Re: recovering NTFS volumes
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/09/04
- Next message: rwhite: "Installing Windows Updates"
- Previous message: CWDev: "Disabled old Admins acct - no rights to re-enable"
- In reply to: Parhez Sattar: "Re: recovering NTFS volumes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 09 Jun 2004 03:15:18 GMT
If ntfs permissions are not being copied when data is backed up then I believe it
would inherit the permissions of the parent folder where it was restored to if was
restored to drive using ntfs. If the files did not include the administrators group
but instead a user/group unique to the operating system that is was backed up from,
then access would be denied to a user trying to gain access from another operating
system until the user logged on as and administrator and took ownership at which time
he would see a sid but not a name that had permissions assigned to it.
In my experience the machine ID does not matter for ntfs permissions of default
operating system users/groups. I often use double/triple boot operating systems and I
always have access to volumes that belong to the other operating systems without
taking ownership and if I view permissions on those volumes I see administrators
group. However if I explicitly remove the administrators group and other default
built in users or groups and replace it with a user unique to that operating system
for the ntfs permissions on a folder, I am denied access when I boot into a different
operating system until I take ownership and give myself permissions assuming no EFS
is involved. Anyhow I would certainly not count on ntfs permissions alone to protect
a backup. I say you guys make bets and test it out. --- Steve
"Parhez Sattar" <pxs01@grh.org> wrote in message
news:19a8401c44dbc$1741b8b0$a601280a@phx.gbl...
> Steve,
> Thanks for the detailed answer. Does your answer change
> if the file system where the tape is being restored does
> NOT have NTFS (i.e. FAT32)? What if the ACLs of the files
> in question on the tape didn't include Administrator
> (Administrators group)? Doesn't the machine name/id come
> into play, even if the Administrator account was
> explicitely included in the ACL? Thanks again.
>
>
>
>
>
>
> >-----Original Message-----
> >Ntfs by itself is not secure protection outside of the
> original operating system and
> >yes someone who could restore the tape to another
> operating system would be able to
> >access those files [assuming the backup process does not
> encrypt, as some can is my
> >understanding]. They may or may not need to take
> ownership. My guess is that if
> >administrators group or administrator have full
> permissions, they would have no
> >problem since built in administrator and administrators
> group have the same sid on
> >every operating system. EFS files would deny access to
> any users who does not have
> >access to the private keys used for EFS for either the
> user or recovery agents as
> >shown in efsinfo. Those private keys are stored in the
> user profiles, so if the
> >backups did not include those user profiles they would
> not be able to access the EFS
> >files themselves unless they obtained them from another
> backup [keep them separate]
> >and were able to guess or crack users/recovery agent's
> password, though they could
> >delete the data. I have little experience with backup
> programs other than built in
> >ntbackup or Ghost, but it is my understanding that not
> all backup programs support
> >backing up of encrypted files and it is not that the
> files would be decrypted, but
> >that they would be backed up and restored as gibberish
> which is something to
> >consider. XP Pro SP1 and W2003 EFS uses AES [strong
> stuff] which if restored to a W2K
> >computer and then imported the recovery agent EFS private
> key to decrypt the files
> >would not work because W2K does not support AES. ---
> Steve
> >
> >
> >http://support.microsoft.com/default.aspx?kbid=243330 --
> well known sids
> >http://www.microsoft.com/resources/documentation/windows/2
> 000/server/reskit/en-us/distsys/part2/dsgch15.mspx
> >--- efs info
> >
> >"Parhez Sattar" <pxs01@grh.org> wrote in message
> >news:1a0f201c44da4$993f6320$a001280a@phx.gbl...
> >> We have this debate going in the office about NTFS and
> how
> >> it protects files from falling in the wrong hands.
> >> Basically, the questions are:
> >> -What are the risks if a backup tape, that was used to
> >> backup an NTFS volume on a machine (W2K/XPpro)that was
> >> part of a corporate domain/AD, falls into the hands of a
> >> person who is curious (but not very savvy to know
> hacking
> >> tools) and has a tape drive on their home machine. Can
> >> this person just restore the tape onto their computer
> and
> >> gain full access to the files (mind you that they were
> >> protected via NTFS 5.0 on the original partition)
> without
> >> taking any additional steps (such as taking ownership,
> >> bypassing the original ACL, etc.)?? Add EFS to the
> >> scenario above. What changes? Thanks in advance.
> >>
> >>
> >
> >
> >.
> >
- Next message: rwhite: "Installing Windows Updates"
- Previous message: CWDev: "Disabled old Admins acct - no rights to re-enable"
- In reply to: Parhez Sattar: "Re: recovering NTFS volumes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
