Re: NTFS Security

From: Tim Evans (tim.evans_at_gmail.com)
Date: 01/12/05

Next message: Rasmus Rønlev: "RE: XP SP2 Blind install"

Previous message: Evan Mann: "Automatic Updates and Users/Power Users"
In reply to: Monrad.DC_at_forces.gc.ca: "NTFS Security"
Next in thread: Ansgar -59cobalt- Wiechers: "Re: NTFS Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 12 Jan 2005 13:14:19 -0600
To: "Monrad.DC@forces.gc.ca" <Monrad.DC@forces.gc.ca>

Without encryption, whomever holds the memory stick holds the data.

File system permissions are not enforced by the data itself, but by
the operating system of the computer trying to read the data. File
system permissions with removable media are like the "honors system".
You're basically counting on the fact that the NTFS implementation on
the reading end (which isn't necessarily windows) is willing to play
nice, The same is true for hard drives; once they've been physically
removed, and the operating system stops being aware of the device,
that data belongs to whomever wants it.

On Tue, 11 Jan 2005 09:40:13 -0500, Monrad.DC@forces.gc.ca
<Monrad.DC@forces.gc.ca> wrote:
> I am looking at securing some USB memory sticks, to allow all domain users
> access on domain networked computers, but to restrict access from non-domain
> computers (home/internet/etc).
>
> Giving domain users full permission and removing everyone works to a small
> degree.
> Plugging the usb drive into an XP machine comes up with a message that the
> drive is unaccessible, but you can access it by taking ownership. As most
> home users are the local admin, this solves nothing.
>
> Going one step further and setting special permissions deny take
> ownership/deny change permissions for everyone does not seem to stop the
> local admin from another domain/workgroup from accessing the data.
>
> Is there a Microsoft or third party solution to this, without encrypting the
> data and restricting access to specified individuals?
>
> Drew
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Rasmus Rønlev: "RE: XP SP2 Blind install"

Previous message: Evan Mann: "Automatic Updates and Users/Power Users"
In reply to: Monrad.DC_at_forces.gc.ca: "NTFS Security"
Next in thread: Ansgar -59cobalt- Wiechers: "Re: NTFS Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How can I restrict access to our network?
... Can someone verify that if I am going to set NTFS permissions what user ... > So re-ghosted the errant machine and rebuilt all our files and adopted ... > again to restrict access by the forth computer. ...
(microsoft.public.windowsxp.network_web)
RE: NTFS Security
... I am looking at securing some USB memory sticks, to allow all domain users ... but to restrict access from non-domain ... Going one step further and setting special permissions deny take ...
(Focus-Microsoft)
Re: A new reader? Welcome to alt.os.linux, read this first if youre new here (FAQ)
... insulting. ... CARRY ANY PARTICULAR NEWS GROUPS. ... remains you did restrict access on your private nntp server and ... guess the name "Matt" is pretty unique and you have permissions ...
(alt.os.linux)
Cannot remove "read only" attribute
... >permissions in order to restrict access for some users. ... >folders even though I had Administrator rights. ... rename the new account as you like. ...
(microsoft.public.windowsxp.security_admin)
Re: Security Group Problem
... So at the sub ... > directory I change the permissions to remove everyone. ... I then add domain users to the directory ... > Charlie Bisbee ...
(microsoft.public.windows.server.active_directory)