Re: Disallow File or Directory Copy

From: DaveMo <david.mowers@xxxxxxxxx>
Date: Tue, 16 Oct 2007 13:57:11 -0000

On Oct 15, 8:13 am, bshort1...@xxxxxxxxx wrote:

I am trying to figure out how to prevent users from copying a file or
directory from the corporate network. The problem I have run into is
a user inadvertently copying a shared database to another location.
They now continue to use the wrong database and enter\modify data.
Once they realize something is wrong it takes some time to fix the
issue.

I am surprised that there is no security setting in Windows to
disallow copying of a directory or file. I was playing with the idea
of hiding the directory and creating another directory with shortcuts
only in it but that gets messy.

Has anyone else had a problem with this?

Thanks,

bshort1023

Copying a file is really a combination of two actions. Reading the
file and then writing it somewhere else. While this sounds obvious,
your question was why isn't there a user permission in Windows to stop
a copy. The problem with trying to solve this is that the same rights
that are required to read the data are the same rights (neccessarily)
needed to read the file. You have to assume that the user has the
ability to write data somewhere, even if it is their local desktop or
My Documents folder. In reality you can't stop the read and you can't
stop the write - so you can't stop the copy operation by definition.

The real problem in the scenario you describe is that the user's have
complete and unrestrained access to the dataset and they know where it
lives. Client/Server or 3-tier application models solve the basic
problem by abstracting the data source behind a service which is
designed to offer up data as it is needed. This model allows you to do
more interesting things with access control and become much more
granular in how you allow access. In the most typical implementation,
the user wouldn't have any rights to the database at all, only some
service account does. This, IMO, is the best way to solve your
problem.

HTH,
Dave

.

References:
- Disallow File or Directory Copy
  - From: bshort1023

Prev by Date: Re: Inherited Permissions disabled?
Next by Date: Folder Encryption Multiple User Access
Previous by thread: Re: Disallow File or Directory Copy
Next by thread: Re: Disallow File or Directory Copy
Index(es):
- Date
- Thread

Relevant Pages

Re: Non-descriptive error message
... possibly that the copying disclosed a corruption that was previously ... and make a backup copy of the database so you get multiple ... Open the report in design view, set its HasModule propety to No. Save. ... If it doesn't you have struck a reasonably rare corruption where the 2 ...
(microsoft.public.access.reports)
Re: Error code = 4060
... divisional portals are running under a different app pool and identity than ... the corporate portal, and the identity of this pool, while having dbo rights ... portal's content database. ...
(microsoft.public.sharepoint.portalserver.development)
Re: Intellectual Property Protection
... and compare it to a database of copyrighted works. ... > is copying our work, ... > targetting only Windows computers. ...
(microsoft.public.development.device.drivers)
Re: db_denydatawriter
... perhaps this also gives read write access on the database to this user? ... Resrictive permissions overrides in its own level. ... However, if she has sysadmin right, then she'll be able to modify that data. ... Is it possible she has some admin rights which override DenyWriter (though ...
(microsoft.public.sqlserver.security)
Re: Complete Neophyte Question(s)
... No you cannot remove a login from the 'public' role. ... For rights to _use_ objects then the appropriate rights need to be granted ... GRANT SELECT ON dbo.Orders TO OrderViewers ... for a database that is supposed to be secured it is a bad idea ...
(microsoft.public.sqlserver.security)