Is it possible to lock folders, using the ip address of the user as a key?

[Delano.888]

I'm currently in the process of building a DIY nas (ITX pc with win10 pro).

I don't plan on using any partitions, it'll be a large drive with 3 folders: backups / media / dads backup. It will also run some windows programs, so it really will be a windows pc, the parts are already mostly here.

Then, I want to be able to access that nas pc from any different pc on my network, but I only want to be able to open the first 2 folders, without a password.

My dad however, who lives somewhere else, gets the third folder which he will access via internet, and cannot open my folders.

I, in turn, cannot open my dads folder.

I know we should just trust each other, but there are reasons for this.

Is this possible somehow? It is important that everything on my local network can open my 2 folders. It is also necessary that this pc has no password protected user account (because it will run without a monitor and keyboard).

I looked into bitlocker (cannot do folders), windows's "encrypt contents so secure data" (not possible without a locked user account) and winrar (not usable for media streaming/backing up into those folders with third party software.

 

Is there any way for me to lock folders on ip-base? So that my father can open his folder because he has the right ip, and everything on my network can open the folders because they're local?

 

Thank you!!

[Kilrah]

8 minutes ago, Delano.888 said:

It is also necessary that this pc has no password protected user account (because it will run without a monitor and keyboard).

What does not having a monitor and keyboard have to do with password protection?

 

The solution is to have separate user accounts and share the folders appropriately only with the accounts that need to access them. 

[tikker]

I think using IP addresses for this is an extremely bad idea. A dynamic IP would change at times and a static IP would mean simple IP spoofing gets you past it. I don't have a particular solution for this case, but this is why user account control and passwords were invented. For example, my Unraid NAS uses Samba shares to access it and within Unraid I can set which Samba accounts have what kind of access to the shares.

[Delano.888]

1 minute ago, Kilrah said:

What does not having a monitor and keyboard have to do with password protection?

 

The solution is to have separate user accounts and share the folders appropriately only with the accounts that need to access them. 

Because it will run headless. I will turn it on in the morning via WOL, not interact with it at all (don't enter password) then for instance I can backup to it via my main pc, or run media to my TV, all without any password hassle.

[Kilrah]

You can do all of those things with a password. There doesn't need to be anyone logged in to the PC to do this.

[Delano.888]

2 minutes ago, Kilrah said:

You can do all of those things with a password. There doesn't need to be anyone logged in to the PC to do this.

I'm sorry I'm totally new to this.

Some of the things I'm trying to do is run an Emby server (need the server program running after logging in) and also backup to it via cobian backup.

You're saying I can do this while no account is logged in at all?

[Kilrah]

The shares are there as soon as the PC has booted, no need for someone to log in locally. So if other computers need to backup to those shares they can.

 

For any local applications you need to be running without someone being logged in you can set them to run as a service. Most things that are designed to be servers will have an option for that, and there are workarounds for any that don't.

[Delano.888]

22 minutes ago, Kilrah said:

The shares are there as soon as the PC has booted, no need for someone to log in locally. So if other computers need to backup to those shares they can.

 

For any local applications you need to be running without someone being logged in you can set them to run as a service. Most things that are designed to be servers will have an option for that, and there are workarounds for any that don't.

I'm learning so much today. I didn't even know you can create accounts for users that are not on the local network.

 

Can I also use remote desktop into the nas pc, then enter the password of my own account, when necessary? So that I can run programs when needed.

[Kilrah]

Yep as long as that machine is running the Pro version of Windows (remote desktop server isn't present in the Home version)

[Delano.888]

32 minutes ago, Kilrah said:

Yep as long as that machine is running the Pro version of Windows (remote desktop server isn't present in the Home version)

Now all I need is to figure out how to create an internet accessed windows account, I'll look into that. Thank you so much.

[Kilrah]

You basically need to set up a VPN so that the person can remotely connect to your network, and then access the machine from there.

[Delano.888]

13 minutes ago, Kilrah said:

You basically need to set up a VPN so that the person can remotely connect to your network, and then access the machine from there.

Would windows VPN be good enough for this or should I look into external software like Wireguard etc?

[Kilrah]

Should be fine yes. Never tried it myself since my router has a built-in VPN server that I use instead.