Multiple User Security

Printable View

May 21st, 2007, 11:59 AM
nihil

Multiple User Security

Hi, following on from this thread: http://antionline.com/showthread.php?t=275346

I thought it might be interesting to share thoughts and methods of implementing secure multiple user access?

I am not talking about the standard network stuff here; rather I am looking at situations where the same hardware assets have to be shared by a number of people.

To restrict the discussion to current situations I would suggest that we basically look at Win2000, XP and Vista................. or other OSes that are contemporary with them :)

What I am asking, is that where you have to share workstations, how do you do it? and why did you chose that particular method?
May 21st, 2007, 11:33 PM
AOBaba

Novell Client

Hey Nihil,

Some of the tips you mentioned I had already implemented. After my cousin hacked my laptop I went on a crusade to find out everything about it. All efforts were futile. Instead I started taking other measures to beef up the security. I ran across Novell Client. Do you think this may help me?
May 22nd, 2007, 05:17 PM
delstar

At the place where I work, we just use AD w/ roaming profiles to handle it. We also map their My Documents folder to a remote server, and pass the info through policy.
May 22nd, 2007, 05:58 PM
morganlefay

delstar\AOBaba

you are both talking about network security......

AOBaba.......you will need a novell server to run a novell client ;)

I think what Nihil is looking for is more how do you secure your XP home machine when you have 4 kids and a spouse that use the same machine???

NTFS and Limited accounts, auto lock on when account becomes idle

Everyone has thier own "my docs\pics\music" area...which are inaccessible to the other accounts...unless you are all powerful admin ...which happens to be me :)

Admin account is only used for admin duties...I have a regular account....just like everone else.

Thats what I do

MLF
May 22nd, 2007, 07:48 PM
nihil

There are third party solutions such as this one, but I have no idea how good they are:confused:

http://www.fspro.net/lock-pc/
May 22nd, 2007, 08:16 PM
oofki

Delstar is right on. Most places use AD with roaming profiles and for added security they have a secure server that has mapped drives for each user. It is pretty secure and quite convenient.

MLF I think you have a perfect setup for a home setup.

Nihil Im not sure how well how those things but what is the purpose for a program like that. I would rather logoff each time then use a program like that. As far as I know those types of programs are easy to get around because they are usually just a start up entry/ a service that runs in the background.

What I highly recommend for computers that have multiple users on them is DeepFreeze. (http://www.faronics.com) Any changes made to the system are reverted on reboot. You can make exceptions so each person could maintain their own personal folders but any thing that could be harmed outside of those folders is always restored on reboot.
May 22nd, 2007, 09:58 PM
nihil

I guess I can see a situation where multiple people are using the same thick client applications? Kind of like salespersons in stores or bartenders?

There you want to preserve an audit trail to the individual. I have normally seen this done with a physical key or token, though.

This sort of system for example will lock the user session when they remove their smartcard/token

http://www.ecommnet.co.uk/products/s...rdadvanced.asp
May 23rd, 2007, 03:21 PM
oofki

That would be cool if you had a smartcard. I have never actually seen a system with that setup on it but it would be convenient.