Re: Prevent copying to local HD

From: Brian K. Sheperd (brians_at_lesker.com)
Date: 10/07/03

• Next message: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Previous message: Paul Clement: "Re: impersonation and ado access connection"
• In reply to: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Next in thread: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Reply: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 7 Oct 2003 09:24:16 -0400

When you say that you replaced the Windows GUI, what did you switch to? --
Linux/Unix type system or other?

Thanks,
Brian

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
news:tWxgb.8636$QH3.4469@newsfep4-winn.server.ntli.net...
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:expaDWLjDHA.4048@tk2msftngp13.phx.gbl...
> > The question is then how do I prevent clipboard transfer to the Remote
> > Desktop/Citrix client?
>
> At this level of paranoia, you'll need to replace the Windows GUI. I've
> worked with a bank or two that have done precisely that.
>
> Anything less, and you don't have enough control over more rather obvious
> holes, such as printing.
>
> Onviously, this is unrealistic in most cases; generally, you'd lock-down
> everything execpt the temp directory, and reluctantly accept that you
can't
> enforce an overall security policy using a single tool.
>
> --
>
> Hairy One Kenobi
>
> Disclaimer: the opinions expressed in this opinion do not necessarily
> reflect the opinions of the highly-opinionated person expressing the
opinion
> in the first place. So there!
>
> > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> > news:OcaecaJjDHA.2512@TK2MSFTNGP11.phx.gbl...
> > > In addition to David's comments.
> > >
> > > If you're not worried about someone tapping the local hardware, you
> could
> > > look at something like Terminal Services or Citrix.
> > >
> > > Cheers
> > > Ken
> > >
> > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > > news:O3AOMXJjDHA.1716@TK2MSFTNGP12.phx.gbl...
> > > : How secure do you want this to be? With untrusted hardware, what
you
> > are
> > > : asking for is impossible. When you want to prevent people from
> > "copying"
> > > a
> > > : file yet allow them to work with the file, you have to somehow make
> sure
> > > : that the agent which the user uses to access the file is trusted.
> That
> > > : whole chain of trust must go to the HW and CPU itself (because you
> don't
> > > : know if someone taps the network card, taps the video card, taps the
> > > : Hard-Drive controller, etc -- and they've just illegally obtained a
> > "copy"
> > > : of this data ).
> > > :
> > > : In other words, this is not currently possible. This sort of
ability
> is
> > > : very controversial and have huge societal implications.
> > > :
> > > : --
> > > : //David
> > > : IIS
> > > : This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > : //
> > > : "Brian K. Sheperd" <brians@lesker.com> wrote in message
> > > : news:erAbgnAjDHA.3340@tk2msftngp13.phx.gbl...
> > > : Hello,
> > > :
> > > :
> > > :
> > > : I apologize in advance if this is in the wrong area.
> > > :
> > > :
> > > :
> > > : We have a Win2K domain with some standalone 2k servers. Is it
> possible
> > > with
> > > : either win2k or 3rd party applications to prevent people from
copying
> a
> > > file
> > > : from the server to their local hard drives; however, still be able
to
> > work
> > > : (modify, create, etc) with files on the server?
> > > :
> > > :
> > > :
> > > : Thanks,
> > > :
> > > : Brian
> > > :
> > > :
> > > :
> > >
> > >
> >
> >
>
>

---

• Next message: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Previous message: Paul Clement: "Re: impersonation and ado access connection"
• In reply to: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Next in thread: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Reply: Hairy One Kenobi: "Re: Prevent copying to local HD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Whats gonna happen if two clients in the same LAN have the same MAC address? ... > Roger Abell wrote: ... > there are two machines with the same MAC then the switch got to keep ... "guaranteed" unique things like MAC addresses, ... the opinions expressed in this opinion do not necessarily ... (microsoft.public.windows.server.security) Re: TalkTalk free broadband - the details ... But you're going to switch to TalkTalk!! ... I can't finid any bad opinions about TT but I found loads on the ... cap on bandwidth however, if I use a lot of bandwidth in one ... Also carphone warehouse are a big company with a reputation ... (uk.telecom.broadband) Re: Taurus ignition switch actuator broken yet again ... You know how their opinions might vary from practical ... You could easily enough mount an external keyed ignition switch which already has ... I havent seen that Ford actuator rod.. ... (rec.autos.tech) Re: TalkTalk free broadband - the details ... You have no clue, do you? ... But you're going to switch to TalkTalk!! ... I can't finid any bad opinions about TT but I found loads on the ... other pay ISPs including the very expensive ... (uk.telecom.broadband) Re: Netra T1 drops to OK promt too often. ... >you disable the break by uncommenting ... which causes the keyboard to switch to the alternate sequence ... Expressed in this posting are my opinions. ... to opinions held by my employer, Sun Microsystems. ... (comp.unix.solaris)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2003-10