Sign in with
Sign up | Sign in
Your question

encryption and user rights

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
June 15, 2004 9:14:21 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Dear all,

I have a directory on an external disk encrypted the directory
(and its content) I then connected the disk to another computer,
logged in as administrator and guess what?! I could change the
user rights of that "encrypted directory" and have full access to
it?

Any ideas how I can avoid this and make sure a "key" is required
before any (including administrator of OTHER computers) can amend
user rights to encrypted directories?

Many thanks

--
Zen Andreas

More about : encryption user rights

Anonymous
a b 8 Security
June 15, 2004 10:53:34 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Did you use EFS (Encrypted File System) for this encryption? NTFS permission
and EFS don't have much in common. If you need to protect files from being
deleted then you need NTFS permissions. If you need to protect the content
of the file then EFS is the technology you should choose...

If you encrypt the file using EFS you can't copy it to any other location
unless you have the private key. BUT you can delete the file if you have the
NTFS permissions even if you don't have the private key...

So to do what you want. First encrypt the files then set the NTFS
permissions only to the people that need any access to the file and remove
anyone else. This will prevent all users from changing the file permissions
and protect the file from deletion... Well all users but Administrator.
Administrator will _always_ have the option to take the permissions back,
but without the private key he won't be able to see the content of the
file...

I hope this helps,

Mike

"Zen Andreas" <zen8069@zen.co.uk> wrote in message
news:ewzikPvUEHA.2940@TK2MSFTNGP09.phx.gbl...
> Dear all,
>
> I have a directory on an external disk encrypted the directory
> (and its content) I then connected the disk to another computer,
> logged in as administrator and guess what?! I could change the
> user rights of that "encrypted directory" and have full access to
> it?
>
> Any ideas how I can avoid this and make sure a "key" is required
> before any (including administrator of OTHER computers) can amend
> user rights to encrypted directories?
>
> Many thanks
>
> --
> Zen Andreas
>
>
Anonymous
a b 8 Security
June 16, 2004 12:24:16 AM

Archived from groups: microsoft.public.win2000.security (More info?)

How were you trying to encrypt the data?


"Zen Andreas" <zen8069@zen.co.uk> wrote in message
news:ewzikPvUEHA.2940@TK2MSFTNGP09.phx.gbl...
> Dear all,
>
> I have a directory on an external disk encrypted the directory
> (and its content) I then connected the disk to another computer,
> logged in as administrator and guess what?! I could change the
> user rights of that "encrypted directory" and have full access to
> it?
>
> Any ideas how I can avoid this and make sure a "key" is required
> before any (including administrator of OTHER computers) can amend
> user rights to encrypted directories?
>
> Many thanks
>
> --
> Zen Andreas
>
>
Anonymous
a b 8 Security
June 16, 2004 3:37:46 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I was trying to encrypt the directory by right-clicking then:
properties, advanced and then "encryption content to secure
data". that's it. The disk is NTFS formatted.

Am I missing something out here? should it be done differently?


"Oli Restorick [MVP]" <oli@mvps.org> wrote in message
news:o iPGb5wUEHA.1952@TK2MSFTNGP12.phx.gbl...
> How were you trying to encrypt the data?
>
>
> "Zen Andreas" <zen8069@zen.co.uk> wrote in message
> news:ewzikPvUEHA.2940@TK2MSFTNGP09.phx.gbl...
> > Dear all,
> >
> > I have a directory on an external disk encrypted the
directory
> > (and its content) I then connected the disk to another
computer,
> > logged in as administrator and guess what?! I could change
the
> > user rights of that "encrypted directory" and have full
access to
> > it?
> >
> > Any ideas how I can avoid this and make sure a "key" is
required
> > before any (including administrator of OTHER computers) can
amend
> > user rights to encrypted directories?
> >
> > Many thanks
> >
> > --
> > Zen Andreas
> >
> >
>
>
!