File sharing (or rather files to not be shared)?

Johnmcl7

JustAnotherSaver wrote: »

I don't really know when "originally" was.



But up until 2018 i tried Virtual Machines.


I've used various ones. VMWare i think was the name of one. Virtual PC another. Something about Sand was another one i remember. Sure they worked ... but they were slow. I tried allocating more processor power and RAM to them but yeah they were still just slow. That's with Windows 7 on them and various Linux OS that i was trying out (Mint & Zorin were two i remember).

For normal use, VM shouldn't be distinguishable from normal (unless you're running a GPU accelerated system or similar), I've seen even an ULV CPU manage to simultaneously run a set of VM's with a reasonable amount of ram. As long as the system supports virtualisation running a single VM should be easy.

I think we'll just go round in circles on that one so i'll just say ok so as to avoid any back-&-forth.

There's no back and forth, if you give someone admin rights they can make any change they want to the PC regardless of of whether you try to hide or encrypt the files. Encrypting the files may hide the contents but another admin user can easily trash the encrypted file area and remove it. That's also putting aside that anyone with physical access to the PC can generally do whatever they want.

that

what type of stuff do you run on your system?

Most work areas have a given set of software, and staff are forbidden to install other items, to such a point where the usb is disabled for most users. This help prevent, viruses, illegal software and makes the data more secure - all protecting the business and customers

JustAnotherSaver

Johnmcl7 wrote: »

For normal use, VM shouldn't be distinguishable from normal (unless you're running a GPU accelerated system or similar), I've seen even an ULV CPU manage to simultaneously run a set of VM's with a reasonable amount of ram. As long as the system supports virtualisation running a single VM should be easy.

Then i either don't know how to set it up properly (although i did ask) or my hardware doesn't handle it well, or both.
All i can say is what i experienced and in my opinion the VM wasn't as quick as the host, nowhere near. It was too slow based on my expectations.

There's no back and forth, if you give someone admin rights they can make any change they want to the PC regardless of of whether you try to hide or encrypt the files. Encrypting the files may hide the contents but another admin user can easily trash the encrypted file area and remove it. That's also putting aside that anyone with physical access to the PC can generally do whatever they want.

There is.
This will be the last time i'll say this as you've actually been helpful and i don't want you to take this the wrong way.


I keep making the point of is it a simply double click (the same way you'd just open up any old file) or is it requiring some knowledge?


arciere said earlier that it was a simple double click. I said fine then because i took their word for it. They're supposed to know more than me.

BUT .... then we got on to my current setup, where drive letters are removed. I asked this guy how IN THIS CASE would someone access it 'easily'. They responded simple, they would just give it a drive letter, so on & so forth.
This is where the whole thing fell down because (this guy at least) was not listening to a word i was saying.

I'm well aware that anyone with admin rights can undo it but this guy made it sound like it was a simple double click when (as i implemented this setup) i know for 100% that is not the case. I know that you need some kind of knowledge. Yeah sure you could remove the drive, open up another PC or whatever, connect the drive and access but again you are needing some kind of knowledge and you're also WANTING to do that. That doesn't apply in this case which is what i keep saying keep saying keep saying and keep saying.
But keep getting ignored.


So like i said, if it's a simply double click the same way you would open any old file then fair enough.
But if it's not and you need some kind of knowledge. Forget that an admin could do it, if that admin needs knowledge on how to do it because it's not a simple double click, then that is totally different.


Hopefully that clears up the angle i'm coming from? If not then it's probably best we just agree to leave it there.

that wrote: »

what type of stuff do you run on your system?

In the sense of?
Are you meaning like a list of programs that i have installed?

that

JustAnotherSaver wrote: »

Then i either don't know how to set it up properly (although i did ask) or my hardware doesn't handle it well, or both.
All i can say is what i experienced and in my opinion the VM wasn't as quick as the host, nowhere near. It was too slow based on my expectations.

There is.
This will be the last time i'll say this as you've actually been helpful and i don't want you to take this the wrong way.

I keep making the point of is it a simply double click (the same way you'd just open up any old file) or is it requiring some knowledge?

arciere said earlier that it was a simple double click. I said fine then because i took their word for it. They're supposed to know more than me.

BUT .... then we got on to my current setup, where drive letters are removed. I asked this guy how IN THIS CASE would someone access it 'easily'. They responded simple, they would just give it a drive letter, so on & so forth.
This is where the whole thing fell down because (this guy at least) was not listening to a word i was saying.

