Sign in with
Sign up | Sign in
Your question

Log access or prevent access to private/confidential infor..

Last response: in Windows XP
Share
Anonymous
August 30, 2005 3:07:47 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi,

I would like to be able to log access to my folders from the network. That
is, I want to know when an administrator has accessed my drive. I have
private/confidential information on my PC and do not want administrators to
be able to access it, unless I give explicit permission. How can I achieve
this?

Thanks,


Robin.
August 30, 2005 3:07:48 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
Robin Tucker <unmailable@duetospam.com> had this to say:

My reply is at the bottom of your sent message:

> Hi,
>
> I would like to be able to log access to my folders from the network.
> That is, I want to know when an administrator has accessed my drive. I
> have private/confidential information on my PC and do not want
> administrators to be able to access it, unless I give explicit
> permission. How can I achieve this?
>
> Thanks,
>
>
> Robin.

As has been mentioned by David Candy, ask them. If you have, as it seems,
administrators then the implication is that the PC doesn't belong to you.
Private/confidential information should not really be kept on property not
belonging to you and the company has a right (and perhaps and obligation) to
monitor the contents of their property. Given that they're the admins and
likely able to access your account at any time (and probably have rules
regarding third party software installations) your best bet would be to
accept that anything you put on the work computer belongs, by default, to
the company or at least gives them rights to access it with or without your
consent.

Your personal computing should probably be done at home -- if you want to
keep your job. More and more companies, for various reasons, are starting to
not only monitor internet access but files on their PCs. With the increase
in various regulations (Sarbox, HIPPA, etc) it's in your best interest to
really keep your personal, private, and confidential data on a system that
you are the only administrator of. Note that this is mostly a U.S. thing
though the EU and surely other countries have similar policies.

Galen
--

"You know that a conjurer gets no credit when once he has explained his
trick; and if I show you too much of my method of working, you will
come to the conclusion that I am a very ordinary individual after all."

Sherlock Holmes
Anonymous
August 30, 2005 6:33:30 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Yes, it is company property. No, I am not asking that MY PERSONAL
INFORMATION be locked down. The administrators should not have the right to
view any/all information, some of which is potentially confidential such as,
for example, Personel Records. No I am not a n00b sitting in a cubicle
passing wind every 30 seconds. I am genuiunely asking this question, for
the purposes of security of personal information. How can we allow
administration of a network/domain, but protect information from prying
eyes, be they administrators or not.

Thankyou.



"Galen" <galennews@gmail.com> wrote in message
news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
> Robin Tucker <unmailable@duetospam.com> had this to say:
>
> My reply is at the bottom of your sent message:
>
>> Hi,
>>
>> I would like to be able to log access to my folders from the network.
>> That is, I want to know when an administrator has accessed my drive. I
>> have private/confidential information on my PC and do not want
>> administrators to be able to access it, unless I give explicit
>> permission. How can I achieve this?
>>
>> Thanks,
>>
>>
>> Robin.
>
> As has been mentioned by David Candy, ask them. If you have, as it seems,
> administrators then the implication is that the PC doesn't belong to you.
> Private/confidential information should not really be kept on property not
> belonging to you and the company has a right (and perhaps and obligation)
> to monitor the contents of their property. Given that they're the admins
> and likely able to access your account at any time (and probably have
> rules regarding third party software installations) your best bet would be
> to accept that anything you put on the work computer belongs, by default,
> to the company or at least gives them rights to access it with or without
> your consent.
>
> Your personal computing should probably be done at home -- if you want to
> keep your job. More and more companies, for various reasons, are starting
> to not only monitor internet access but files on their PCs. With the
> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
> interest to really keep your personal, private, and confidential data on a
> system that you are the only administrator of. Note that this is mostly a
> U.S. thing though the EU and surely other countries have similar policies.
>
> Galen
> --
>
> "You know that a conjurer gets no credit when once he has explained his
> trick; and if I show you too much of my method of working, you will
> come to the conclusion that I am a very ordinary individual after all."
>
> Sherlock Holmes
>
Related resources
August 30, 2005 6:33:31 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In news:D f1n77$e6k$1$8300dec7@news.demon.co.uk,
Robin Tucker <unmailable@duetospam.com> had this to say:

My reply is at the bottom of your sent message:

> Yes, it is company property. No, I am not asking that MY PERSONAL
> INFORMATION be locked down. The administrators should not have the
> right to view any/all information, some of which is potentially
> confidential such as, for example, Personel Records. No I am not a
> n00b sitting in a cubicle passing wind every 30 seconds. I am
> genuiunely asking this question, for the purposes of security of
> personal information. How can we allow administration of a
> network/domain, but protect information from prying eyes, be they
> administrators or not.
> Thankyou.
>
>
>
> "Galen" <galennews@gmail.com> wrote in message
> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>>> Hi,
>>>
>>> I would like to be able to log access to my folders from the
>>> network. That is, I want to know when an administrator has accessed
>>> my drive. I have private/confidential information on my PC and do
>>> not want administrators to be able to access it, unless I give
>>> explicit permission. How can I achieve this?
>>>
>>> Thanks,
>>>
>>>
>>> Robin.
>>
>> As has been mentioned by David Candy, ask them. If you have, as it
>> seems, administrators then the implication is that the PC doesn't
>> belong to you. Private/confidential information should not really be
>> kept on property not belonging to you and the company has a right
>> (and perhaps and obligation) to monitor the contents of their
>> property. Given that they're the admins and likely able to access
>> your account at any time (and probably have rules regarding third
>> party software installations) your best bet would be to accept that
>> anything you put on the work computer belongs, by default, to the
>> company or at least gives them rights to access it with or without
>> your consent. Your personal computing should probably be done at home --
>> if you
>> want to keep your job. More and more companies, for various reasons,
>> are starting to not only monitor internet access but files on their
>> PCs. With the increase in various regulations (Sarbox, HIPPA, etc)
>> it's in your best interest to really keep your personal, private,
>> and confidential data on a system that you are the only
>> administrator of. Note that this is mostly a U.S. thing though the
>> EU and surely other countries have similar policies. Galen
>> --
>>
>> "You know that a conjurer gets no credit when once he has explained
>> his trick; and if I show you too much of my method of working, you
>> will come to the conclusion that I am a very ordinary individual after
>> all." Sherlock Holmes

As has been pointed out already you really can't. The admin can simply take
your account, kill your password, use your encrypted files, and take
ownership of any file they want. Depending on whom you work for or where you
live I'd contend that they CAN do so without prior notice legally. There's
the moral issue but, well, the PC doesn't belong to you. In my country, the
USA, they don't need your permission to look at the computer's files - they
need the permission of the owner of the computer.

One of the main concerns here is that you'd want to be able to allow these
same admins, whom you're trying to keep out, to be able to recover your PC
and it's information in the event of failure. If the problem is trust then
perhaps you need better admins or an established corporate policy dealing
with this. A third party encryption tool (properly used with a strong
password and at least 128 bit encryption) would do you well and if allowed
to be configured/installed would suit your needs. Again, this likely
violates any policy you may have in place or certainly makes the admin's job
more difficult when things go corrupted/kabloey and you need recovery. Who
then, for instance, would you trust to be the person to hold the second copy
of the key for opening these files? The admin or a sticky pad stuck to the
underside of your desk?

