their computer (ie: username and password).
This works ok, however, this means that my server security is now compromised in that the local userid's could be used for local access (or RDP access) to the server...also I prefer not to see the extra userid's on the windows login page.
I have considered using different passwords for the users on the server and me inputting the password when the share is first set up on the client machine and will do so if needs be, however, I was wondering if there is another solution that I may be missing. Tried setting the userid's to disabled, but that seemed to cause some issues with OSX clients.
|My System Specs|
|07 Mar 2014||#2|
| || |
Welcome to the Seven Forums.
> I have created local userid's on the server...
If those users are standard accounts (not admins), then they should not be able to use RDC/RDP to remote into the server unless you specifically tell the server to allow such. Let's user a user account named user1 as an example:
user1 can be a standard account on the server
user1 can be an admin account on the client
user1 cannot normally* use Remote Desktop Connections to RDP into the server.
By default, only admin accounts can do that.
*Give it a test and let us know what you see :-)
> also I prefer not to see the extra userid's on the windows login page
You can hide them by modifying the registry.
But first, manually create a restore point: System Restore Point - Create
Then, create and merge a reg file using this content:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] "user1"=dword:00000000 "user2"=dword:00000000
Repeat for each account name of interest.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="0" [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
If AutoAdminLogon stays at "1", then a logon error may occur each time that the computer is restarted.
|My System Specs|
|Similar help and support threads for2: Windows 7 Sharing - Security vs Usability|
|Windows 7 Sharing Security Tab||Network & Sharing|
|Boots fast but networking seems to lock up usability for a few minutes||Network & Sharing|
|w7 firewall enhance usability||System Security|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 02:04 AM.