Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
redeyes
Sep 14, 2002
I LOVE THE WHITE STRIPES!

I am asking this because the new TeslaCrypt and general encryption viruses are getting more prevalent. I really don't trust antivirus programs to prevent this stuff.
What I really want to do is access a Windows SMB file share but only be able to have Write access when/if I put in a special username/password.

The problem is Windows doesn't seem to offer this functionality. I am always logged in as the account my local login uses. I can't really switch .

Is there a way to do this?

Adbot
ADBOT LOVES YOU

Swarthy_Foreskin
Apr 17, 2003

You want to put a knife in me. Look me in the eyes. See what's going on in there while you turn it.

Nap Ghost

Do you have the same local user/pass on both client and server? If so, change one of them.

redeyes
Sep 14, 2002
I LOVE THE WHITE STRIPES!

Swarthy_Foreskin posted:

Do you have the same local user/pass on both client and server? If so, change one of them.

Well, yes. But see, I want the default to be read only everything. Then write access if you attempt to write something by bringing up a login prompt. I can easily change the password but I wanted this to be a on-write type of situation. I don't think Windows can do this?

NihilismNow
Aug 31, 2003


I don't think you can do it natively. If you remove write permissions (or add deny write permissions) Windows will just give you "access denied".
You could write a script that unmaps/disconnects the share and prompts you for a password to login with a more privileged account, then unmaps the drive after a set ammount of time (say 3 minutes) and remaps it as the logged on user.

Charles Mansion
Oct 20, 2008


Make a read-only share and a second one with write permissions. Give the writeable share a local account so that your client computer can't just access it with the credentials you are logged in with.

redeyes
Sep 14, 2002
I LOVE THE WHITE STRIPES!

adocious posted:

Make a read-only share and a second one with write permissions. Give the writeable share a local account so that your client computer can't just access it with the credentials you are logged in with.

Interesting idea actually. I'll give it a try and see how it works out.

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


Why aren't you using volume shadow copy on a distinct drive?

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



VSS often won't save from from crypto/ransom viruses. First, if they get credentials/admin rights they can just blast it all so at minimum the backup system should have alt credentials if it doesn't have a cold offline copy. Also, the default behavior with VSS is to dump old snapshots when the vol is low on space. If your vol more than half-full what it will do is start generating encrypted hidden copies alongside your unencrypted data and keep going until the volume is full which forces all your previous snapshots out. Once its done encrypting, delete the original copies and now there's no easy recovery path without going to backup. You can change the VSS policy to enforce a hard retention policy based on capture intervals but it isn't not the default behavior and something that I have seen first hand bite a important office when they decided VSS == backup.

redeyes
Sep 14, 2002
I LOVE THE WHITE STRIPES!

BangersInMyKnickers posted:

VSS often won't save from from crypto/ransom viruses. First, if they get credentials/admin rights they can just blast it all so at minimum the backup system should have alt credentials if it doesn't have a cold offline copy. Also, the default behavior with VSS is to dump old snapshots when the vol is low on space. If your vol more than half-full what it will do is start generating encrypted hidden copies alongside your unencrypted data and keep going until the volume is full which forces all your previous snapshots out. Once its done encrypting, delete the original copies and now there's no easy recovery path without going to backup. You can change the VSS policy to enforce a hard retention policy based on capture intervals but it isn't not the default behavior and something that I have seen first hand bite a important office when they decided VSS == backup.

Any ideas on a solution? You are totally right on those points. For the moment I threw together a separate computer with a 8TB drive which gets turned on once a week for backups and back off. Kind of brute force fix.

Adbot
ADBOT LOVES YOU

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



If you already have the hardware, I'd say install Crashplan and set it as a backup destination and make sure you use a different set of credentials to access it. That will give you versioning along with compression/dedupe on the backup set. There's always a chance something could get in to the backup software and issue a command to purge the backups so it might be smart to set VSS policy on the backup volume on the backup box to retain a few old copies in case the worst happens.

  • Locked thread