Jump to content

Assign network drives including access data for security reasons possible?


Siutsch

Recommended Posts

Siutsch

A fundamental question about security, especially because of the current problems caused by the so-called Emotet Trojan:


I use the emby server under Windows10 on the same PC where my Kodi Client is installed.

The data is stored on a Synology NAS.

Under Windows direct, I did not set up network drives directly on this PC, but use the UNC paths for the libraries, e.g. \\IP\Share\folder\...

Since emby does not allow you to specify credentials, the logged in Windows user must have access to this shares on the NAS.

In case of a Trojan infestation of the PC, especially Emotet should have no problems with encrypting the complete data on the NAS with these read/write rights, even if the network drives have not been assigned directly under Windows.

It would be much safer if the access is not done with the logged in Windows user, but with another user whose credentials have to be transferred in emby.

According to my understanding, a Trojan infestation of the PC should then no longer be able to access the data directly from the operating system and possibly compromise them.

So is it possible to transfer access data to network drives as well?

Thanks a lot.

Link to comment
Share on other sites

Hi, we don't currently have a way of allowing you to enter credentials into Emby Server. Is that what you're asking or is this a more general question?

Link to comment
Share on other sites

Siutsch

I know, that emby has actually no way of allowing to enter credentials.

I tried to explain why I think this is important, especially when emby is used on Windows.

 

So I would like to know, if there are any plans to integrate it, or if the effort for it is even manageable.

Thank you.

Link to comment
Share on other sites

Couldn't you also run emby as a windows service with a dedicated windows user account that has limited privileges to only what is necessary?

Link to comment
Share on other sites

RobWayBro

Couldn't you also run emby as a windows service with a dedicated windows user account that has limited privileges to only what is necessary?

This is what I do.

  • Like 1
Link to comment
Share on other sites

Ponyo

But how does that work? You can't give folder permissions to a local Windows user on a Synology shared folder AFAIK and I suppose Windows ACL's don't work unless you are on a domain.

 

You could give the NAS user only read permissions but that isn't exactly a practical solution as Emby won't be able to write anything to the media folders anymore so all your metadata will have to be stored locally which has its own downsides.

Link to comment
Share on other sites

Siutsch

If the name and password of the Windows user is the same as that on the NAS, this will work.

So it should also work if you add a matching user as a service at startup.

 

If this user is not the same user that Windows uses when logging in, then the operating system should not have access to the NAS shares, which would increase security.

I will test this.

Is here an instruction how to start emby as a service (haven't looked for it yet ...)

EDIT:
Found it:
https://emby.media/community/index.php?/topic/50992-how-to-run-emby-server-as-a-windows-service/

Edited by Siutsch
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...