I recently added an NAS to my switch on my home LAN. I was shocked to realize that the share folders on the LAN do NOT require the NAS login information, meaning the folders are completely exposed and public.
I assumed that, like regular machines sitting on the LAN - a username and password for the NAS would be required, but apparently that is not the case.
1. I have read that I can configure the guest account with a password, since apparently Win7 leverages the guest account, but this seems to be a bit of a hack.
2. Am I doing this correctly? I'm still quite surprised that attaching my NAS to the LAN just automatically exposes shared folders to the ENTIRE LAN - if this was a large building with hundreds of machines served on the LAN, would this behave this way?
3. Is there a better way to maintain shared folders on the LAN (I know I can set up SFTP/Webdav type connections, but I find the LAN folders much faster) with a more secure approach?
Was the Password-protect sharing in the Advanced Sharing Settings turned off? If you're account has a username and password (account of the shared folders), and when a user opens that account, a pop-up box should have appeared right asking for a username and password, right? You can see it in the Control Panel.
- Open Control Panel
- Open Network And Internet
- Open Network and Sharing Center
- On the left side pane, click Change Advanced Sharing Settings
- There is a ALL NETWORKS profile, on the right side, click the DOWN ARROW to show the options.
- Below, make sure Password-Protected Sharing is Turned on by clicking the "Turn on password-protect sharing" Radio Button
- Click Save Changes button.
I believe this is simply because this is an NAS which is attached separately to the LAN - Windows doesn't seem to have any control over the shared folders because they aren't administrated by Windows at all - they are just shared with the local LAN via the NAS.
I believe I need to change something on the NAS to require login, but I haven't figured this out yet...
I went into the NAS shared folders section on its control panel and changed the permissions of the guest account on there.
Apparently I had the guest account on the NAS open so Windows must default and use this because it's open.
I removed permissions from the guest account and now the LAN requires the NAS login information. Windows seems to not require this information more than once (even if I don't click Remember credentials), I imagine this is because the NAS isn't being put on and off the LAN so windows essentially remains logged into it.
This is slightly less secure because the machine stays logged in to the NAS all the time.
I'm not sure if I need to change this is Win or the NAS. I imagine that I need to do so on the NAS and force it to expire open connections with a timeout.
Looking into whether that's possible which I assume it is.
Normally, I disable the guest acount and add in my own users and groups. I then set the permissions for each share based on which users or groups need access to them.
The credentials only get asked for once per computer login. It does this because your computer assumes you will continue to need access to that drive. If you logout of windows or reboot, the NAS will require you to login again.