|
I am asking this because the new TeslaCrypt and general encryption viruses are getting more prevalent. I really don't trust antivirus programs to prevent this stuff. What I really want to do is access a Windows SMB file share but only be able to have Write access when/if I put in a special username/password. The problem is Windows doesn't seem to offer this functionality. I am always logged in as the account my local login uses. I can't really switch . Is there a way to do this?
|
# ? Mar 19, 2016 17:05 |
|
|
# ? May 15, 2024 04:00 |
|
Do you have the same local user/pass on both client and server? If so, change one of them.
|
# ? Mar 19, 2016 18:28 |
|
Swarthy_Foreskin posted:Do you have the same local user/pass on both client and server? If so, change one of them. Well, yes. But see, I want the default to be read only everything. Then write access if you attempt to write something by bringing up a login prompt. I can easily change the password but I wanted this to be a on-write type of situation. I don't think Windows can do this?
|
# ? Mar 19, 2016 18:43 |
|
I don't think you can do it natively. If you remove write permissions (or add deny write permissions) Windows will just give you "access denied". You could write a script that unmaps/disconnects the share and prompts you for a password to login with a more privileged account, then unmaps the drive after a set ammount of time (say 3 minutes) and remaps it as the logged on user.
|
# ? May 16, 2016 15:25 |
|
Make a read-only share and a second one with write permissions. Give the writeable share a local account so that your client computer can't just access it with the credentials you are logged in with.
|
# ? May 16, 2016 21:04 |
|
adocious posted:Make a read-only share and a second one with write permissions. Give the writeable share a local account so that your client computer can't just access it with the credentials you are logged in with. Interesting idea actually. I'll give it a try and see how it works out.
|
# ? May 17, 2016 23:55 |
|
Why aren't you using volume shadow copy on a distinct drive?
|
# ? May 18, 2016 07:01 |
|
VSS often won't save from from crypto/ransom viruses. First, if they get credentials/admin rights they can just blast it all so at minimum the backup system should have alt credentials if it doesn't have a cold offline copy. Also, the default behavior with VSS is to dump old snapshots when the vol is low on space. If your vol more than half-full what it will do is start generating encrypted hidden copies alongside your unencrypted data and keep going until the volume is full which forces all your previous snapshots out. Once its done encrypting, delete the original copies and now there's no easy recovery path without going to backup. You can change the VSS policy to enforce a hard retention policy based on capture intervals but it isn't not the default behavior and something that I have seen first hand bite a important office when they decided VSS == backup.
|
# ? May 18, 2016 13:26 |
|
BangersInMyKnickers posted:VSS often won't save from from crypto/ransom viruses. First, if they get credentials/admin rights they can just blast it all so at minimum the backup system should have alt credentials if it doesn't have a cold offline copy. Also, the default behavior with VSS is to dump old snapshots when the vol is low on space. If your vol more than half-full what it will do is start generating encrypted hidden copies alongside your unencrypted data and keep going until the volume is full which forces all your previous snapshots out. Once its done encrypting, delete the original copies and now there's no easy recovery path without going to backup. You can change the VSS policy to enforce a hard retention policy based on capture intervals but it isn't not the default behavior and something that I have seen first hand bite a important office when they decided VSS == backup. Any ideas on a solution? You are totally right on those points. For the moment I threw together a separate computer with a 8TB drive which gets turned on once a week for backups and back off. Kind of brute force fix.
|
# ? May 19, 2016 23:49 |
|
|
# ? May 15, 2024 04:00 |
|
If you already have the hardware, I'd say install Crashplan and set it as a backup destination and make sure you use a different set of credentials to access it. That will give you versioning along with compression/dedupe on the backup set. There's always a chance something could get in to the backup software and issue a command to purge the backups so it might be smart to set VSS policy on the backup volume on the backup box to retain a few old copies in case the worst happens.
|
# ? May 20, 2016 05:00 |