Following the directions below, using encryption and file permissions, is
just false security. Any admin worth their salt still has complete access.
It might take an extra two or three minutes to figure out what you've done
but, well, fortunately encrypted files come pre-colored so you know which
ones they are. Grabbing ownership of a file is all of thirty seconds work at
best. Installing a third party encryption tool without sanction from your
boss is a "sackable" offense. Failure to provide a fail-safe should that
encrypted file become corrupt is also a fireable offense too.

The best options are to ask the admin and your supervisor. Write up an email
and CC it to both your boss and the head of your IT Department describing
what you want to do, why, and your goals. Your goals being pretty simple
(and honorable from my perspective) in that you're trying to keep
personal/HR-type data private for the sake of the employees? Explaining that
and finding a compromise is the goal - not complete usurpation of ability
(nor false sense of security) which is sure to result in disciplinary
actions in any reputable business. Please don't think for a minute that I
don't think you're justified in your ideals but rather your methods are
subject to some very basic flaws which I believe I've covered above.

Galen
--

"You know that a conjurer gets no credit when once he has explained his
trick; and if I show you too much of my method of working, you will
come to the conclusion that I am a very ordinary individual after all."

Sherlock Holmes
Anonymous
August 30, 2005 7:09:52 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"Robin Tucker" <unmailable@duetospam.com> wrote in message
news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk...
> Hi,
>
> I would like to be able to log access to my folders from the network.
> That is, I want to know when an administrator has accessed my drive. I
> have private/confidential information on my PC and do not want
> administrators to be able to access it, unless I give explicit permission.
> How can I achieve this?
>
> Thanks,
>
>
> Robin.

Robin,

I don't think you can log access to folders. I've certainly not come across
a way to do it.

In terms of preventing administrators or any others from accessing your
folders, there are a few options:

1. Use file permissions. Using windows explorer, right click the folder you
want to protect, select properties. Then on the "Security" tab you have
control over who has permissions to view, edit, etc on the folder. To stop
system administrators I think you will need to revoke access to
"Administrators". But review each of the permissions because I think the
logic is to grant access to someone if they have access via any of the
accounts/groups listed. You will also need to consider permissions on the
files themselves. If you can't view or change the security permissions then
its likely that the system administrators have locked this out - after all,
fiddling with the file permissions in say the windows folder and you could
break your system.

2. Encrypt your files. If you have your disk formatted NTFS then you can
encrypt files (file properties > general > Advanced), but if you encrypt a
file then I think that only you can read it - which isn't any good if you
need to share the file with anyone else.

Hope this helps,

Brian.

www.cryer.co.uk/brian
Anonymous
August 30, 2005 7:38:01 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

This is exactly the information I needed. Thankyou very much.

"Brian Cryer" <brianc@127.0.0.1.activesol.co.uk> wrote in message
news:1125410994.18200.0@damia.uk.clara.net...
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk...
>> Hi,
>>
>> I would like to be able to log access to my folders from the network.
>> That is, I want to know when an administrator has accessed my drive. I
>> have private/confidential information on my PC and do not want
>> administrators to be able to access it, unless I give explicit
>> permission. How can I achieve this?
>>
>> Thanks,
>>
>>
>> Robin.
>
> Robin,
>
> I don't think you can log access to folders. I've certainly not come
> across a way to do it.
>
> In terms of preventing administrators or any others from accessing your
> folders, there are a few options:
>
> 1. Use file permissions. Using windows explorer, right click the folder
> you want to protect, select properties. Then on the "Security" tab you
> have control over who has permissions to view, edit, etc on the folder. To
> stop system administrators I think you will need to revoke access to
> "Administrators". But review each of the permissions because I think the
> logic is to grant access to someone if they have access via any of the
> accounts/groups listed. You will also need to consider permissions on the
> files themselves. If you can't view or change the security permissions
> then its likely that the system administrators have locked this out -
> after all, fiddling with the file permissions in say the windows folder
> and you could break your system.
>
> 2. Encrypt your files. If you have your disk formatted NTFS then you can
> encrypt files (file properties > general > Advanced), but if you encrypt a
> file then I think that only you can read it - which isn't any good if you
> need to share the file with anyone else.
>
> Hope this helps,
>
> Brian.
>
> www.cryer.co.uk/brian
>
>
Anonymous
August 31, 2005 12:37:24 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Ask your administrators.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk...
> Hi,
>
> I would like to be able to log access to my folders from the network. That
> is, I want to know when an administrator has accessed my drive. I have
> private/confidential information on my PC and do not want administrators to
> be able to access it, unless I give explicit permission. How can I achieve
> this?
>
> Thanks,
>
>
> Robin.
>
>
Anonymous
August 31, 2005 3:46:22 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

You need to ask your administrators how to do this. Admins can't secretly peek at your documents. They are in charge and may prefer you to do it their way. They are the experts in your company on this subject. But basically you can't stop them but nor can they do it secretly.

Admins are used to concerns like this. To take action without their approval could be a criminal offense.
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message news:D f1n77$e6k$1$8300dec7@news.demon.co.uk...
> Yes, it is company property. No, I am not asking that MY PERSONAL
> INFORMATION be locked down. The administrators should not have the right to
> view any/all information, some of which is potentially confidential such as,
> for example, Personel Records. No I am not a n00b sitting in a cubicle
> passing wind every 30 seconds. I am genuiunely asking this question, for
> the purposes of security of personal information. How can we allow
> administration of a network/domain, but protect information from prying
> eyes, be they administrators or not.
>
> Thankyou.
>
>
>
> "Galen" <galennews@gmail.com> wrote in message
> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>>> Hi,
>>>
>>> I would like to be able to log access to my folders from the network.
>>> That is, I want to know when an administrator has accessed my drive. I
>>> have private/confidential information on my PC and do not want
>>> administrators to be able to access it, unless I give explicit
>>> permission. How can I achieve this?
>>>
>>> Thanks,
>>>
>>>
>>> Robin.
>>
>> As has been mentioned by David Candy, ask them. If you have, as it seems,
>> administrators then the implication is that the PC doesn't belong to you.
>> Private/confidential information should not really be kept on property not
>> belonging to you and the company has a right (and perhaps and obligation)
>> to monitor the contents of their property. Given that they're the admins
>> and likely able to access your account at any time (and probably have
>> rules regarding third party software installations) your best bet would be
>> to accept that anything you put on the work computer belongs, by default,
>> to the company or at least gives them rights to access it with or without
>> your consent.
>>
>> Your personal computing should probably be done at home -- if you want to
>> keep your job. More and more companies, for various reasons, are starting
>> to not only monitor internet access but files on their PCs. With the
>> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
>> interest to really keep your personal, private, and confidential data on a
>> system that you are the only administrator of. Note that this is mostly a
>> U.S. thing though the EU and surely other countries have similar policies.
>>
>> Galen
>> --
>>
>> "You know that a conjurer gets no credit when once he has explained his
>> trick; and if I show you too much of my method of working, you will
>> come to the conclusion that I am a very ordinary individual after all."
>>
>> Sherlock Holmes
>>
>
>
Anonymous
August 31, 2005 3:46:23 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"To take action without their approval could be a criminal offense."


Please, this is completely incorrect. It may be against company policy (in
some companies), but it is certainly not illegal. Are you a member of the
administrators trades union or something?




