Windows 95 Network Security Overview

Windows 95 provides shared-level and user-level security for protecting shared resources on computers running Windows 95 with File and Printer Sharing services.

• Share-level security protects shared network resources on the computer running Windows 95 with individually assigned passwords. For example, you can assign a password to a directory or a locally attached printer. If other users want to access it, they need to type in the appropriate password. If you do not assign a password to a shared resource, every user with access to the network can access that resource. (This option is not supported with File and Printer Sharing for NetWare Networks.)
• Pass-through user-level security protects shared network resources by requiring that a security provider authenticate a user's request to access resources. The security provider, such as a Windows NT domain control or NetWare server, grants access to the shared resource by verifying that the user name and password are the same as those on the user account list stored on the network security provider. Because the security provider maintains a network-wide list of user accounts and passwords, each computer running Windows 95 does not have to store a list of accounts.

  Note If you are running File and Printer Sharing for Microsoft Networks, the security provider must be the name of a Windows NT domain or Windows NT workstation. If you are running Microsoft File and Printer Sharing for NetWare Networks, the security provider must be either a NetWare server or a NetWare 4.x server running bindery emulation.

The following illustration shows how user-level security works on a computer running File and Printer Sharing service and Client for Microsoft Networks. The numbers are explained following the illustration.

1. A user tries to access a shared resource protected by pass-through user-level security.
2. A request is passed to the security provider to verify the user's identity.
3. The security provider sends a verification to the computer running Windows 95 if the user name and password combination is valid.
4. Windows 95 grants access to the shared resource, and gives permission to use the resource according to rights assigned to the user in Sharing properties for that Windows 95 resource. The user's rights are stored on the computer running Windows 95.

Planning and implementing security in a Windows 95 networking environment requires the following basic kinds of steps:

• Defining user accounts on a network server or domain controller for user-level security. For more information, see the documentation for the software on the network security provider.
• Installing File and Printer Sharing services and enabling user-level or share-level security. For more information, see Chapter 11, "Logon, Browsing, and Resource Sharing."
• Defining access rights for resources protected by user-level security.
• Making the Windows 95 logon password and network logon password the same, disabling password caching if you do not want this feature. For more information, see "Using the Windows 95 Password Cache" and "Using the Windows 95 Logon Password " later in this chapter.
• Defining system policies to restrict users' ability to configure the system or shared resources, and to enforce password policies. For information, see Chapter 15, "User Profiles and System Policies."