Concern - Security Is the security in Windows for Workgroups adequate for security critical situations? Some of our employees work with very sensitive data and if that data was accidentally made freely available from their hard disk over the network it would be a serious security breach. Also, how will Windows for Workgroups interact with the security features we already have in place on our servers? Response Windows for Workgroups is as secure as any other LAN client available. It complements, rather than replaces, your existing LAN security. Windows for Workgroups respects all server-based security schemes just as the Windows operating system version 3.1 does today. As a result, sensitive, mission-critical data can continue to reside on a server and be protected on a user-by-user basis while less sensitive, more routine information, can be shared directly between the people that need to interact. This type of security architecture can actually free up both server space and the LAN administrator's time. For peer-to-peer sharing Windows for Workgroups provides an additional security model. When Windows for Workgroups users decide to share their resources (files, printers, etc.) on the network, they have the option of declaring the information to be read-only or full access, and can also decide whether or not to require a password for such access. Adding a password when users share information will help guard their data from unauthorized use. Windows for Workgroups also makes security easy to use for the network users by automatically remembering the passwords to resources the user had previously connected to. The appropriate passwords for the resources are saved in encrypted files on the user's hard disk and are provided to the servers as needed. In this way, users don't have to type passwords every time they reconnect to shared resources. For example, suppose that each morning a user wants her PC to connect to five shared directories on five different LAN Manager and Windows for Workgroups servers and one network printer. In Windows for Workgroups, she does not have to type in the passwords for the shared resources every day to set up these connections. Windows for Workgroups automatically gives her access to all of the resources she had previously provided the passwords for after she has logged onto her Windows for Workgroups desktop. And because the passwords for these connections are stored in an encrypted file using the RC4 algorithm, there is little chance that someone could wrongfully obtain the password for a certain resource. In fact, there is usually a greater risk when passwords are not stored and encrypted on disk for the user. Why? Because when users have to reenter a password every time they try to connect to a shared resource, they often resort to writing down the password somewhere in their office space or saving it on their hard drives, unencrypted! If needed, an individual Windows for Workgroups workstation can be quickly and easily prevented from sharing some or all resources by using one of several methods: * Go to the Networks section of the Windows Control Panel and untoggle the "Enable Sharing" box. This will prevent the user from sharing anything on the Windows for Workgroups network but leaves sharing software on the hard drive. * Edit the system.ini file and restart Windows for Workgroups. This prevents the user from sharing anything on the Windows for Workgroups network and will not allow toggling of the "Enable Sharing" box. The sharing software is left on the hard drive. * Modify the setup.src file so that the vserver.386 file is not installed on the machine This prevents the user from sharing anything on the Windows for Workgroups network and leaves no sharing software on the hard drive. * Edit winfile.ini to just prevent file sharing while permitting printer sharing. This will remove all file sharing capability (buttons and drop down menus) in the File Manager. * Edit win.ini to prevent printer sharing while permitting file sharing. This will remove all printer sharing capability (buttons and drop down menus) in the Print Manager. You can of course modify the master copies of these files and have them installed on individual PCs in the organization automatically through the Windows for Workgroups SETUP /N command (explained later in more detail) or from a floppy-disk based installation. This gives the network administrator control over his network and at the same time lets the users retain all of the other Windows for Workgroups features including access to shared resources on other machines, built-in electronic mail and scheduling, and network DDE capability.