--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message
news:D f1n77$e6k$1$8300dec7@news.demon.co.uk...
> Yes, it is company property. No, I am not asking that MY PERSONAL
> INFORMATION be locked down. The administrators should not have the right
> to
> view any/all information, some of which is potentially confidential such
> as,
> for example, Personel Records. No I am not a n00b sitting in a cubicle
> passing wind every 30 seconds. I am genuiunely asking this question, for
> the purposes of security of personal information. How can we allow
> administration of a network/domain, but protect information from prying
> eyes, be they administrators or not.
>
> Thankyou.
>
>
>
> "Galen" <galennews@gmail.com> wrote in message >
> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>>> Hi,
>>>
>>> I would like to be able to log access to my folders from the network.
>>> That is, I want to know when an administrator has accessed my drive. I
>>> have private/confidential information on my PC and do not want
>>> administrators to be able to access it, unless I give explicit
>>> permission. How can I achieve this?
>>>
>>> Thanks,
>>>
>>>
>>> Robin.
>>
>> As has been mentioned by David Candy, ask them. If you have, as it seems,
>> administrators then the implication is that the PC doesn't belong to you.
>> Private/confidential information should not really be kept on property
>> not
>> belonging to you and the company has a right (and perhaps and obligation)
>> to monitor the contents of their property. Given that they're the admins
>> and likely able to access your account at any time (and probably have
>> rules regarding third party software installations) your best bet would
>> be
>> to accept that anything you put on the work computer belongs, by default,
>> to the company or at least gives them rights to access it with or without
>> your consent.
>>
>> Your personal computing should probably be done at home -- if you want to
>> keep your job. More and more companies, for various reasons, are starting
>> to not only monitor internet access but files on their PCs. With the
>> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
>> interest to really keep your personal, private, and confidential data on
>> a
>> system that you are the only administrator of. Note that this is mostly a
>> U.S. thing though the EU and surely other countries have similar
>> policies.
>>
>> Galen
>> --
>>
>> "You know that a conjurer gets no credit when once he has explained his
>> trick; and if I show you too much of my method of working, you will
>> come to the conclusion that I am a very ordinary individual after all."
>>
>> Sherlock Holmes
>>
>
>
Anonymous
August 31, 2005 4:35:47 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Admins can take ownership of any file. File permissions won't help. Admins can reset the user's password and login and access encrypted files.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Brian Cryer" <brianc@127.0.0.1.activesol.co.uk> wrote in message news:1125410994.18200.0@damia.uk.clara.net...
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk...
>> Hi,
>>
>> I would like to be able to log access to my folders from the network.
>> That is, I want to know when an administrator has accessed my drive. I
>> have private/confidential information on my PC and do not want
>> administrators to be able to access it, unless I give explicit permission.
>> How can I achieve this?
>>
>> Thanks,
>>
>>
>> Robin.
>
> Robin,
>
> I don't think you can log access to folders. I've certainly not come across
> a way to do it.
>
> In terms of preventing administrators or any others from accessing your
> folders, there are a few options:
>
> 1. Use file permissions. Using windows explorer, right click the folder you
> want to protect, select properties. Then on the "Security" tab you have
> control over who has permissions to view, edit, etc on the folder. To stop
> system administrators I think you will need to revoke access to
> "Administrators". But review each of the permissions because I think the
> logic is to grant access to someone if they have access via any of the
> accounts/groups listed. You will also need to consider permissions on the
> files themselves. If you can't view or change the security permissions then
> its likely that the system administrators have locked this out - after all,
> fiddling with the file permissions in say the windows folder and you could
> break your system.
>
> 2. Encrypt your files. If you have your disk formatted NTFS then you can
> encrypt files (file properties > general > Advanced), but if you encrypt a
> file then I think that only you can read it - which isn't any good if you
> need to share the file with anyone else.
>
> Hope this helps,
>
> Brian.
>
> www.cryer.co.uk/brian
>
>
Anonymous
August 31, 2005 4:35:48 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Yes indeed they can. But a reset password will give me some indication that
this has been done.

Note: I am not seeking to make sure this information *cannot ever be access
by any administrator at any time*, I am merely wanting such information to
be accessed with my or my managers permission in such circumstances as this
may be neccessary. With this method, my manager can, if required gain
access to the data by asking the administrator to reset the password.



"David Candy" <.> wrote in message
news:eQIm3DXrFHA.3640@tk2msftngp13.phx.gbl...
Admins can take ownership of any file. File permissions won't help. Admins
can reset the user's password and login and access encrypted files.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Brian Cryer" <brianc@127.0.0.1.activesol.co.uk> wrote in message
news:1125410994.18200.0@damia.uk.clara.net...
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk...
>> Hi,
>>
>> I would like to be able to log access to my folders from the network.
>> That is, I want to know when an administrator has accessed my drive. I
>> have private/confidential information on my PC and do not want
>> administrators to be able to access it, unless I give explicit
>> permission.
>> How can I achieve this?
>>
>> Thanks,
>>
>>
>> Robin.
>
> Robin,
>
> I don't think you can log access to folders. I've certainly not come
> across
> a way to do it.
>
> In terms of preventing administrators or any others from accessing your
> folders, there are a few options:
>
> 1. Use file permissions. Using windows explorer, right click the folder
> you
> want to protect, select properties. Then on the "Security" tab you have
> control over who has permissions to view, edit, etc on the folder. To stop
> system administrators I think you will need to revoke access to
> "Administrators". But review each of the permissions because I think the
> logic is to grant access to someone if they have access via any of the
> accounts/groups listed. You will also need to consider permissions on the
> files themselves. If you can't view or change the security permissions
> then
> its likely that the system administrators have locked this out - after
> all,
> fiddling with the file permissions in say the windows folder and you could
> break your system.
>
> 2. Encrypt your files. If you have your disk formatted NTFS then you can
> encrypt files (file properties > general > Advanced), but if you encrypt a
> file then I think that only you can read it - which isn't any good if you
> need to share the file with anyone else.
>
> Hope this helps,
>
> Brian.
>
> www.cryer.co.uk/brian
>
>
Anonymous
August 31, 2005 5:13:37 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

It would be where I live (one cannot change a single byte on a computer without permission or 5 years goal). Why do you want to ask people who don't know rather than the experts in your company? You can't stop an admin. That's the whole purpose of admins. But nor can the admin do it secretly. One suggestion you have been given I would sack you on the spot as it threatens the survival of the company.