I'm well aware that anyone with admin rights can undo it but this guy made it sound like it was a simple double click when (as i implemented this setup) i know for 100% that is not the case. I know that you need some kind of knowledge. Yeah sure you could remove the drive, open up another PC or whatever, connect the drive and access but again you are needing some kind of knowledge and you're also WANTING to do that. That doesn't apply in this case which is what i keep saying keep saying keep saying and keep saying.
But keep getting ignored.

So like i said, if it's a simply double click the same way you would open any old file then fair enough.
But if it's not and you need some kind of knowledge. Forget that an admin could do it, if that admin needs knowledge on how to do it because it's not a simple double click, then that is totally different.

Hopefully that clears up the angle i'm coming from? If not then it's probably best we just agree to leave it there.

In the sense of?
Are you meaning like a list of programs that i have installed?

virtual machines do not work for everyone, and for some items they are bad, but for 95% of the people they work very well. We have multiple virtual servers at work some holding 8tb of data used by thousands of people, we have another that queries hundreds of databases, and swaps information between them. About 1400 virtual ones in total so when you say that they do not work, or slow working for an org with about 17000 people, who mostly and unbeknown to them access virtual servers on a daily basis for well over 12 years. I have run Virtual box very sucessfully on my old HP Compaq nc6220 with Intel Pentium M processor 740 (1.73GHz) and 4gb ram with a 500gb drive about 9 years ago and it worked well too. So when someone comes along and says they do not work, it is often a unique application, utilises special cards and hardware, or is using the nastiest and oldest hardware possible with limited ram that does not support it

On the eve when I replied to your initial question, I had at work had to set up over 50 folders VERY similar to your spec, as being part of my job I usually do a few of these daily, so I know what I typed works!

Regardless of your setup is, over time, the profile of the use logged in will most likely become corrupt, causing you lose assigned drive letters, shortcuts, shares, web links?, default settings and passwords etc.

The drives without letters would probably be mapped by you techie via setting in the profile, but could have been a script too?

No, you do not need to list every bit of software, just the ones that do not work well on your vm, and if you cant remember then the software you use on a regular daily basis. What do you run on them and what are they used for?

Also please do not be too dismissive of people trying to help you out, especially as your scenario and working practice is unfamiliar to us, so we each ask stupid questions to gauge the situation according to our working environment and knowledge. We do not work for you, you do not pay us either, and we have freely volunteered our time to you.

debitcardmayhem

Elephant in the room, is it simple click, or needs “special knowledge”? Well having 3 users with admin rights could simply mean one click on a dodgy link, curtains for all 3.
No specialist knowledge.

JustAnotherSaver

that wrote: »

so when you say that they do not work,

Let's pause a minute.


I said that? Apologies if i did because i really shouldn't have. I actually said that? Could you please show me which post i said that in and i'll edit it because that's just wrong. I should have never said they don't work because they have worked for me.

Regardless of your setup is, over time, the profile of the use logged in will most likely become corrupt, causing you lose assigned drive letters, shortcuts, shares, web links?, default settings and passwords etc.

That's an interesting one.
In what sense do you mean corrupt? As in knackered beyond repair, all data lost kind of corrupt, or a bit of tweaking will get it back on its feet kind of corrupt?
I only ask this question as for many years the setup worked perfectly fine. Then for some unknown reason (no nobody accessed the computer and reassigned a drive letter, they just didn't) the drive appeared where it usually wouldn't be (in My Computer). It had been hidden for years but suddenly it appeared. I couldn't understand why. I had been the only person on the PC for some time actually.

No, you do not need to list every bit of software, just the ones that do not work well on your vm, and if you cant remember then the software you use on a regular daily basis. What do you run on them and what are they used for?

It's not that it did not "work well". Again if i said that then first off please show me but secondly - the machine just ran slow, in that the VM ran slow compared to if i was doing the same thing on the host.



So if i opened up say 6-7 tabs in FireFox in the host, they'd all open in like 3 seconds (i'm plucking numbers out of the air here by the way to just make a point. I haven't actually timed it) but if i opened the same 6-7 tabs in the Virtual Machine it'd take like 15 seconds.

Things just ran slower. Maybe that's to be expected, maybe it's not but things weren't at a speed i was happy with.

Also please do not be too dismissive of people trying to help you out, especially as your scenario and working practice is unfamiliar to us, so we each ask stupid questions to gauge the situation according to our working environment and knowledge. We do not work for you, you do not pay us either, and we have freely volunteered our time to you.

