Re: Password Protecting/Hiding Files & Folders on Windows 2003 server???

And I've just discovered that the administrator still has access to the
file anyway...

Is there a logging agent on an AD file server? I would be happy to use
EFS if I could just review logs... This way I could have the employee
sign a declaration stating they will not access employee data and also
state that we are able to monitor this...

I really just want to protect files against trusted users... I'm not
looking for a water tight solution that no-one can break - I just want
to be able to instill confidence in the fact that:

a) the administrator is clear that they will be reprimanded if caught
snooping through employee folders & files (mainly the CEO & CFO)
b) there is basic encryption meaning the administrator can't just
double click and view any files..

I know if someone wants access, and they know what they are doing, then
they will end up getting it but I would like to think I can place some
trust in the employee not to do that...

Thanks
Shannon

Roger Abell [MVP] wrote:
<shannonw@xxxxxxxxxxxxxxx> wrote in message
news:1159142964.039273.125680@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I guess my problem lies in the fact that I need a solution that is easy
to use or the people that I need the most support from (managers &
directors) wont use it and wont support it...

If they are required to encrypt every file before transferring to the
file server using a cumbersome program then they will just not do it...


It needs to be as simple as:

1. Save the file on server
2. Right click to activate encryption

And the files need to be re-accessible by a simple double click and
then a password prompt.

Microsoft EFS is the best solution I have seen but it is not activated
on AD yet and the administrator was a little hesitant to allow user
acces to this facility...

I might have a look into PGP...

Some of the programs I tried to use include:

- Folder Security Guard
- Hide Folders
- Folder Password
- SecuKEEPER
- Universal Shield

All had their advantages but none worked over a network on a file
server...

Thanks for the feedback


EFS can come close to what you outline as a need, if your environment
is correctly set up to use it in remote scenario. However, depending on
your situation the file may be unencrypted while on the wire, and in order
to meet the requirement that no one except the doc owner can access it
while on the server tight control would have to be taken over the EFS
default recovery agent (or, again depending on your environment, over
key escrow, etc.).

.

Relevant Pages

  • RE: Handling Sysads resignation/termination
    ... Has anyone observed or heard of a former employer make up stories, ... divert attention to the Johnny Mneumonic/former employee example used ... >when an administrator behaves badly, ... >>WLAN by understanding these threats, ...
    (Pen-Test)
  • OT, unless youre an IT or SysAdmin
    ... As an employee of an institution of higher education, ... a waste of time, but also a waste of precious oxygen. ... give me a bad recommendation. ... Never f*** with your systems administrator. ...
    (rec.outdoors.fishing.fly)
  • Re: Nosey coworkers
    ... The only business that should show up on the OP's computer is the business ... There are NO rights to privacy regarding material on a company computer ... Being the administrator of an XP computer implies nothing with regard to ... an employee should show respect to the employer by NOT ...
    (microsoft.public.windowsxp.security_admin)
  • In Ordnerumleitung gefangen
    ... So nun hat der Domänen Administrator einen Profil oderner ... auf dem File Server zwischen den ganzen anderen Usern. ...
    (microsoft.public.de.german.windowsxp.gruppen.richtlinien)
  • Re: Dont f*ck with a Flip, read on....
    ... > Actual letter of resignation from a PINOY employee at Zantex Computers, USA, ... > to give me a bad recommendation. ... > with your systems administrator. ...
    (soc.culture.filipino)