Sure you aren't trying to hack into these files.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message news:D f1r43$n56$1$8302bc10@news.demon.co.uk...
>
> "To take action without their approval could be a criminal offense."
>
>
> Please, this is completely incorrect. It may be against company policy (in
> some companies), but it is certainly not illegal. Are you a member of the
> administrators trades union or something?
>
>
>
>
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1n77$e6k$1$8300dec7@news.demon.co.uk...
>> Yes, it is company property. No, I am not asking that MY PERSONAL
>> INFORMATION be locked down. The administrators should not have the right
>> to
>> view any/all information, some of which is potentially confidential such
>> as,
>> for example, Personel Records. No I am not a n00b sitting in a cubicle
>> passing wind every 30 seconds. I am genuiunely asking this question, for
>> the purposes of security of personal information. How can we allow
>> administration of a network/domain, but protect information from prying
>> eyes, be they administrators or not.
>>
>> Thankyou.
>>
>>
>>
>> "Galen" <galennews@gmail.com> wrote in message >
>> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>>
>>> My reply is at the bottom of your sent message:
>>>
>>>> Hi,
>>>>
>>>> I would like to be able to log access to my folders from the network.
>>>> That is, I want to know when an administrator has accessed my drive. I
>>>> have private/confidential information on my PC and do not want
>>>> administrators to be able to access it, unless I give explicit
>>>> permission. How can I achieve this?
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Robin.
>>>
>>> As has been mentioned by David Candy, ask them. If you have, as it seems,
>>> administrators then the implication is that the PC doesn't belong to you.
>>> Private/confidential information should not really be kept on property
>>> not
>>> belonging to you and the company has a right (and perhaps and obligation)
>>> to monitor the contents of their property. Given that they're the admins
>>> and likely able to access your account at any time (and probably have
>>> rules regarding third party software installations) your best bet would
>>> be
>>> to accept that anything you put on the work computer belongs, by default,
>>> to the company or at least gives them rights to access it with or without
>>> your consent.
>>>
>>> Your personal computing should probably be done at home -- if you want to
>>> keep your job. More and more companies, for various reasons, are starting
>>> to not only monitor internet access but files on their PCs. With the
>>> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
>>> interest to really keep your personal, private, and confidential data on
>>> a
>>> system that you are the only administrator of. Note that this is mostly a
>>> U.S. thing though the EU and surely other countries have similar
>>> policies.
>>>
>>> Galen
>>> --
>>>
>>> "You know that a conjurer gets no credit when once he has explained his
>>> trick; and if I show you too much of my method of working, you will
>>> come to the conclusion that I am a very ordinary individual after all."
>>>
>>> Sherlock Holmes
>>>
>>
>>
>
>
Anonymous
August 31, 2005 5:13:38 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Listen, no I'm not trying to hack anything! If I were, my question would
be, "how can I gain access to xyz", not "how can I prevent access to xyz".

Also consider that on our system, we do not have such "anal" control. Our 2
System administrators are there to secure our firewall, audit software
installed and ensure all users have up to date anti-virus. Their main task
is providing network and application support. However, one of these people
used to run a "packet sniffer" on the network (before we moved over to
switches) in order to snoop on other peoples email. This, I might add, was
before he was an administrator (he admitted it in the pub one evening so I
have been told).

Now, I do not feel comfortable with any information on my system, some of
which YES may be personal, being accessible by this "snoop". Company policy
does not dictate he audit my machine for anything other than software
installed that should not be. So, I want to secure my "Documents and
Settings", which may contain among other things, email correspondance
between myself and my managers or other collegues and some confidential
documents.

I am mainly interested in preventing casual snooping on my system. I have
no interest in locking the administrators out completely.


"David Candy" <.> wrote in message
news:%23bwNqVXrFHA.3444@TK2MSFTNGP12.phx.gbl...
It would be where I live (one cannot change a single byte on a computer
without permission or 5 years goal). Why do you want to ask people who don't
know rather than the experts in your company? You can't stop an admin.
That's the whole purpose of admins. But nor can the admin do it secretly.
One suggestion you have been given I would sack you on the spot as it
threatens the survival of the company.

Sure you aren't trying to hack into these files.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message
news:D f1r43$n56$1$8302bc10@news.demon.co.uk...
>
> "To take action without their approval could be a criminal offense."
>
>
> Please, this is completely incorrect. It may be against company policy
> (in
> some companies), but it is certainly not illegal. Are you a member of the
> administrators trades union or something?
>
>
>
>
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1n77$e6k$1$8300dec7@news.demon.co.uk...
>> Yes, it is company property. No, I am not asking that MY PERSONAL
>> INFORMATION be locked down. The administrators should not have the right
>> to
>> view any/all information, some of which is potentially confidential such
>> as,
>> for example, Personel Records. No I am not a n00b sitting in a cubicle
>> passing wind every 30 seconds. I am genuiunely asking this question, for
>> the purposes of security of personal information. How can we allow
>> administration of a network/domain, but protect information from prying
>> eyes, be they administrators or not.
>>
>> Thankyou.
>>
>>
>>
>> "Galen" <galennews@gmail.com> wrote in message >
>> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>>
>>> My reply is at the bottom of your sent message:
>>>
>>>> Hi,
>>>>
>>>> I would like to be able to log access to my folders from the network.
>>>> That is, I want to know when an administrator has accessed my drive. I
>>>> have private/confidential information on my PC and do not want
>>>> administrators to be able to access it, unless I give explicit
>>>> permission. How can I achieve this?
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Robin.
>>>
>>> As has been mentioned by David Candy, ask them. If you have, as it
>>> seems,
>>> administrators then the implication is that the PC doesn't belong to
>>> you.
>>> Private/confidential information should not really be kept on property
>>> not
>>> belonging to you and the company has a right (and perhaps and
>>> obligation)
>>> to monitor the contents of their property. Given that they're the admins
>>> and likely able to access your account at any time (and probably have
>>> rules regarding third party software installations) your best bet would
>>> be
>>> to accept that anything you put on the work computer belongs, by
>>> default,
>>> to the company or at least gives them rights to access it with or
>>> without
>>> your consent.
>>>
>>> Your personal computing should probably be done at home -- if you want
>>> to
>>> keep your job. More and more companies, for various reasons, are
>>> starting
>>> to not only monitor internet access but files on their PCs. With the
>>> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
>>> interest to really keep your personal, private, and confidential data on
>>> a
>>> system that you are the only administrator of. Note that this is mostly
>>> a
>>> U.S. thing though the EU and surely other countries have similar
>>> policies.
>>>
>>> Galen
>>> --
>>>
>>> "You know that a conjurer gets no credit when once he has explained his
>>> trick; and if I show you too much of my method of working, you will
>>> come to the conclusion that I am a very ordinary individual after all."
>>>
>>> Sherlock Holmes
>>>
>>
>>
>
>
Anonymous
August 31, 2005 5:27:52 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Sorry, it would be 2 years for you. They were the old law

You are breaking 308i
Page 8

308I Unauthorised impairment of data held in computer disk, credit 21

card or other device (summary offence) 22

(1) A person: 23

(a) who causes any unauthorised impairment of the 24

reliability, security or operation of any data held on a 25

computer disk, credit card or other device used to store 26

data by electronic means, and 27

(b) who knows that the impairment is unauthorised, and 28

(c) who intends to cause that impairment, 29

is guilty of an offence. 30

Maximum penalty: Imprisonment for 2 years. 31

(2) An offence against this section is a summary offence. 32

Crimes Amendment (Computer Offences) Bill 2001

Amendment of Crimes Act 1900 Schedule 1

(3) For the purposes of this section, impairment of the reliability, 1

security or operation of data is unauthorised if the person is 2

not entitled to cause that impairment.

