|
| | | Forum Newbie
Group: Forum Members
Last Login: 5/16/2007 12:17:35 PM
Posts: 2, Visits: 7 |
| | Hi, I've been a point user for many years. One of the major issues I have is being able to control users access of borrower files. We have all our files on one server running windows server 2003. The file permissions within point are good for controlling the useage of novice computer users -- it will stop them from viewing or deleting other loan officer files within point. However, a user with a bit more knowledge can just browse to the point server directory from their desktop and then copy the entire folder. They can then install a point disk on their home computer and voila.....they can view the entire companies closed and active loan files!!!! This is a big security loophole. I'd like to be able to solve this without upgrading to point data server or encompass. The permissions in windows server 2003 are very detailed, I was able to set those so that a loan officer could not delete any point borrower files even from their own desktop. However, I have not found a way to stop them from copying the entire directory of closed files (we have them organized by year). Of course I could set up seperate closed directories by year AND loan officer but this is a huge undertaking (especially for previous closed years). Loan officers need to be able to quickly look at their closed files within point when clients call in, but I need to try and plug the security risk of them being able to copy all files! Thanks for your help |
| |
| | | 
Supreme Being
Group: Moderators
Last Login: 11/15/2008 10:00:24 PM
Posts: 835, Visits: 1,899 |
| Have you tried to give the LO's read-only access from the Point file level in Point Administrator? Then in Windows you give "Read" access on the directory permissions. Do they need to alter the file after it's closed?
Bryan
Point Product Manager |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 5/16/2007 12:17:35 PM
Posts: 2, Visits: 7 |
| | Yes, I have the closed file directories set within point for read only for loan officers. I also am able use windows server permissions to stop loan offices from being able to delete or modify files. However, the big loophole is that they can copy the entire directory of closed loan files and then view them on another computer running point outside the office! I have been unable to find a way within windows server to stop them from copying the files........ Short of upgrading to point data server, how do I stop this? |
| |
| | | 
Sepal
Group: Moderators
Last Login: Today @ 3:54:08 PM
Posts: 1,178, Visits: 9,173 |
| The best way to handle this is to not grant that user permission to the directory. You will have to create a script that would launch point as a different user on the network that has permission to read the files. Might also us it to script the winpoint.ini file so that they cannot have a local datafolder to copy stuff into.
Disclaimer: This post carries no explicit or implied warranty. Nor is there any guarantee that the information contained in this post is accurate. It is offered in the hopes of helping others, but you use it at your own risk. The author will not be liable for any damages that occur as a result of using this post.  |
| |
| | | Junior Member
Group: Forum Members
Last Login: 11/13/2008 2:44:55 PM
Posts: 16, Visits: 34 |
| How does this work if in Point you have restricted the user to "This Reps Files Only" the current security of Point Replys on who they log in as and what name in the the Loan Rep field #19.
Tami D
Point Administrator
|
| |
| | |
Sepal
Group: Moderators
Last Login: Today @ 3:54:08 PM
Posts: 1,178, Visits: 9,173 |
| Windows security would be used to keep browsers from hitting the file system. Point security would be used to prevent them from copying or saveing files.
Disclaimer: This post carries no explicit or implied warranty. Nor is there any guarantee that the information contained in this post is accurate. It is offered in the hopes of helping others, but you use it at your own risk. The author will not be liable for any damages that occur as a result of using this post. |
| |
| | | Supreme Being
Group: Forum Members
Last Login: 10/8/2008 8:13:28 PM
Posts: 126, Visits: 152 |
| BetaFisch (7/23/2007)
Windows security would be used to keep browsers from hitting the file system. Point security would be used to prevent them from copying or saveing files.but then you have to have a folder for each person, which would be a maintenance nightmare. If the entire pipeline is in the "Processing" folder, then any of the LOs can copy the entire folder using windows. I don't think it's possible to prevent access through Windows Explorer, but allow access (read-only or read/write) through Point. If there is a way, please let me know. |
| |
| | | Junior Member
Group: Forum Members
Last Login: Yesterday @ 3:37:25 PM
Posts: 13, Visits: 18 |
| | You need to call in an IT guy to come set up your server. At my office we have it set up that everyone can access the files only through point. And they're all set up with their files only. From each workstation they can't even see the point folder, or anything else on the server. I can't remember what all the little codes are but I think if you put a $ in the name it will change the folder to hidden. e.g. S:\point\pntdata S:\point\$pntdata If you don't want to pay 2-3k on a good IT security person run a search on how to hide files on your server. Best Advice. Hire someone to help you with that, or it can turn into a nightmare. |
| |
| | | Supreme Being
Group: Forum Members
Last Login: 10/8/2008 8:13:28 PM
Posts: 126, Visits: 152 |
| Captain Mortgage (1/4/2008)
You need to call in an IT guy to come set up your server. At my office we have it set up that everyone can access the files only through point. And they're all set up with their files only. From each workstation they can't even see the point folder, or anything else on the server. I can't remember what all the little codes are but I think if you put a $ in the name it will change the folder to hidden. e.g. S:\point\pntdata S:\point\$pntdata If you don't want to pay 2-3k on a good IT security person run a search on how to hide files on your server. Best Advice. Hire someone to help you with that, or it can turn into a nightmare. I haven't thought about this in a while, but it crossed my mind again today. Using hidden folders ($) will only stop someone from browsing to the folder. They can still access it by typing the path directly into Windows Explorer or the Run line. After reading: BetaFisch (5/1/2007)
The best way to handle this is to not grant that user permission to the directory. You will have to create a script that would launch point as a different user on the network that has permission to read the files. Might also us it to script the winpoint.ini file so that they cannot have a local datafolder to copy stuff into.again, I think this is the best way. I would go one step further and ask that the next version have an additional install setting where we can set the "Point User" credentials if it is possible to avoid using a script at all. Otherwise, if someone would please post a sample script as described by BetaFisch, that would be extremely helpful for those of us who don't speak scripting fluently. |
| |
| | | |
|