Reccomendations to secure windows file sharing?

[Zyzzyva100]

I have setup a file server for my lab at school so that we can share data as well as back it up. I would have liked to setup an active directory domain, but the university IT people did not like the idea, and students aren't allowed to have admin accounts on the university wide system (even though I handle all the IT stuff for my department and my lab).

So, I grabbed a dell that was laying around, threw 2 300 gig drives in, and put server 2003 on it. I setup accounts for everyone, and made the shared folders accessable with full permissions to all the accounts. I also, however, need to setup a folder for my advisor to keep things in that may be confidential. Other than giving no other accounts any access to that folder, is there anything else I can do to harden the server? It is on an internal network, but is hooked up to the internet. I could, however, always disable access to anything outside the university's domain if needed.

Any other tips for locking down server 2003? My advisor said she needs to be able to assure the university that the files are secure (although I've seen other computer security here, and its not terribly great anyway).

 

[Zyzzyva100]

Ok, another question actually. I did setup active directory yesterday, and it was working fine until I managed to lock myself out of a computer completely. Thank god for the emergency boot disk cd.

Anyway, I would like to just go back to windows file sharing, since I really don't have time to tweak active directory. My question is: does anyone know if its possible to force windows to bring up a logon screen everytime you connect to the shares?

Otherwise it seems if other people have been logged on or whatnot, widows keeps using that login and password, and won't give you the option to use the correct one. Is this at all possible?

 

[Kaos]

if security is a concern i would put an honest effort into implementing active directory.

 

[Zyzzyva100]

Yea, I would love to do active directory, but getting my research done is more important than this. Worst comes to worst I will just tell my advisor not to use it for confidential stuff, we still have all kinds of data to back up.

A big problem I was having with active directory was that I want the domain accounts to be able to access the folders for the corresponding local accounts, since people already have shit on the machines in local accounts.

I was also having problems with DNS. I set up the server to run a DNS server, and the only way to make the login take less than 2 mins was to set the ip of the server as the primary DNS for the people logging in. Is this the only way I can set this up if I don't have access to any of the higher level stuff on campus (ie the main dns servers etc).