Contact Academy Computer Services.
Company |  Products |  Support |  Ordering |  Contact Us
  

CD Tower and Virtual CD Tower
Virtual CD/DVD Server
NAS
Networking
Legal Research Programs
Glossary
Downloads
Search

 

 

 

Email Us
Tel.: 800-385-6442
Fax: 781-279-4262

©2001 Academy Computer Services, Inc.
All rights reserved.
Terms & Conditions
 

Networking

Windows 95/98/ME
Windows 9x computers have minimal security settings. The user doesn't normally need to provide a username or password to turn the computer on and reach the desktop.

User Profiles
Even though anyone can access the desktop, Windows 98 and ME do allow multiple user configurations. This permits different users to establish unique desktop settings. Mom can set up the dektop to use pink color scheme. Grandpa can use large icons. But these User accounts do not restrict access to files, folders, or programs. The only things you can alter in a User Profile are: the Start Menu, the Favorites folder, and the My Documents folder.

To configure a profile

  1. Click on Start.
  2. Select the Settings option.
  3. Select the Control Panel option.
  4. Double-click on Users.
  5. Enter the User Name when prompted.
  6. Enter the password for this profile.
  7. Place a check beside each feature you want to be able to modify for this profile.
  8. Click on Next
  9. Click on Finish when done. The computer will reboot. You will be prompted to enter the profile User Name and Password when Windows restarts.

Security
By definition, each peer has equal rights to a share. Peer access to a share can be limited to two levels: Read-Only or Full. A password can be used to restrict access.

Read-Only allows all users to see and open files.
Full allows all users to see, open, modify, rename, or delete files and to run programs.
Depends on Password allows a password to determine the level of access.

To set the share security.

  1. Open My Computer or the Windows Explorer.
  2. Highlight the device (hard drive, CD-ROM drive, printer) or file/folder that is to be shared.
  3. Click once on the right mouse button. A small pop-up menu will open.
  4. Select the "Sharing" option.
  5. If the item is not currently shared, do so by clicking on the "Shared as:" radio button. The sharing options will become available for editing.
  6. The "Access type" controls the security level.
  7. Click on the OK button when done.

Windows NT Workstation
Windows NT Workstation has more security features than 95/98/ME.

NT Workstation requires a username/password to get into the system; even if the computer is not part of a network.

Up to ten (10) User or Group Accounts can logon on an NT Workstation. Access Rights are assigned to shares through these accounts.

NTFS -- The NT File System that provides greater levels of security.

User Accounts
The Administrative Tools/User Manager program allows for the creation of Users or Groups that can logon to the NT machine. Group accounts are used to streamline access control for several Users. Limits placed on a Group account will encapsulate all Users in that Group. Password policies for these accounts can also be created with the program.

Create a New User

  1. Logon to the machine using the Administrator account.
  2. Click on Start.
  3. Select the Programs option.
  4. Select the Administrative Tools option.
  5. Select the User Manager option.
  6. Click on the User menu.
  7. Select the New User option.
  8. Enter the account name in the Username field.
    1. Enter information in the Full Name and Description fields if you wish. They are not required.
  9. Enter the account password.
    1. Place check in the lower boxes as desired. For example, to create a permanent and unchangable password for the account place check in only the "User cannot change password" and "Password never expires" boxes.
    2. If you choose to allow the password to expire you must set the age (when it expires) by highlighting the account in the main window, selecting the Policies menu, and the Account option. The password age is set in this window.
  10. Click on OK.

Create a Group

  1. Start the User Manager.
  2. Select the User menu.
  3. Select the New Local Group option.
  4. Enter the accoutn name inthe Group Name field.
  5. Click on the Add button.
  6. Double-click on every User account your wish to add to this group.
  7. Click on OK.

Rename an Account
By default there are two User Accounts: Administrator and Guest. Initially both accounts have Full control rights to the PC system. The system has very low security, initially. It is a good idea to rename the Administrator account.

