Re: Compression on a folder

From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
Date: Sun, 19 Aug 2007 15:00:25 -0700

Heh, it's my habit to ask questions like this :)

Stick around security folks long enough and you'll hear reference to "the principle of least privilege." Users/computers/processes should have only the necessary privileges to complete their work. This is a time-honored notion.

A corollary is "the principle of minimal security." It can be very easy to apply too many security controls to something. The temptation to enable some security setting just because it's there is often very great. It's at times like these where one should step back, evaluate risks and consider threats, and then decide if it really makes sense to enable the setting. And in many cases, it doesn't.

To the question, "How much security do you need?" the answer is, "Just enough." The difficult part, of course, is determining what "just enough" is for you. Security configuration guides can help, but ultimately only you can answer the question.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

"WMB" <noreply@xxxxxxxxxxx> wrote in message news:ula0K$o4HHA.3400@xxxxxxxxxxxxxxxxxxxxxxx

Point taken :)

wayne
"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> wrote in message news:833FAE00-869D-4ED1-913F-9E63B85B15F5@xxxxxxxxxxxxxxxx
Do you perceive a security risk by allowing users to compress files?

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

"WMB" <noreply@xxxxxxxxxxx> wrote in message news:Ol7iG5n4HHA.5164@xxxxxxxxxxxxxxxxxxxxxxx
Hi All

Does anyone know of a way that I can prevent my users from right clicking on their home folders then on properities and then advance to compress their data?

wayne

References:
- Compression on a folder
  - From: WMB
- Re: Compression on a folder
  - From: Steve Riley [MSFT]
- Re: Compression on a folder
  - From: WMB

Prev by Date: Re: Compression on a folder
Next by Date: Re: Prevent Users interactive login, but allow them to run batch jobs
Previous by thread: Re: Compression on a folder
Next by thread: Re: Prevent Users interactive login, but allow them to run batch jobs
Index(es):
- Date
- Thread

Relevant Pages

Re: Having ASPNET member of Administrators
... > So much for the principle of least privilege... ... use the security that you need. ... We run ASP.Net under the System account. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Having ASPNET member of Administrators
... I felt it was risky but not ... account from Administrators. ... >> So much for the principle of least privilege... ... In general, where security is the issue, the ...
(microsoft.public.dotnet.framework.aspnet)
Re: Single Sign-On (SSO) with VB.Net 1.1 App
... but instead just get user information through the Principle ... Most of this security is handled by .NET's CAS: ... handling AppDomain specific permission. ...
(microsoft.public.dotnet.languages.vb)
Re: Gaelic Maybe.
... you're also discounting the very real change present ... clear that security arrangements are made on security grounds only. ... IOW the principle no longer mattered. ... to the failures of the intransigent wing of unionism and the violent wing of ...
(soc.culture.irish)
Re: 2003 Web Server Security flaw
... When talking about computer security, there are areas that have no such ... > "Disable all unnecessary services and don't install unnecessary programs ... I think you may be taking this basic principle a bit too far in regards to ... the web server, then I will state in my *opinion* that there will be no ...
(microsoft.public.windows.server.security)