Re: Volume Shadow Copy

From: Jeffrey L (jeffrey_at_nowhere.com)
Date: 05/08/05


Date: Sun, 8 May 2005 13:26:30 -0400

The users need WRITE access in order to enter payments, billing, etc. They
are trusted not be theives and there are checks and balances in place for
security purposes. We just didn't want anyone to have the ability to
restore older files if they thought that there was a file integrity problem
before IT gets involved and troubleshoots.

"Herb Martin" <news@LearnQuick.com> wrote in message
news:%23SoP8yvUFHA.2468@TK2MSFTNGP10.phx.gbl...
> "Jeffrey L" <jeffrey@nowhere.com> wrote in message
> news:#BBfuxmUFHA.2616@TK2MSFTNGP14.phx.gbl...
>> Several users involved in billing are connected to share for BillingData.
>> Only one of these users should have the authority to restore a previous
>> version (such as an admin.)
>
> Then those 'other users' should not have the authority to
> WRITE to the main file or shouldn't even have the authority
> to READ that file (make copies.)
>
> Notice that shadow copy is NOT the problem here, but rather
> the permissions given to the users is the real issue.
>
> If they choose to make their "own" backup of a readable
> file today, you could not stop them. If they choose to over-write
> a WRITABLE file tomorrow from that backup -- for even
> from some junk -- you could not stop them.
>
> You have a permission problem, not a shadow copy
> problem.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>>
>> "Herb Martin" <news@LearnQuick.com> wrote in message
>> news:Ov6jDemUFHA.2768@tk2msftngp13.phx.gbl...
>> >> "Jeffrey L" <jeffrey@nowhere.com> wrote in message
>> >> news:ubxU60lUFHA.3572@TK2MSFTNGP12.phx.gbl...
>> >> > Is there a way to limit some users of rolling back to a previous
>> > version?
>> >> > Although the users have access to the shared drive, we just don't
> want
>> >> > them to have the option of restoring a previous version.
>> >
>> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> > news:exqR6BmUFHA.1044@TK2MSFTNGP10.phx.gbl...
>> >> Rollback what?? If you mean they are accessing a share on a Windows
> 2003
>> >> Server that has Volume Shadow Copy I don't know of a way to
>> >> selectively
>> >> prevent users from using it unless you do not install the client on
> there
>> >> Windows 2000/XP Pro computers. --- Steve
>> >
>> >
>> > Steven is correct -- that is the main point of Shadow Copy
>> > so you either disable it or you don't give the client software
>> > to the users.
>> >
>> > Why every would you want people not to be able to recover
>> > a file?
>> >
>> > If they are recovering "other people's files" then that should be
>> > dealt with through permissions.
>> >
>> > A user must have READ on the original to copy the shadow
>> > version, and Modify/Change on the original to overwrite it.
>> >
>> > Since each person almost always has this on their own files,
>> > they are going to be able to recover those file that belong to
>> > them, and any others that meet these requirements.
>> >
>> > --
>> > Herb Martin, MCSE, MVP
>> > Accelerated MCSE
>> > http://www.LearnQuick.Com
>> > [phone number on web site]
>> >
>> >
>>
>>
>
>



Relevant Pages

  • Re: Volume Shadow Copy
    ... >>Several users involved in billing are connected to share for BillingData. ... >>Only one of these users should have the authority to restore a previous ... the accounting software would be the only "one" ... allowed to actually touch the raw files or raw database. ...
    (microsoft.public.win2000.security)
  • Re: Volume Shadow Copy
    ... Several users involved in billing are connected to share for BillingData. ... > so you either disable it or you don't give the client software ... > they are going to be able to recover those file that belong to ... > Accelerated MCSE ...
    (microsoft.public.win2000.security)
  • Re: Volume Shadow Copy
    ... Then your only option is remove the shadow copy client from their ... >> WRITE to the main file or shouldn't even have the authority ... >> You have a permission problem, ... >> Accelerated MCSE ...
    (microsoft.public.win2000.security)