310Damaging data in computer10 years and/or1,000 penalty units309 (1)Unlawful access to data in computer6 months and/or 50penalty units309 (2)Unlawful access to data in computer—intent todefraud/dishonestly obtain benefit or causeloss/injury2 years and/or 500penalty units309 (3)Unlawful access to data in computer—knowledgedata is confidential2 years and/or 500penalty units309 (4)Continue to examine data in computer—oughtreasonably to know data confidential2 years and/or 500penalty units
--------------------------------------------------------------------------------
Page 3
Crimes Amendment (Computer Offences) Bill 2001Explanatory noteExplanatory note page 3Those computer offences are to be replaced by the following computer offences:SectionOffenceMax penalty308CCause unauthorised computer function withintention to commit serious offence (comprisingunauthorised access to data, unauthorisedmodification of data or unauthorised impairment ofelectronic communication)The maximumpenalty applicablefor commission ofserious indictableoffence308DUnauthorised modification of data with intent tocause impairment10 years308EUnauthorised impairment of electroniccommunication to or from computer10 years308FPossession of data with intent to commit computeroffence3 years308GProducing, supplying or obtaining data with intentto commit computer offence3 years308HUnauthorised access to or modification ofrestricted data in computer (summary offence)2 years308IUnauthorised impairment of data held in computerdisk, credit card or other device (summary offence)2 yearsUnder sections 15 and 16 of the Crimes (Sentencing Procedure) Act 1999, thecourt mayimpose a fine for anysuch offence instead of or in addition to a sentenceof imprisonment, namely 1,000 penalty units (currently $110,000) or, in the caseof a corporation, 2,000 penalty units (currently $220,000).An explanation of the new offences and the policy considerations concerned iscontained in thereport on Chapter4 (Damageand computeroffences)oftheModelCriminal Code Officers Committee. Schedule 2 contains an amendment to the Criminal Procedure Act 1986 that isconsequential on the amendments contained in Schedule 1. The amendmentprovides that all of the new computer offences that are indictable and carry amaximum penalty of 10 years imprisonment or less are to be disposed ofsummarily (with a maximum penalty of 2 years imprisonment) unless theprosecuting authority or the accused otherwise elects.
--------------------------------------------------------------------------------
Page 4
b01-024-p02.801First printNew South Wales Crimes Amendment (ComputerOffences) Bill 2001ContentsPage1 Name of Act22 Commencement23 Amendment of Crimes Act 1900 No 4024 Amendment of Criminal Procedure Act 1986 No 2092Schedules1 Amendment of Crimes Act 1900 32 Amendment of Criminal Procedure Act 198610
--------------------------------------------------------------------------------
Page 5
New South Wales Crimes Amendment (ComputerOffences) Bill 2001No , 2001A Bill forAn Act to amend the Crimes Act 1900 and the Criminal Procedure Act 1986 withrespect to computer offences.
--------------------------------------------------------------------------------
Page 6
Clause 1Crimes Amendment (Computer Offences) Bill 2001Page 2The Legislature of New South Wales enacts:11 Name of Act2This Act is the Crimes Amendment (Computer Offences) Act 2001.32 Commencement4This Act commences on a day to be appointed by proclamation.53 Amendment of Crimes Act 1900 No 406The Crimes Act 1900 is amended as set out in Schedule 1.74 Amendment of Criminal Procedure Act 1986 No 2098The Criminal ProcedureAct 1986is amended asset out in Schedule2.9
--------------------------------------------------------------------------------
Page 7
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 3Schedule 1 Amendment of Crimes Act 1900 1(Section 3)2[1] Part 63Omit the Part. Insert instead:4Part 6 Computer offences5308 General definitions6In this Part:7computer offence means:8(a)an offence against this Part, or9(b)conduct in another jurisdiction that is an offence in that10jurisdiction and that would constitute an offence against11this Part if the conduct occurred in this jurisdiction.12data includes:13(a)information in any form, or14(b)any program (or part of a program).15data held in a computer includes:16(a)data entered or copied into the computer, or17(b)data held in any removable data storage device for the18time being in the computer, or19(c)data held in a data storage device on a computer20network of which the computer forms part.21data storage device means anything(for example a disk or file22server) containing or designed to contain data for use by a23computer.24electronic communication means a communication of25information in any form by means of guided or unguided26electromagnetic energy.27
--------------------------------------------------------------------------------
Page 8
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 4308A Meaning of access to data, modification of data and impairment1of electronic communication2(1) In this Part, access to data held in a computer means:3(a)the display of the data by the computer or any other4output of the data from the computer, or5(b)the copying or moving of the data to any other place in6the computer or to a data storage device, or7(c)inthe case ofa program—the execution ofthe program.8(2) In this Part, modification of data held in a computer means:9(a)the alteration or removal of the data, or10(b)an addition to the data.11(3) In this Part, impairment of electronic communication to or12from a computer includes:13(a)the prevention of any such communication, or14(b)the impairment of any such communication on an15electronic link or network used by the computer,16but does not include a mere interception of any such17communication.18(4) A reference in this Part to any such access, modification or19impairment is limited to access, modification or impairment20caused (whether directly or indirectly) by the execution of a21function of a computer.22308B Meaning of unauthorised access, modification or impairment23(1) For the purposes of this Part, access to or modification of data,24or impairment of electronic communication, by a person is25unauthorised if the person is not entitled to cause that access,26modification or impairment.27(2) Any such access, modification or impairment is not28unauthorisedmerelybecause the personhas anulteriorpurpose29for that action.30(3) For the purposes of an offence under this Part, a person causes31any such unauthorised access, modification or impairment if32the person’s conduct substantially contributes to the33unauthorised access, modification or impairment.34
--------------------------------------------------------------------------------
Page 9
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 5308C Unauthorised access, modification or impairment with intent to1commit serious indictable offence2(1) A person who causes any unauthorised computer function:3(a)knowing it is unauthorised, and4(b)with the intention of committing a serious indictable5offence, or facilitating the commission of a serious6indictable offence (whether bythe person or byanother7person),8is guilty of an offence.9Maximum penalty: The maximum penalty applicable if the10person had committed, or facilitated the commission of, the11serious indictable offence in this jurisdiction.12(2) For the purposes of this section, an unauthorised computer13function is:14(a)any unauthorised access to data held in any computer,15or16(b)any unauthorised modification of data held in any17computer, or18(c)any unauthorised impairment of electronic19communication to or from any computer.20(3) For the purposes of this section, a serious indictable offence21includes an offence in any other jurisdiction that would be a22serious indictable offence if committed in this jurisdiction.23(4) A person may be found guilty of an offence against this24section:25(a)even if committing the serious indictable offence26concerned is impossible, or27(b)whether the serious indictable offence is to be28committed at the time of the unauthorised conduct or at29a later time.30(5) It is not an offence to attempt to commit an offence against this31section.32
--------------------------------------------------------------------------------
Page 10
