BleepingComputer.com: Transferring data to a server only...

I have an issue with security at my workspaces. I need data created from certain programs and applications to only be transfered to a server through a wireless network. Data created cannot be stored on the main hard drive. The server almost needs to act as a hard drive itself. I can take almost any suggestion to get started at the moment. If it is possible with a program, that is fine. ask as many questions has you like as well if you need anything cleared up on the topic.

This is not the simplest topic to cover but in essence what you are trying to accomplish here is almost impossible. Assuming you are using windows as an OS for both the server and the workstations there are only a few ways to accomplish data security. First is by setting user level and group access permissions, second is by encryption, and finally by share permissions. Bottom line however you try to do it is that if the person is "creating" or "modifying" data on almost any program or app they will have full control rights regardless of how tight the permissions or where it is saved. They will still be able to access the data, copy it, e-mail it, transfer it to a USB drive, ect.

So know that the "simplest" method (and I say this very tounge in cheek) that comes to mind off the top is by setting those applications up on the server and forcing the users to access them VIA RDP. Of course this would require the added expense of setting up a application terminal server plus all of the additional licenses. The second method is to (if the program allows) point the program at shared folder created on the server as the default save point.

Keep in mind that doing either of these cannot stop the user from simply going to "save as" and pointing it to their local hard drive. Plus in the mapped drive method the drive itself would be available in My Computer unless you spent some time adjusting your script to hide the drive from the end users.

This project is almost an experiment, and money is no object so the added expense of an application terminal is no problem.
your post is very informative and i now have a base line to start at. By the way, in this project the computers used would only use one application for their entire life span. If it is impossible to have an Application on the physical computer only store information on the server, than running the application on the server through the application terminal you suggested is the only choice i've got. the application is very simple as well, so i can see a default save point being a shared folder on the server (Or is it harder than that)

I simply wouldn't know, im not an expert at servers.

I think either option will do what you need as long as you take the time to setup the respective parts. The simplest method would definitely be the mapped drive providing a few things. One the program can be forced to save to only to that location and two the mapped drive can be hidden from the user. I have never had the need to hide a mapped drive but from looking around a little on the web it seems it is possible to make a drive letter invisible to the user by a registry edit (google it). Do yourself a favor and do a mock up of one or two workstations and a server to get out the kinks before you try to go full swing. Good luck and let us know how it goes.

This post has been edited by Baltboy: 09 January 2011 - 05:14 PM

your suggestion is very helpful. Thanks a lot. I've got months though before the project is finished so i'll have plenty of time to test it and perfect it. Thanks though