Complex Security

TheMSsForum.com: The Microsoft Software Forum

Hi,

I have a client that just install a accounting software, and
everybody in the company have to use it but the manager wants to block
access to the datafiles that are .DBF and could be open with excel
which is largely used in the office, so i managed to block access to
the data folders and I created a special user to access the software
and give it the rights to the folders, I also created an invisible
share to map a drive because the software needs a mapped drive to
work. Some people have windows 2000 and everybody else have XP pro, I
started testing with 2000 and with the option "run as a different
user" in the icon of the shortcut it works, it asks for the username,
password and domain of the different user, but today when I started
testing with Windows XP, I got the error message "The system cannot
find the path specified" I found out that with windows XP as opposed
to windows 2000 uses the current session credential to connect to the
map drive, is ther a way to avoid that?

Thanks

Fugitif
Top

Re: Complex Security by jwgoerlich

jwgoerlich
Sun Feb 25 04:34:33 CST 2007

I wonder, what if you were to put the drive mappings and such into a
batch and call that batch using the Runas command?

On Feb 23, 3:00 pm, "Fugitif" <fugitif...@gmail.com> wrote:
> Hi,
>
> I have a client that just install a accounting software, and
> everybody in the company have to use it but the manager wants to block
> access to the datafiles that are .DBF and could be open with excel
> which is largely used in the office, so i managed to block access to
> the data folders and I created a special user to access the software
> and give it the rights to the folders, I also created an invisible
> share to map a drive because the software needs a mapped drive to
> work. Some people have windows 2000 and everybody else have XP pro, I
> started testing with 2000 and with the option "run as a different
> user" in the icon of the shortcut it works, it asks for the username,
> password and domain of the different user, but today when I started
> testing with Windows XP, I got the error message "The system cannot
> find the path specified" I found out that with windows XP as opposed
> to windows 2000 uses the current session credential to connect to the
> map drive, is ther a way to avoid that?
>
> Thanks
>
> Fugitif


Top

RE: Complex Security by Ian

Ian
Mon Feb 26 15:09:08 CST 2007

The issue you will hit here is that changing user wirth RunAs removes drive
mappings. Therefore you'd have to make the special user re-authenticate to
the server with new credentials. That will also consume an additional licence
on the server, since you then have two connections under different users.

A lo-tech alternative might be to create the share as sharename$ so it will
not appear in Network Places. Then, refer to the files by a direct UNC path
so no driveletter is needed. Not so secure but enough to stop the average bod
playing-around.




Top