Scenario:
- Public computer with scanner attached.
- Client computers with 'My Documents\Scanned Documents' shared but password protected.
- Public computer has a shortcut to each users 'Scanned Documents' folder.
- At Public computer, user scans a document and it creates a file on the desktop.
- User moves the scanned file from the desktop to their private shared folder.
Question:
How do I configure the shared folder so it asks for the password every time it's accessed?
Bonus points: How do I set permissions on the shared folder to reset after X minutes of inactivity. In other words, instead of asking for a password every time, ask for a password if X minutes have passed since last being accessed.
We use Windows Server 2008 and Vista clients. Thanks.
You're making this overly complicated in the name of trying to be "simple". What you're going to end up with is something that works poorly.
Just have the users logon to the "public computer" with their domain username / password and be done with it. If you're worried about their roaming profiles coming over to the "public computer" use group policy to allow only local profiles. If you're worried about consistency for the user experience on the PC use loopback group policy processing to enforce some consistent look-and-feel settings.
I don't know if your exact requirements are at all possible, but creating a workaround for this scenario shouldn't be too difficult.
I would write a short script, likely with AutoIT(*) that would ask the user for username/password and the requested computer, connect to that system with the given credentials, copy all scanned files over from the desktop, delete them locally and disconnect. Quick and easy.
(*) VB scripts are of course also possible, and even really quick batch files, but those are not that comfortable, without any GUI for end users.
I'm not sure there is a way to do this besides changing the default life of a Kerberos ticket, but that will affect a lot more than just the shared folder. Maybe transporting the files over FTP or SCP to a file server would be a better option? Not sure how your infrastructure is set up though so this may not be an option.