Question : Secure XP WorkGroup NOT so Secure! Little Help Please.

Hi Gang: Sorry for the long post.

The XP workgroup I recently put together for my friend has a hole in it.

After the great and all powerful 'Relder' pushed me in the right direction I got the trouble network running perfectly or so I thought.

The problem now is security. He wanted a work group that would simply stop his mischievous employees from having the power to delete files over the network, but still have the power completely manipulate the files across the network. He also did not want the girls to be able to create user account, or do anything in the device manager.

So, I thought it would be easy. Heres what I did in the 'Security Tabs' of the folders that needed to be shared, after removing 'Simple file Sharing' and Setting 'Permissions' on the Sharing tab to full:

1) On the C:\ Drive of each workstation (Which I did not share)I first manipulated the security Tab(Under 'groups or user name') by creating/leaving the following groups: Administrators, System, Creator Owner, Power User (which I created with an extra permission (Write). I removed the rest. (He does not want any other form of user.)

2) Next I went to the 'Advanced section', hi-lighted Power Users and ticked the "Replace permission entries on all child objects..." and clicked apply. (I watched as all the files underneath were reset.)

3) Next I made identical 'User' accounts on all three workstations (including identical passwords) and made them all 'Power Users'.

4) I finally set the proper shares on each workstation.

The Problem:

Everything seemed to work perfect until my buddy showed me today how he could get into and 'Delete' all Ginas files! He simply logged onto his or any workstation and log on as 'Gina'. He then navigated his way over the network, enter her folder and delete away!!! Only her folder was vulnerable. All other file on that computer were safe from his prodding.

All I could say was that the girls can NOT give away their passwords???

I sure must have screwed up somewhere.

Please, what did I do wrong??? I've got the perfect restriction level for the employees (Read & Execute, List Folder Contents, Read, Write) but I guess I don't know how to properly impose it.

Also, are the 'System' and 'Creator Owner' groups absolutely necessary or should they be deleted out of the C:\ Group or user names list???

Thanks and sorry Rob to be such a pain!!!!!
I really tried hard to solve this on my own. I've got two great books ("Mastering Windows XP Pro 2nd ed & Windows XP Networking Inside Out") but both could not seem to answer my questions.

Answer : Secure XP WorkGroup NOT so Secure! Little Help Please.

Your security hole will be filled by educating your users about keeping their passwords private. I would advise having your users choose a new password, maybe something fairly complex (i.e. 8 or more characters, combination of numbers and letters, etc.) and teach them not to share it with each other. I'm assuming you want your users to be able to add/change/delete the files they create.

On the configuration end it looks like everything is pretty tight. The System and Creator/Owner users are built-in accounts and cannot be deleted (and are quite necessary for Windows to even function).

Getting users to understand why security is needed is sometimes very hard. I wish you luck.

Random Solutions

Ntbackup System State

What is the best whole hard drive encryption program to use at the best price?

Changed Internet Providers - Server won't use new provider to access VPN connection

Send Internal Exchange Mail Through Relay

DNS GOING TO OUTSIDE SERVER INSTEAD OF LAN SERVER

SPF policy not working

Traffic problems on Cisco edge router with BGP and CBAC.

Configureing router on a stick Cisco 1841 router + 2960x2

WIndows XP slow to open files

How to properly configure DNS settings for multiple website(23 clients) hosting on a windows server 2008?