RE: File and email Security

From: Bartel, Matt (
Date: 08/10/01

Message-ID: <>
From: "Bartel, Matt" <>
To: 'Paul Smith' <>, "''" <>
Subject: RE: File and email Security
Date: Fri, 10 Aug 2001 14:10:31 -0500

I'm not so sure I'd rely on this method of "catching" the offending
admin...after all, they can just reset someone's password, login with their
account, take ownership of the needed files, view the files and logoff.
Then, the CEO would login, see that this user had taken ownership and a
confrontation would ensue that would lead to the innocent user telling the
CEO that he was locked out of his account (if he were a smart user), so he
had to call the helpdesk to have it changed; or, more likely (since the CEO
is this paranoid about only *him* being able to see his files) the CEO would
probably not believe the user. In either case, the admin gets away with it.

Just so you didn't implement this policy without seeing this possible

-----Original Message-----
From: Paul Smith []
Sent: Wednesday, August 08, 2001 2:43 PM
To: Todd Schubert;
Subject: Re: File and email Security

>I have an interesting problem that I am hoping someone out there can help
>with. Basically what it boils down to is that we need to store files on
>server and emails on our exchange server that only the CEO can access and
>that the network admins can't access without the CEO knowing. Permissions
>don't seem to be a solution because they can be changed by the admins and
>the logs can then be falsified to hide the changes. Has anyone encoutered
>something similiar to this or have any ideas on how to get around this??

You don't say what OS your file server is using... If you're using Windows
NT/2000 then the following applies:

I may be wrong here (but I don't think so) - if the CEO seizes 'ownership'
of the files and sets the permissions so that ONLY he can access them, the
only way an admin can access them is to seize ownership themselves, change
the permissions, access the files and change the permissions back again.
The admin can NOT (as far as I know) set the ownership back to a different
person (you can only 'take ownership' you can't 'give ownership'), so the
CEO will be able to tell that a particular admin has potentially looked at
the files.

This does not stop the admin accessing the files, but it does mean he's in
trouble afterwards... The only way to stop the admin accessing the files is
to keep the files off the server...

(If you think about it, an administrator SHOULD be able to access the files
somehow - what happens if the CEO gets run over by a bus and the files
contain critical information, the replacement CEO needs to have access to
them so an administrator needs to be able to transfer them to the new CEO)

Paul VPOP3 - Internet Email Server/Gateway