#45041 - 2003-09-10 02:30 PM
Hiding folders and files using kixtart
|
Raj Mann
Fresh Scripter
Registered: 2003-07-02
Posts: 7
Loc: Birmingham
|
Hi,
I am trying to hide the files and folders in the local c: drive on my workstations (mixture of 2000 and 98). I have already hidden the c: drive icon but using explorer, users can still get access to the c: drive if they type 'c:\' in the address bar.
Does anyone know of a way i can do this using kixtart?
Thanks in advance Raj
|
Top
|
|
|
|
#45043 - 2003-09-10 03:00 PM
Re: Hiding folders and files using kixtart
|
Jochen
KiX Supporter
Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
|
|
Top
|
|
|
|
#45044 - 2003-09-10 03:03 PM
Re: Hiding folders and files using kixtart
|
Stephen Wintle
Seasoned Scripter
Registered: 2001-04-10
Posts: 444
Loc: England
|
Couldnt you use the attrib dos command to hide files, I know RM does this some way using their file protector program, this runs after log on to get around the problem of the registry restrictions, what about disabling the ability to delete the files should this be enough?
Steve
_________________________
Dont worry because a rival imitates you. As long as they follow in your tracks they cant pass you!
|
Top
|
|
|
|
#45045 - 2003-09-10 03:26 PM
Re: Hiding folders and files using kixtart
|
Stephen Wintle
Seasoned Scripter
Registered: 2001-04-10
Posts: 444
Loc: England
|
Also according to the following link, you can stop users from accessing the hidden drives... Microsoft by using Access Control List (ACL) on an NTFS partition.
Steve [ 10. September 2003, 15:29: Message edited by: Stephen Wintle ]
_________________________
Dont worry because a rival imitates you. As long as they follow in your tracks they cant pass you!
|
Top
|
|
|
|
#45050 - 2003-09-10 05:08 PM
Re: Hiding folders and files using kixtart
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
Ah, I thought you might have had some sneaky exploit.
If you don't have permissions to change NTFS permissions (a bit circular I know), then no, you cannot remove it.
Win9x as you say don't have NTFS, and local drives cannot be secured in any way without a third party replacement for the file system.
Lord save us from users who are savvy enough to do a second install of W2K and fake admin UIDs to access a slaved partition
|
Top
|
|
|
|
#45052 - 2003-09-11 09:52 AM
Re: Hiding folders and files using kixtart
|
Raj Mann
Fresh Scripter
Registered: 2003-07-02
Posts: 7
Loc: Birmingham
|
Thanks for your help so far, i work at a school and kids can gain access to the c: drive via 2 ways. They can type 'c:\' within the address bar of explorer and can type 'c:\' in the open window of various ms applications.
If kids can gain access to the c: drive they will delete files and folders. Therefore i was looking at a way how to either hide the contents of c:\ drive or somehow prevent kids from deleting these files and folders.
|
Top
|
|
|
|
#45054 - 2003-09-11 11:09 AM
Re: Hiding folders and files using kixtart
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
If the machines are Win9x, forget it - there is no security.
If the machines are running an OS with NTFS partitions you can lock down the permissions to that a) They cannot delete / change files and folders. b) They cannot browse the contents of folders. c) They cannot change the permissions to allow them to do "a" or "b".
The process is simple, but long winded: 1) Disable file and folder browsing/deleting/changing to all but administrative staff. 2) Re-enable it on obvious directories - temp, document folders, indvidual system files that need write access etc. 3) Make sure all your applications work, change permissions as you find files / directories which need change/delete/browse access.
Once you have a process which works, script it so you can apply it to all your machines and any new ones that come along.
The simple quick fix if you are running Win2000 or XP is to go to the C: drive properties and set "deny" on "list folder contents" for the group which comprises your students. Replicate the setting down the directory tree, and ensure that the student group does not have permissions to change the setting.
They will now get "access denied" if they attempt to use a GUI browser, and no results if they try to user DOS dir or similar.
|
Top
|
|
|
|
#45058 - 2003-09-11 05:38 PM
Re: Hiding folders and files using kixtart
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
quote: Richard is over stating the case against Win9x
How do you do set local file system permissions with Win9x?
AFAIK they use the FAT file system and don't have the facility. When I said there is no security I meant it literally.
You can toughen up the initial access security by removing or disabling the diskette drive and CD-ROM drive so they cannot boot from these, and you can change the logon security so they must boot off the network.
However, once they have logged on there is no local file security. If you have Win9x machines you need to accept that you will have to audit them regularly and be prepared to rebuild quickly.
|
Top
|
|
|
|
#45059 - 2003-09-11 08:01 PM
Re: Hiding folders and files using kixtart
|
Jack Lothian
MM club member
Registered: 1999-10-22
Posts: 1169
Loc: Ottawa,Ontario, Canada
|
Richard – a minor rant,
In a school environment you can remove all tools that allow a student to have access to files in protected folders. The best way is to purchase 3rd party security software but you can achieve the same results through the Restrictrun policy plus a removal of problem programs plus disabling of hot keys, plus various system policies, etc. It does work, I have seen it work.
Many schools, libraries & universities (thousands or even 10 of thousands of institutions) have done successfully large scale implementations of Win9x clients & these systems stayed stable & protected for long periods of time. Even today, many such Win9x labs still exist, 8 years after Win9x was released. These environments have undergone an intensive invasive use on a daily basis for close to a decade. The equivalent in a business environment does not exist. Imagine if a significant number of workers made it their primary goal each day to disable the computer on their desk. In the business world the philosophy is the user controls, protects & influences their machine/system to some extent. Whereas in a school, we know that a significant number of users are hostile to the computers. As a consequence, in a school things are done & should be done that would never fly in the business world.
Another perspective, Novell 3/4 had many security features that were ideal for school IT managers. When MS brought out the proprietary ACL/SID security environment with NT, it was a serious backward step for many schools. Things that were easy in Novell were impossible in this new environment. It took years for IT managers in schools to achieve with NT the same level of security achieved with Novell.
Defining “real security” as an ACL/SID environment implies that one must always use MS post-NT clients & servers. Not only can Win9x never be secure but Linux & any other non MS clients or server can never be secure either. In this limited world the only way to be secure is to have an ACL/SID system which is a proprietary MS system which in turn means you can only be secure with MS software. Thus security is something that can only be provided by MS.
Finally, Win2000 in not a panacea for security concerns. Students do things that MS never contemplated & they can be very sophisticated in their attacks. Protecting a Win2000 system in a school is an ongoing battle that you can never fully win. One of my favorite stories is of an elementary school where the IT teacher thought they had an iron tight desktop. Students couldn’t delete files or icons or edit them yet one day the teacher found that icons were disappearing from the desktops. He couldn’t figure out how students were doing it. It turned out the students had discovered that they could hide the icons behind the Start button on the tool bar. This wasn’t easy to do since they first had to move the tool bar than place the icon were the tool bar use to be & then move the tool bar back. These were 11 year olds! [ 11. September 2003, 20:30: Message edited by: Jack Lothian ]
_________________________
Jack
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 898 anonymous users online.
|
|
|