encryption and user rights

Archived from groups: microsoft.public.win2000.security (More info?)

Dear all,

I have a directory on an external disk encrypted the directory
(and its content) I then connected the disk to another computer,
logged in as administrator and guess what?! I could change the
user rights of that "encrypted directory" and have full access to
it?

Any ideas how I can avoid this and make sure a "key" is required
before any (including administrator of OTHER computers) can amend
user rights to encrypted directories?

Many thanks

--
Zen Andreas
3 answers Last reply
More about encryption user rights
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Did you use EFS (Encrypted File System) for this encryption? NTFS permission
    and EFS don't have much in common. If you need to protect files from being
    deleted then you need NTFS permissions. If you need to protect the content
    of the file then EFS is the technology you should choose...

    If you encrypt the file using EFS you can't copy it to any other location
    unless you have the private key. BUT you can delete the file if you have the
    NTFS permissions even if you don't have the private key...

    So to do what you want. First encrypt the files then set the NTFS
    permissions only to the people that need any access to the file and remove
    anyone else. This will prevent all users from changing the file permissions
    and protect the file from deletion... Well all users but Administrator.
    Administrator will _always_ have the option to take the permissions back,
    but without the private key he won't be able to see the content of the
    file...

    I hope this helps,

    Mike

    "Zen Andreas" <zen8069@zen.co.uk> wrote in message
    news:ewzikPvUEHA.2940@TK2MSFTNGP09.phx.gbl...
    > Dear all,
    >
    > I have a directory on an external disk encrypted the directory
    > (and its content) I then connected the disk to another computer,
    > logged in as administrator and guess what?! I could change the
    > user rights of that "encrypted directory" and have full access to
    > it?
    >
    > Any ideas how I can avoid this and make sure a "key" is required
    > before any (including administrator of OTHER computers) can amend
    > user rights to encrypted directories?
    >
    > Many thanks
    >
    > --
    > Zen Andreas
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    How were you trying to encrypt the data?


    "Zen Andreas" <zen8069@zen.co.uk> wrote in message
    news:ewzikPvUEHA.2940@TK2MSFTNGP09.phx.gbl...
    > Dear all,
    >
    > I have a directory on an external disk encrypted the directory
    > (and its content) I then connected the disk to another computer,
    > logged in as administrator and guess what?! I could change the
    > user rights of that "encrypted directory" and have full access to
    > it?
    >
    > Any ideas how I can avoid this and make sure a "key" is required
    > before any (including administrator of OTHER computers) can amend
    > user rights to encrypted directories?
    >
    > Many thanks
    >
    > --
    > Zen Andreas
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    I was trying to encrypt the directory by right-clicking then:
    properties, advanced and then "encryption content to secure
    data". that's it. The disk is NTFS formatted.

    Am I missing something out here? should it be done differently?


    "Oli Restorick [MVP]" <oli@mvps.org> wrote in message
    news:OiPGb5wUEHA.1952@TK2MSFTNGP12.phx.gbl...
    > How were you trying to encrypt the data?
    >
    >
    > "Zen Andreas" <zen8069@zen.co.uk> wrote in message
    > news:ewzikPvUEHA.2940@TK2MSFTNGP09.phx.gbl...
    > > Dear all,
    > >
    > > I have a directory on an external disk encrypted the
    directory
    > > (and its content) I then connected the disk to another
    computer,
    > > logged in as administrator and guess what?! I could change
    the
    > > user rights of that "encrypted directory" and have full
    access to
    > > it?
    > >
    > > Any ideas how I can avoid this and make sure a "key" is
    required
    > > before any (including administrator of OTHER computers) can
    amend
    > > user rights to encrypted directories?
    > >
    > > Many thanks
    > >
    > > --
    > > Zen Andreas
    > >
    > >
    >
    >
Ask a new question

Read More

Encryption Security Microsoft Windows