Question Is it possible to ask for autorization on server pc only when someting needs to be written on network drive?

[johnynai]

Hey people,

I'm sharing a network drive with my roomate and recently he got some kind of ransomware that encrypted his whole system and also my network drive thats running on separate pc.

Is it possible for win 10 to ask for premmision for write only on that specific pc where drives are plugged in? Like some kind of autorization yes/no to allow or not the write. I think this would prevent this stuff from happening in the future. This can be possible since server pc is really close to us and ofc it would be bothersome to do it for every write but at least it will be secure.

I know i can have password but they managed to get hold of that password and still encrypted whole drive.

I tried looking for such setting in win 10 and did not find such thing. Is there maybe some software for this?

 

[USAFRet]

IMHO, you're chasing the wrong fix.

If your roommate is prone to getting infected, don't give him and any of his systems access to any of your systems.
Anything data that needs to be shared, do it via some intermediate device...a 1 bay NAS box or something.

And you DO have a good backup routine in place, correct?

 

[johnynai]

IMHO, you're chasing the wrong fix.

If your roommate is prone to getting infected, don't give him and any of his systems access to any of your systems.
Anything data that needs to be shared, do it via some intermediate device...a 1 bay NAS box or something.

And you DO have a good backup routine in place, correct?

Unfortunately, no backups.
But fortunately nothing important to me is lost. Only steam library full of games.

This is the first time we encountered ransomware. But storage got zapped once and I don't want that to happen ever again.

Currently I'm trying to make some sort of script that turns on and off write access. But drive needs to be shared every time so its not a good solution.

Just wondering if such thing is possible without spending on additional nas for sharing only.

 

[Nafryti]

Hey people,

I'm sharing a network drive with my roomate and recently he got some kind of ransomware that encrypted his whole system and also my network drive thats running on separate pc.

Is it possible for win 10 to ask for premmision for write only on that specific pc where drives are plugged in? Like some kind of autorization yes/no to allow or not the write. I think this would prevent this stuff from happening in the future. This can be possible since server pc is really close to us and ofc it would be bothersome to do it for every write but at least it will be secure.

I know i can have password but they managed to get hold of that password and still encrypted whole drive.

I tried looking for such setting in win 10 and did not find such thing. Is there maybe some software for this?

You could just not save the credentials to the drive and require login each time he accesses it as a safety measure, you can add it to the roommates PC and then just not save the password to it so he has to log in each time. That would effectively make an air-gap in that situation.

 

[johnynai]

You could just not save the credentials to the drive and require login each time he accesses it as a safety measure, you can add it to the roommates PC and then just not save the password to it so he has to log in each time. That would effectively make an air-gap in that situation.

Ive misread your reply. That could work. I will try to set it up now. Thank you for your reply.

 

[USAFRet]

Unfortunately, no backups.
But fortunately nothing important to me is lost. Only steam library full of games.

This is the first time we encountered ransomware. But storage got zapped once and I don't want that to happen ever again.

Currently I'm trying to make some sort of script that turns on and off write access. But drive needs to be shared every time so its not a good solution.

Just wondering if such thing is possible without spending on additional nas for sharing only.

"never again" starts with backups.
Secondly, user training. Your roomie is a major infection vector. Any fancy stuff you do with passwords...he will almost certainly undo it.
Isolation. Just like in a hospital, keep the infected people and equipment away from everyone else.

That ransomware is not the last time this will happen.

Almost all of us have lost data at some point.
Smart people take measures to not let it happen again.

 

[Nafryti]

I already had that. But the thing is once unlocked it stays like that until drive is disconected manually or pc restarts. Unless theres some way to require credentials everytime something needs to be written.

Perhaps granting him read only access for things such as music or movies, and then just leave it at that. Not entirely sure what he would need write perms for, unless he's actively working on a project with you, in which case i would suggest using USB media for transferring files physically in hand. The network idea is great, but then again, @USAFRet makes a fair point. Regardless of the offense, the problem will recur again, that's just how it plays in these situations. You would be talking about setting up an FTP server where he could only access it via the client portal program each time, and that can become cumbersome, but would effectively get the job done, but only for moving files here and there when needed. If he's doing it like you and storing a whole steam library on the NAS, then FTP will not work.
But i do think you can get your goal done using an FTP client to connect and transfer files that way, if you're doing something that requires the work of file transfers to be made routinely. But removes the ability to on the fly add the drive to the system for an access by windows file manager.

 

[johnynai]

"never again" starts with backups.
Secondly, user training. Your roomie is a major infection vector. Any fancy stuff you do with passwords...he will almost certainly undo it.
Isolation. Just like in a hospital, keep the infected people and equipment away from everyone else.

That ransomware is not the last time this will happen.

Almost all of us have lost data at some point.
Smart people take measures to not let it happen again.

You are right. Ill try to find some good deal for backup hdd.
Might as well just restrict his acces until that.

Thank you people.

 

[johnynai]

Perhaps granting him read only access for things such as music or movies, and then just leave it at that. Not entirely sure what he would need write perms for, unless he's actively working on a project with you, in which case i would suggest using USB media for transferring files physically in hand. The network idea is great, but then again, @USAFRet makes a fair point. Regardless of the offense, the problem will recur again, that's just how it plays in these situations. You would be talking about setting up an FTP server where he could only access it via the client portal program each time, and that can become cumbersome, but would effectively get the job done, but only for moving files here and there when needed. If he's doing it like you and storing a whole steam library on the NAS, then FTP will not work.
But i do think you can get your goal done using an FTP client to connect and transfer files that way, if you're doing something that requires the work of file transfers to be made routinely. But removes the ability to on the fly add the drive to the system for an access by windows file manager.

Yeah, restricting his access would be best.

Ill try to get some backup going when i find good deal for hdd.

Until then, read only haha.

Thank you for the replies people.

 

[Nafryti]

Yeah, restricting his access would be best.

Ill try to get some backup going when i find good deal for hdd.

Until then, read only haha.

Thank you for the replies people.

If your NAS can support it, you may want to just try the FTP Application system, what this would mean is, he can only access the NAS through the FTP program. This would sort of be what you were asking. His only access would be via the application, the files would be transferred through the application, and once the program closes the access is terminated. Even while the program is active other programs cannot access the NAS, only that program while it is actively connected to the NAS can access the NAS.

However, the true air-gap will be the USB HDD solution.

FileZilla is a Mozilla made FTP program that i used to use a lot back in the day, but it all boils down to whether or not the NAS supports it. If it isn't made by Mozilla then, well... oops, at least it's free.