how to prevent data/informations on production environment?

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The management which concern that when staff resigned,
Who robbed some important data such as Email, documents, etc...,
(write to their portable devices(USB memory, portable USB HD))~
Any suggestions to prevent this issues ??

I had tried to using the EFS & Auditing the object access for this purpose
but it 's inconveniently to management~
Pls give some advices ~

Thanks in advance~
Clinf

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Clinf" <clinf@www.com> wrote in message
news:eMhflXc3EHA.2876@TK2MSFTNGP12.phx.gbl...
> The management which concern that when staff resigned,
> Who robbed some important data such as Email, documents, etc...,
> (write to their portable devices(USB memory, portable USB HD))~
> Any suggestions to prevent this issues ??
>
> I had tried to using the EFS & Auditing the object access for this purpose
> but it 's inconveniently to management~

Tough (for them.)

Security is practically always a trade-off with CONVENIENCE.

If you lock your door (car, home, etc.) then you must
carry and use your key to get in. Less convenient.

If you add more entrances to a building (during construction
or modification) you offer more targets for attack by thieves
etc.

This latter idea is called "attack surface" in network and
systems security.

EFS is one approach and should offer practially no significant
inconveniences.

In some sense you can never be fully protected from ROGUE
ADMINS nor from users who misuse date which they control.

(Barring some sort of secure building, CIA-like setup.)

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

There's a new policy available for Win XP SP2.
The new policy is set in the Registry in
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies,
as a DWORD named WriteProtect. When set to 1, all USB removable drives
are write-protected. When set to 0 (or when the DWORD entry is removed
entirely), USB drives can once again be written to. This is a
machine-level setting and not a user-level setting.

Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/


Clinf wrote:
> *The management which concern that when staff resigned,
> Who robbed some important data such as Email, documents, etc...,
> (write to their portable devices(USB memory, portable USB HD))~
> Any suggestions to prevent this issues ??
>
> I had tried to using the EFS & Auditing the object access for this
> purpose
> but it 's inconveniently to management~
> Pls give some advices ~
>
> Thanks in advance~
> Clinf *



--
Andreiu U.
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1277061.html