See this is classic ways and means. You clearly know how to speak with people. I don't have a problem with what you said so if i've seemed ungrateful towards you for anything you've posted then i apologise as that's not the case. You make a fair point so i'll accept that.

debitcardmayhem wrote: »

Elephant in the room, is it simple click, or needs “special knowledge”? Well having 3 users with admin rights could simply mean one click on a dodgy link, curtains for all 3.
No specialist knowledge.

I'm an idiot so care to explain further?


"one click on a dodgy link, curtains for all 3". What do you mean?


Are you suggesting a virus or something? They install something bad which knackers the computer for everyone preventing anyone from being able to access the PC (or rather, Windows)?

debitcardmayhem

JustAnotherSaver wrote: »

"one click on a dodgy link, curtains for all 3". What do you mean?
Are you suggesting a virus or something? They install something bad which knackers the computer for everyone preventing anyone from being able to access the PC (or rather, Windows)?

Just that exactly ... they are all admins

JustAnotherSaver

debitcardmayhem wrote: »

Just that exactly ... they are all admins

Something my current setup seems to have worked around over the years.


Don't get me wrong, i'm not for a minute suggesting my current setup is flawless. I know it's not and i am aware it's also unusual which when asking for help i appreciate it does throw people off because you need to get over the initial hurdles of "well why would you do that" before you actually get to the question answering (not just this forum!) BUT with that said, i've had issues in the past where it wont boot to the drive that has the boot loader on. For some reason it keeps being that drive. Thankfully i have the OS on the other drive which i can access and can pull files if need be. So far i've always been able to repair the boot loader but there will eventually be that one time i guess.


There'll probably be better workarounds i'm sure, but that's the situation i've had so far.

esuhl

JustAnotherSaver wrote: »

I was with you on [using Veracrypt], in the sense that i can visualise that.

But this... Meltdown! I've seen that ("run a script") mentioned in other threads to other people about whatever problem they're facing and it reminds me of trying to tackle coding at school which was mildly better than trying to learn French but still not enjoyable. In short i have absolutely no clue i'm afraid. Right now that kind of thing is beyond me and tbh i'm reluctant to ask.

Don't panic! It's pretty straightforward (honestly). The script would only contain ONE SINGLE command to mount the Veracrypt container (volume). It would look something like this:

veracrypt /volume MyVolume /letter X /auto /password MyPassword

You'd need to provide the path to veracrypt (i.e. replace "veracrypt" in the above command with "C:\Program Files\Veracrypt\veracrypt.exe" or whatever).

And you'd need to replace "MyVolume" with the path/filename of your Veracrypt file. (You can also mount partitions or drives -- see the link below.)

"MyPassword" is just your password in plain text... which means anyone could see it. It's not really secure, but it's not something an unsuspecting user would come across accidentally.

The "/letter X" means "mount as drive letter X". You might also want to add the "/quit" option to suppress user prompts.

---

To make that command a script, you just need to paste it into a plain text file, and change the filename from "whatever.txt" to "whatever.bat".

You can run the script by double-clicking on the .bat file. Once you get that working, there are ways to get it to run automatically when a user logs in. You'd probably want to run a script to unmount the volume too when the user logs off. The command for that is:

veracrypt /dismount X

Where X is the drive letter to dismount. You can omit the letter to dismount all Veracrypt drives. Again, you might need the "/quit" option.

The full list of parameters and options is here:
https://www.veracrypt.fr/en/Command%20Line%20Usage.html

esuhl

I can think of another solution... if you can find a suitable product or don't mind some simple DIY.

Disconnecting power to a hard drive is a simple way of making it "invisible". So, you could have a hard drive for each user, connected to a lockable switch, like these:

https://www.ukdj.co.uk/general-store-c44/security-c695/locks-c697/eagle-altai-c-rating-3-a-on-off-tubular-security-key-switch-full-metal-round-lock-inc-two-keys-p5809

Each user would have their own key. Turning the key would enable power to their drive. You could mount the locks on a spare front-bay panel.

To prevent data loss, you'd need to EITHER:
1) Ensure users power off the machine before turning the key to "off".
2) Ensure users dismount the data drive before turning the key to "off".
3) Disable write caching on the drive, and ensure users don't turn the key to "off" whilst writing data.

A long time ago, I saw a product that did something similar, but with a single key to select the active drive.

Here's an example of such a device with push-buttons instead of locks:
https://www.amazon.co.uk/ORICO-HD-PW4101-Drive-Switch-Controller/dp/B005NVU1S2