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 6308D Unauthorised modification of data with intent to cause1impairment2(1) A person who:3(a)causes any unauthorised modification of data held in a4computer, and5(b)knows that the modification is unauthorised, and6(c)intends by the modification to impair access to, or to7impair the reliability, security or operation of, any data8held in a computer, or who is reckless as to any such9impairment,10is guilty of an offence.11Maximum penalty: Imprisonment for 10 years.12(2) Aconviction foranoffenceagainst this section is analternative13verdict to a charge for:14(a)an offence against section 195 (Maliciously destroying15or damaging property), or16(b)an offence against section 308E (Unauthorised17impairment of electronic communication).18308E Unauthorised impairment of electronic communication19(1) A person who:20(a)causes any unauthorised impairment of electronic21communication to or from a computer, and 22(b)knows that the impairment is unauthorised, and23(c)intends to impair electronic communication to or from24the computer, or who is reckless as to any such25impairment,26is guilty of an offence.27Maximum penalty: Imprisonment for 10 years.28(2) Aconviction foranoffenceagainst this section is analternative29verdict to a charge for:30(a)an offence against section 195 (Maliciously destroying31or damaging property), or32(b)an offence against section 308D (Unauthorised33modification of data with intent to cause impairment).34
--------------------------------------------------------------------------------
Page 11
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 7308F Possession of data with intent to commit computer offence1(1) A person who is in possession or control of data:2(a)with the intention of committinga computer offence, or3(b)with the intention of facilitating the commission of a4computer offence (whether by the person or by another5person),6is guilty of an offence.7Maximum penalty: Imprisonment for 3 years.8(2) For the purposes of this section, possession or control of data9includes:10(a)possession of a computer ordatastoragedeviceholding11or containing the data or of a document in which the12data is recorded, and13(b)control of data held in a computer that is in the14possession of another person (whether the computer is15in this jurisdiction or outside this jurisdiction).16(3) A person maybe found guiltyof an offence against this section17even if committing the computer offence concerned is18impossible.19(4) It is not an offence to attempt to commit an offence against this20section.21308G Producing, supplying or obtaining data with intent to commit22computer offence23(1) A person who produces, supplies or obtains data:24(a)with the intention of committinga computer offence, or25(b)with the intention of facilitating the commission of a26computer offence (whether by the person or by another27person),28is guilty of an offence.29Maximum penalty: Imprisonment for 3 years.30(2) For the purposes of this section, produce, supply or obtain31data includes:32(a)produce, supply or obtain data held or contained in a33computer or data storage device, or34
--------------------------------------------------------------------------------
Page 12
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 8(b)produce, supplyor obtain a document in which the data1is recorded.2(3) A person maybe found guiltyof an offence against this section3even if committing the computer offence concerned is4impossible.5308H Unauthorised access to or modification of restricted data held6in computer (summary offence)7(1) A person:8(a)who causes any unauthorised access to or modification9of restricted data held in a computer, and10(b)who knows that the access or modification is11unauthorised, and12(c)who intends to cause that access or modification,13is guilty of an offence.14Maximum penalty: Imprisonment for 2 years.15(2) An offence against this section is a summary offence.16(3) In this section:17restricted data means data held in a computer to which access18is restricted by an access control system associated with a19function of the computer.20308I Unauthorised impairment of data held in computer disk, credit21card or other device (summary offence)22(1) A person:23(a)who causes any unauthorised impairment of the24reliability, security or operation of any data held on a25computer disk, credit card or other device used to store26data by electronic means, and27(b)who knows that the impairment is unauthorised, and28(c)who intends to cause that impairment,29is guilty of an offence.30Maximum penalty: Imprisonment for 2 years.31(2) An offence against this section is a summary offence.32
--------------------------------------------------------------------------------
Page 13
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 9(3) For the purposes of this section, impairment of the reliability,1security or operation of data is unauthorised if the person is2not entitled to cause that impairment.3[2] Section 428B Offences of specific intent to which Part applies4Omit from the Table to the section the matter relating to section 309 (2).5
--------------------------------------------------------------------------------
Page 14
Crimes Amendment (Computer Offences) Bill 2001Schedule 2Amendment of Criminal Procedure Act 1986Page 10Schedule 2 Amendment of Criminal Procedure1Act 19862(Section 4)3Schedule 1 Indictable offences triable summarily4Omit “section 309 (2),(3)or(4)or310”fromitem14 ofTable1 (Indictable5offences to be dealt with summarily unless prosecuting authority or person6charged elects otherwise).7Insert instead “section 308C (where the serious indictable offence to be8committed is punishable byimprisonment for10 years orless),308D,308E,9308F or 308G”.10310Damaging data in computer10 years and/or1,000 penalty units309 (1)Unlawful access to data in computer6 months and/or 50penalty units309 (2)Unlawful access to data in computer—intent todefraud/dishonestly obtain benefit or causeloss/injury2 years and/or 500penalty units309 (3)Unlawful access to data in computer—knowledgedata is confidential2 years and/or 500penalty units309 (4)Continue to examine data in computer—oughtreasonably to know data confidential2 years and/or 500penalty units
--------------------------------------------------------------------------------
Page 3
Crimes Amendment (Computer Offences) Bill 2001Explanatory noteExplanatory note page 3Those computer offences are to be replaced by the following computer offences:SectionOffenceMax penalty308CCause unauthorised computer function withintention to commit serious offence (comprisingunauthorised access to data, unauthorisedmodification of data or unauthorised impairment ofelectronic communication)The maximumpenalty applicablefor commission ofserious indictableoffence308DUnauthorised modification of data with intent tocause impairment10 years308EUnauthorised impairment of electroniccommunication to or from computer10 years308FPossession of data with intent to commit computeroffence3 years308GProducing, supplying or obtaining data with intentto commit computer offence3 years308HUnauthorised access to or modification ofrestricted data in computer (summary offence)2 years308IUnauthorised impairment of data held in computerdisk, credit card or other device (summary offence)2 yearsUnder sections 15 and 16 of the Crimes (Sentencing Procedure) Act 1999, thecourt mayimpose a fine for anysuch offence instead of or in addition to a sentenceof imprisonment, namely 1,000 penalty units (currently $110,000) or, in the caseof a corporation, 2,000 penalty units (currently $220,000).An explanation of the new offences and the policy considerations concerned iscontained in thereport on Chapter4 (Damageand computeroffences)oftheModelCriminal Code Officers Committee. Schedule 2 contains an amendment to the Criminal Procedure Act 1986 that isconsequential on the amendments contained in Schedule 1. The amendmentprovides that all of the new computer offences that are indictable and carry amaximum penalty of 10 years imprisonment or less are to be disposed ofsummarily (with a maximum penalty of 2 years imprisonment) unless theprosecuting authority or the accused otherwise elects.
--------------------------------------------------------------------------------
Page 4
b01-024-p02.801First printNew South Wales Crimes Amendment (ComputerOffences) Bill 2001ContentsPage1 Name of Act22 Commencement23 Amendment of Crimes Act 1900 No 4024 Amendment of Criminal Procedure Act 1986 No 2092Schedules1 Amendment of Crimes Act 1900 32 Amendment of Criminal Procedure Act 198610
--------------------------------------------------------------------------------
Page 5
New South Wales Crimes Amendment (ComputerOffences) Bill 2001No , 2001A Bill forAn Act to amend the Crimes Act 1900 and the Criminal Procedure Act 1986 withrespect to computer offences.
--------------------------------------------------------------------------------
Page 6
Clause 1Crimes Amendment (Computer Offences) Bill 2001Page 2The Legislature of New South Wales enacts:11 Name of Act2This Act is the Crimes Amendment (Computer Offences) Act 2001.32 Commencement4This Act commences on a day to be appointed by proclamation.53 Amendment of Crimes Act 1900 No 406The Crimes Act 1900 is amended as set out in Schedule 1.74 Amendment of Criminal Procedure Act 1986 No 2098The Criminal ProcedureAct 1986is amended asset out in Schedule2.9
--------------------------------------------------------------------------------
Page 7