  1. Start the User Manager.
  2. Highlight the desired account.
  3. Click on the User menu.
  4. Select the Rename option.
  5. Enter the new name in the field.
  6. Click on OK.

Disable an Account
Because the Guest account exists in every WindowsNT computer, it is a good idea to disable the account to prevent unauthorized usage.

  1. Start the User Manager.
  2. Double-click on the desired account.
  3. Place a check in the Account Disabled box.
  4. Click on OK.

NTFS
WindowsNT can use two different file systems: FAT and NTFS. FAT is the system used by Windows 9x/ME. While FAT permits Read-Only and Full access, the NT File System permits Read (R), Write (W), Execute (X), Delete (D), Change Permissions (P), and Take Ownership (O) controls.

To determine if your hard drive is using NTFS, open My Computer and right-click on the drive and select the Properties option. The window will display the file system type. If you are using FAT and want to convert to NTFS follow these steps. Caveat Emptor. You can only move from FAT to NTFS, not the reverse. So be sure that this is something you want to permanently change.

  1. Logon to the machine using the Administrator account.
  2. Click on Start.
  3. Select the Programs option.
  4. Select the MS-DOS Prompt option.
  5. Type CONVERT C: /FS:NTFS at the DOS prompt.
  6. Close the DOS window.
  7. Restart the computer.

Security
The R W X D P O permissions of NTFS are combined to create the standard permissions: No Access, List, Read, Add, Add & Read, Change, and Full Control. Or they may be uniquely combined in the Special Directory Access and Special File Access permissions. These differing levels of security can be applied to any account that logs on to the WindowsNT machine: local or networked.

Standard Permission Special Permission What it does.
Read RX When applied to a file the user can read the contents of the file or run the program. When applied to a folder or share the user can read the contents of the folder and run programs in the folder.
Change RWXD When applied to a file the user can read, modify, and delete the file. Then user can run or delete a program. When applied to a folder or share the user can read and modify files, add files or run programs in the folder.
Full Control RWXDPO When applied to a file the user can read, modify, and delete the file. The user can run or delete a program. In addition, the user can also change other user's rights to the file and take ownership of the file. When applied to a folder or share the user can do any of these action to any file or subdirectory within the folder and to the folder itself.
List RX This applies to folder or share only. The user can list the files inthe folder and navigate into subdirectoies of the folder, but cannot do anything to the files. When applied to a folder the X right allows the user to open the directory, but not to run programs in the directory.
Add WX This applies to the folder or share only. The user can add files to the folder, but can't view the contents of the folder.
Add and Read RWX This applies to the folder or share only. The user can add files to the folder and view the contents of the folder and the files within it.
No Access   The user is denied all assess to the file, folder ot share.

The Take Ownership right is rather complex. The owner of a file can change other's rights to that file. It is possible to assign both the No Access and Take Ownership rights for a file to a user. Effectively that means that a user that is denied access to a file can reassign his/her own rights to let himself/herself into the file.

Once the drives are using NTFS and multiple User accounts have been created you can assign permission rights to files, folders, programs and shares.

  1. Open the WindowsNT Explorer or My Computer.
  2. Navigate to the item to which you will apply security measures.
  3. Right-click on the item.
  4. Select the Properties option from the pop-up menu.
  5. Click on the Security tab.
  6. Click on the Permissions button.
  7. A list of Users/Groups and the current Permission settings appears.
  8. To remove an account.
    1. Highlight the account in the list.
    2. Click on the Remove button.
  9. To add an account.
    1. Click on the Add button.
    2. Click on the Show User button to display every User and Group account.
    3. Double-click on the account you wish to add.
    4. Use the drop-won list at the bottom of the page to set the permission level.
    5. Click on OK.
  10. To have these permission flow down to lower levels
    1. Place a check on the "Replace Permission on Subdirectories" box.
    2. Click on OK.