>I have a small workgroup network at home.  My primary system is the
>repository for my wife and son's information (photos, music, etc.).
>
>I am very concerned about outside influences (i.e. internet traffic) that
>may have access to the data.
>
>Right now, access rights are setup for "everyone" for those folders that
>they have access to.  However, since I preach security to my family, their
>systems are all secured via profiles and passwords.  It seems to me that
>having a shared folder setup for "everyone" is a breach of such security.
>
>The real question(s):
>1) Do I have anything to worry about from the outside world?
>2) If so, is there a way to define a user profile on my home system, without
>granting general access to the other profiles or having them show up on the
>"Welcome" screen (or even being able to signin locally)? - I don't care if
>they have access, its just that they have their own systems and prefer not to
>mess with mine - so if I have to define them and they show up, that's ok,
>just a inconvenience for me since I have to make sure I'm accessing the right
>profile every time I get on anyway.
>
>Thanks for your help.

"Chuck" wrote:

> On Wed, 27 Dec 2006 09:00:02 -0800, Jim <J**@discussions.microsoft.com> wrote:
>
> >I have a small workgroup network at home.  My primary system is the
> >repository for my wife and son's information (photos, music, etc.).
> >
> >I am very concerned about outside influences (i.e. internet traffic) that
> >may have access to the data.
> >
> >Right now, access rights are setup for "everyone" for those folders that
> >they have access to.  However, since I preach security to my family, their
> >systems are all secured via profiles and passwords.  It seems to me that
> >having a shared folder setup for "everyone" is a breach of such security.
> >
> >The real question(s):
> >1) Do I have anything to worry about from the outside world?
> >2) If so, is there a way to define a user profile on my home system, without
> >granting general access to the other profiles or having them show up on the
> >"Welcome" screen (or even being able to signin locally)? - I don't care if
> >they have access, its just that they have their own systems and prefer not to
> >mess with mine - so if I have to define them and they show up, that's ok,
> >just a inconvenience for me since I have to make sure I'm accessing the right
> >profile every time I get on anyway.
> >
> >Thanks for your help.
>
> Jim,
>
> If your network is behind a NAT router, then your file sharing is more or less
> safe right now.  There are no known exploits that will breach a NAT router, bar
> a malware infection opening a door from the inside.
>
> Practice layered security on all computers, and you should be OK there.
> <http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
> http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html
>
> Is your entire LAN Ethernet based, or does it have any WiFi?  If completely
> Ethernet, then you can simply trust the network to the extent that each of you
> can trust the other.
>
> User Profiles are where personal data is stored.  This is accessible to the
> account owner (and maybe to administrators, if applicable).
>
> A designated folder for sharing to "Everyone" isn't a breach of security, it's
> common sense.  You have a folder for Everyone, and other folders for yourself.
> Having this separation encourages you to keep your private data private.
>
> You can setup userids on your computer, to grant access to specific people thru
> the network, without allowing them desktop access (local login).  Network access
> and local access can be two separate privileges.  If you're going to have a lot
> of different people sharing specific data on your computer, though, you'd be
> better off in the long run setting up a domain.
> <http://nitecruzr.blogspot.com/2006/01/proper-network-design.html#Domain>
> http://nitecruzr.blogspot.com/2006/01/proper-network-design.html#Domain
>
> --
> Cheers,
> Chuck, MS-MVP [Windows - Networking]
> http://nitecruzr.blogspot.com/
> Paranoia is not a problem, when it's a normal response from experience.
> My        email         is          AT         DOT
>    actual       address    pchuck       mvps        org.
>

>"Chuck" wrote:
>
>> On Wed, 27 Dec 2006 09:00:02 -0800, Jim <J**@discussions.microsoft.com> wrote:
>>
>> >I have a small workgroup network at home.  My primary system is the
>> >repository for my wife and son's information (photos, music, etc.).
>> >
>> >I am very concerned about outside influences (i.e. internet traffic) that
>> >may have access to the data.
>> >
>> >Right now, access rights are setup for "everyone" for those folders that
>> >they have access to.  However, since I preach security to my family, their
>> >systems are all secured via profiles and passwords.  It seems to me that
>> >having a shared folder setup for "everyone" is a breach of such security.
>> >
>> >The real question(s):
>> >1) Do I have anything to worry about from the outside world?
>> >2) If so, is there a way to define a user profile on my home system, without
>> >granting general access to the other profiles or having them show up on the
>> >"Welcome" screen (or even being able to signin locally)? - I don't care if
>> >they have access, its just that they have their own systems and prefer not to
>> >mess with mine - so if I have to define them and they show up, that's ok,
>> >just a inconvenience for me since I have to make sure I'm accessing the right
>> >profile every time I get on anyway.
>> >
>> >Thanks for your help.
>>
>> Jim,
>>
>> If your network is behind a NAT router, then your file sharing is more or less
>> safe right now.  There are no known exploits that will breach a NAT router, bar
>> a malware infection opening a door from the inside.
>>
>> Practice layered security on all computers, and you should be OK there.
>> <http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
>> http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html
>>
>> Is your entire LAN Ethernet based, or does it have any WiFi?  If completely
>> Ethernet, then you can simply trust the network to the extent that each of you
>> can trust the other.
>>
>> User Profiles are where personal data is stored.  This is accessible to the
>> account owner (and maybe to administrators, if applicable).
>>
>> A designated folder for sharing to "Everyone" isn't a breach of security, it's
>> common sense.  You have a folder for Everyone, and other folders for yourself.
>> Having this separation encourages you to keep your private data private.
>>
>> You can setup userids on your computer, to grant access to specific people thru
>> the network, without allowing them desktop access (local login).  Network access
>> and local access can be two separate privileges.  If you're going to have a lot
>> of different people sharing specific data on your computer, though, you'd be
>> better off in the long run setting up a domain.
>> <http://nitecruzr.blogspot.com/2006/01/proper-network-design.html#Domain>
>> http://nitecruzr.blogspot.com/2006/01/proper-network-design.html#Domain

>Thank you sir.  This is great news to me, and very helpful.  You have
>answered my questions, and I'll go forward from here.
>
>Again, thank you for your time Sir.