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 3Schedule 1 Amendment of Crimes Act 1900 1(Section 3)2[1] Part 63Omit the Part. Insert instead:4Part 6 Computer offences5308 General definitions6In this Part:7computer offence means:8(a)an offence against this Part, or9(b)conduct in another jurisdiction that is an offence in that10jurisdiction and that would constitute an offence against11this Part if the conduct occurred in this jurisdiction.12data includes:13(a)information in any form, or14(b)any program (or part of a program).15data held in a computer includes:16(a)data entered or copied into the computer, or17(b)data held in any removable data storage device for the18time being in the computer, or19(c)data held in a data storage device on a computer20network of which the computer forms part.21data storage device means anything(for example a disk or file22server) containing or designed to contain data for use by a23computer.24electronic communication means a communication of25information in any form by means of guided or unguided26electromagnetic energy.27
--------------------------------------------------------------------------------
Page 8
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 4308A Meaning of access to data, modification of data and impairment1of electronic communication2(1) In this Part, access to data held in a computer means:3(a)the display of the data by the computer or any other4output of the data from the computer, or5(b)the copying or moving of the data to any other place in6the computer or to a data storage device, or7(c)inthe case ofa program—the execution ofthe program.8(2) In this Part, modification of data held in a computer means:9(a)the alteration or removal of the data, or10(b)an addition to the data.11(3) In this Part, impairment of electronic communication to or12from a computer includes:13(a)the prevention of any such communication, or14(b)the impairment of any such communication on an15electronic link or network used by the computer,16but does not include a mere interception of any such17communication.18(4) A reference in this Part to any such access, modification or19impairment is limited to access, modification or impairment20caused (whether directly or indirectly) by the execution of a21function of a computer.22308B Meaning of unauthorised access, modification or impairment23(1) For the purposes of this Part, access to or modification of data,24or impairment of electronic communication, by a person is25unauthorised if the person is not entitled to cause that access,26modification or impairment.27(2) Any such access, modification or impairment is not28unauthorisedmerelybecause the personhas anulteriorpurpose29for that action.30(3) For the purposes of an offence under this Part, a person causes31any such unauthorised access, modification or impairment if32the person’s conduct substantially contributes to the33unauthorised access, modification or impairment.34
--------------------------------------------------------------------------------
Page 9
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 5308C Unauthorised access, modification or impairment with intent to1commit serious indictable offence2(1) A person who causes any unauthorised computer function:3(a)knowing it is unauthorised, and4(b)with the intention of committing a serious indictable5offence, or facilitating the commission of a serious6indictable offence (whether bythe person or byanother7person),8is guilty of an offence.9Maximum penalty: The maximum penalty applicable if the10person had committed, or facilitated the commission of, the11serious indictable offence in this jurisdiction.12(2) For the purposes of this section, an unauthorised computer13function is:14(a)any unauthorised access to data held in any computer,15or16(b)any unauthorised modification of data held in any17computer, or18(c)any unauthorised impairment of electronic19communication to or from any computer.20(3) For the purposes of this section, a serious indictable offence21includes an offence in any other jurisdiction that would be a22serious indictable offence if committed in this jurisdiction.23(4) A person may be found guilty of an offence against this24section:25(a)even if committing the serious indictable offence26concerned is impossible, or27(b)whether the serious indictable offence is to be28committed at the time of the unauthorised conduct or at29a later time.30(5) It is not an offence to attempt to commit an offence against this31section.32
--------------------------------------------------------------------------------
Page 10
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 6308D Unauthorised modification of data with intent to cause1impairment2(1) A person who:3(a)causes any unauthorised modification of data held in a4computer, and5(b)knows that the modification is unauthorised, and6(c)intends by the modification to impair access to, or to7impair the reliability, security or operation of, any data8held in a computer, or who is reckless as to any such9impairment,10is guilty of an offence.11Maximum penalty: Imprisonment for 10 years.12(2) Aconviction foranoffenceagainst this section is analternative13verdict to a charge for:14(a)an offence against section 195 (Maliciously destroying15or damaging property), or16(b)an offence against section 308E (Unauthorised17impairment of electronic communication).18308E Unauthorised impairment of electronic communication19(1) A person who:20(a)causes any unauthorised impairment of electronic21communication to or from a computer, and 22(b)knows that the impairment is unauthorised, and23(c)intends to impair electronic communication to or from24the computer, or who is reckless as to any such25impairment,26is guilty of an offence.27Maximum penalty: Imprisonment for 10 years.28(2) Aconviction foranoffenceagainst this section is analternative29verdict to a charge for:30(a)an offence against section 195 (Maliciously destroying31or damaging property), or32(b)an offence against section 308D (Unauthorised33modification of data with intent to cause impairment).34
--------------------------------------------------------------------------------
Page 11
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 7308F Possession of data with intent to commit computer offence1(1) A person who is in possession or control of data:2(a)with the intention of committinga computer offence, or3(b)with the intention of facilitating the commission of a4computer offence (whether by the person or by another5person),6is guilty of an offence.7Maximum penalty: Imprisonment for 3 years.8(2) For the purposes of this section, possession or control of data9includes:10(a)possession of a computer ordatastoragedeviceholding11or containing the data or of a document in which the12data is recorded, and13(b)control of data held in a computer that is in the14possession of another person (whether the computer is15in this jurisdiction or outside this jurisdiction).16(3) A person maybe found guiltyof an offence against this section17even if committing the computer offence concerned is18impossible.19(4) It is not an offence to attempt to commit an offence against this20section.21308G Producing, supplying or obtaining data with intent to commit22computer offence23(1) A person who produces, supplies or obtains data:24(a)with the intention of committinga computer offence, or25(b)with the intention of facilitating the commission of a26computer offence (whether by the person or by another27person),28is guilty of an offence.29Maximum penalty: Imprisonment for 3 years.30(2) For the purposes of this section, produce, supply or obtain31data includes:32(a)produce, supply or obtain data held or contained in a33computer or data storage device, or34
--------------------------------------------------------------------------------
Page 12
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 8(b)produce, supplyor obtain a document in which the data1is recorded.2(3) A person maybe found guiltyof an offence against this section3even if committing the computer offence concerned is4impossible.5308H Unauthorised access to or modification of restricted data held6in computer (summary offence)7(1) A person:8(a)who causes any unauthorised access to or modification9of restricted data held in a computer, and10(b)who knows that the access or modification is11unauthorised, and12(c)who intends to cause that access or modification,13is guilty of an offence.14Maximum penalty: Imprisonment for 2 years.15(2) An offence against this section is a summary offence.16(3) In this section:17restricted data means data held in a computer to which access18is restricted by an access control system associated with a19function of the computer.20308I Unauthorised impairment of data held in computer disk, credit21card or other device (summary offence)22(1) A person:23(a)who causes any unauthorised impairment of the24reliability, security or operation of any data held on a25computer disk, credit card or other device used to store26data by electronic means, and27(b)who knows that the impairment is unauthorised, and28(c)who intends to cause that impairment,29is guilty of an offence.30Maximum penalty: Imprisonment for 2 years.31(2) An offence against this section is a summary offence.32
--------------------------------------------------------------------------------
Page 13
