Re: How to prevent files from being changed/moved/copied/printed
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/04/04
- Next message: Roger Abell: "Re: Secutity folder"
- Previous message: S. Pidgorny
: "Re: Disabled Accounts being a security risk?" - In reply to: Karl Levinson, mvp: "Re: How to prevent files from being changed/moved/copied/printed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 4 Dec 2004 09:55:09 -0700
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:uGahTlf2EHA.1392@tk2msftngp13.phx.gbl...
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:%23u$ouse2EHA.3392@TK2MSFTNGP10.phx.gbl...
> > My my, you seem to want to do things in a hard way.
> > Why in c++ ? All one needs to do is define the needed
> > access requirements and then set the ACLing to effect
> > that in any of a number of ways that are more convenient
> > than c++ (script, use of the UI, cmd file of xcacls.exe
> > invocations or of xcacls.vbs invocations, use of GPO,
> > etc.)
>
> Well, you can't really very easily use NTFS file permissions / ACLs to
> prevent someone from changing, copying and printing documents. To prevent
> copying, you would have to make sure the user can't write files anywhere,
and that everywhere of course includes over the wire
> and this isn't a really good solution, as Windows and users both need
places
> where files can be written. To prevent printing, you would have to
prevent
> the ability to read the document.
or control access to a print device
> You can remove the Change / Modify
> permission to prevent someone from changing, say, text files, and remove
the
> Delete permission to prevent moving files, but if you try to use MS Office
> to view any files like Word documents in a folder without these
permissions,
> it will give you error messages and problems without this permission, due
to
> the way it writes to temp files.
>
> What the OP probably really wants to use is IRM, Information Rights
> Management. Microsoft has an IRM solution, though I don't know how much
of
> it is finished at the moment. There is IRM functionality in Office 2003,
an
> add-on for Internet Explorer, and probably something for Windows as well.
> Check it out.
>
>
http://www.google.com/search?hl=en&q=irm+site%3Amicrosoft.com+rights-management
>
The problem with responding to OP is that the case has
been stated in the negetive. There is no statement of what
should be allowed.
While MS's DRM solution in its initial release is a complete
solution, it is the first generation era for this technology that
likely will over time come to be the de facto method for
control over flow of information.
I had thought of mentioning DRM, but again, we are hindered
by no knowing what should be allowed. It might be a more
simple solution for the OP to use a machines on which there
is an app that can be used to open the doc for viewing, but
which app runs in some security context other than the viewing
user's, with the files themselves only accessible by the app's
account. Then, if the app can control what shows in a screen
scrape, if the machine will not allow the app to respond to
an over the wire request, if . . . then the postively stated
requirements might be approachable but under a heavy set
of restrictions on the machine environment, careful ACLing,
encryption of the file accessible transparently by the account
used by the app, threat of penalty under law to the admins of
the machine, etc..
My second reaction to the OP (first was why was c++ mentioned)
upon reading the neg requirements
> protect some files from being changed/moved/copied/printed
was, that there was no reason to store it electronically then
once one understood the conflict between (an assumed) ability
to read the doc and the no copy, no print req.
-- Roger
- Next message: Roger Abell: "Re: Secutity folder"
- Previous message: S. Pidgorny
: "Re: Disabled Accounts being a security risk?" - In reply to: Karl Levinson, mvp: "Re: How to prevent files from being changed/moved/copied/printed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