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 9(3) For the purposes of this section, impairment of the reliability,1security or operation of data is unauthorised if the person is2not entitled to cause that impairment.3[2] Section 428B Offences of specific intent to which Part applies4Omit from the Table to the section the matter relating to section 309 (2).5
--------------------------------------------------------------------------------
Page 14
Crimes Amendment (Computer Offences) Bill 2001Schedule 2Amendment of Criminal Procedure Act 1986Page 10Schedule 2 Amendment of Criminal Procedure1Act 19862(Section 4)3Schedule 1 Indictable offences triable summarily4Omit “section 309 (2),(3)or(4)or310”fromitem14 ofTable1 (Indictable5offences to be dealt with summarily unless prosecuting authority or person6charged elects otherwise).7Insert instead “section 308C (where the serious indictable offence to be8committed is punishable byimprisonment for10 years orless),308D,308E,9308F or 308G”.10310Damaging data in computer10 years and/or1,000 penalty units309 (1)Unlawful access to data in computer6 months and/or 50penalty units309 (2)Unlawful access to data in computer—intent todefraud/dishonestly obtain benefit or causeloss/injury2 years and/or 500penalty units309 (3)Unlawful access to data in computer—knowledgedata is confidential2 years and/or 500penalty units309 (4)Continue to examine data in computer—oughtreasonably to know data confidential2 years and/or 500penalty units
--------------------------------------------------------------------------------
Page 3
Crimes Amendment (Computer Offences) Bill 2001Explanatory noteExplanatory note page 3Those computer offences are to be replaced by the following computer offences:SectionOffenceMax penalty308CCause unauthorised computer function withintention to commit serious offence (comprisingunauthorised access to data, unauthorisedmodification of data or unauthorised impairment ofelectronic communication)The maximumpenalty applicablefor commission ofserious indictableoffence308DUnauthorised modification of data with intent tocause impairment10 years308EUnauthorised impairment of electroniccommunication to or from computer10 years308FPossession of data with intent to commit computeroffence3 years308GProducing, supplying or obtaining data with intentto commit computer offence3 years308HUnauthorised access to or modification ofrestricted data in computer (summary offence)2 years308IUnauthorised impairment of data held in computerdisk, credit card or other device (summary offence)2 yearsUnder sections 15 and 16 of the Crimes (Sentencing Procedure) Act 1999, thecourt mayimpose a fine for anysuch offence instead of or in addition to a sentenceof imprisonment, namely 1,000 penalty units (currently $110,000) or, in the caseof a corporation, 2,000 penalty units (currently $220,000).An explanation of the new offences and the policy considerations concerned iscontained in thereport on Chapter4 (Damageand computeroffences)oftheModelCriminal Code Officers Committee. Schedule 2 contains an amendment to the Criminal Procedure Act 1986 that isconsequential on the amendments contained in Schedule 1. The amendmentprovides that all of the new computer offences that are indictable and carry amaximum penalty of 10 years imprisonment or less are to be disposed ofsummarily (with a maximum penalty of 2 years imprisonment) unless theprosecuting authority or the accused otherwise elects.
--------------------------------------------------------------------------------
Page 4
b01-024-p02.801First printNew South Wales Crimes Amendment (ComputerOffences) Bill 2001ContentsPage1 Name of Act22 Commencement23 Amendment of Crimes Act 1900 No 4024 Amendment of Criminal Procedure Act 1986 No 2092Schedules1 Amendment of Crimes Act 1900 32 Amendment of Criminal Procedure Act 198610
--------------------------------------------------------------------------------
Page 5
New South Wales Crimes Amendment (ComputerOffences) Bill 2001No , 2001A Bill forAn Act to amend the Crimes Act 1900 and the Criminal Procedure Act 1986 withrespect to computer offences.
--------------------------------------------------------------------------------
Page 6
Clause 1Crimes Amendment (Computer Offences) Bill 2001Page 2The Legislature of New South Wales enacts:11 Name of Act2This Act is the Crimes Amendment (Computer Offences) Act 2001.32 Commencement4This Act commences on a day to be appointed by proclamation.53 Amendment of Crimes Act 1900 No 406The Crimes Act 1900 is amended as set out in Schedule 1.74 Amendment of Criminal Procedure Act 1986 No 2098The Criminal ProcedureAct 1986is amended asset out in Schedule2.9
--------------------------------------------------------------------------------
Page 7
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 3Schedule 1 Amendment of Crimes Act 1900 1(Section 3)2[1] Part 63Omit the Part. Insert instead:4Part 6 Computer offences5308 General definitions6In this Part:7computer offence means:8(a)an offence against this Part, or9(b)conduct in another jurisdiction that is an offence in that10jurisdiction and that would constitute an offence against11this Part if the conduct occurred in this jurisdiction.12data includes:13(a)information in any form, or14(b)any program (or part of a program).15data held in a computer includes:16(a)data entered or copied into the computer, or17(b)data held in any removable data storage device for the18time being in the computer, or19(c)data held in a data storage device on a computer20network of which the computer forms part.21data storage device means anything(for example a disk or file22server) containing or designed to contain data for use by a23computer.24electronic communication means a communication of25information in any form by means of guided or unguided26electromagnetic energy.27
--------------------------------------------------------------------------------
Page 8
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 4308A Meaning of access to data, modification of data and impairment1of electronic communication2(1) In this Part, access to data held in a computer means:3(a)the display of the data by the computer or any other4output of the data from the computer, or5(b)the copying or moving of the data to any other place in6the computer or to a data storage device, or7(c)inthe case ofa program—the execution ofthe program.8(2) In this Part, modification of data held in a computer means:9(a)the alteration or removal of the data, or10(b)an addition to the data.11(3) In this Part, impairment of electronic communication to or12from a computer includes:13(a)the prevention of any such communication, or14(b)the impairment of any such communication on an15electronic link or network used by the computer,16but does not include a mere interception of any such17communication.18(4) A reference in this Part to any such access, modification or19impairment is limited to access, modification or impairment20caused (whether directly or indirectly) by the execution of a21function of a computer.22308B Meaning of unauthorised access, modification or impairment23(1) For the purposes of this Part, access to or modification of data,24or impairment of electronic communication, by a person is25unauthorised if the person is not entitled to cause that access,26modification or impairment.27(2) Any such access, modification or impairment is not28unauthorisedmerelybecause the personhas anulteriorpurpose29for that action.30(3) For the purposes of an offence under this Part, a person causes31any such unauthorised access, modification or impairment if32the person’s conduct substantially contributes to the33unauthorised access, modification or impairment.34
--------------------------------------------------------------------------------
Page 9
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 5308C Unauthorised access, modification or impairment with intent to1commit serious indictable offence2(1) A person who causes any unauthorised computer function:3(a)knowing it is unauthorised, and4(b)with the intention of committing a serious indictable5offence, or facilitating the commission of a serious6indictable offence (whether bythe person or byanother7person),8is guilty of an offence.9Maximum penalty: The maximum penalty applicable if the10person had committed, or facilitated the commission of, the11serious indictable offence in this jurisdiction.12(2) For the purposes of this section, an unauthorised computer13function is:14(a)any unauthorised access to data held in any computer,15or16(b)any unauthorised modification of data held in any17computer, or18(c)any unauthorised impairment of electronic19communication to or from any computer.20(3) For the purposes of this section, a serious indictable offence21includes an offence in any other jurisdiction that would be a22serious indictable offence if committed in this jurisdiction.23(4) A person may be found guilty of an offence against this24section:25(a)even if committing the serious indictable offence26concerned is impossible, or27(b)whether the serious indictable offence is to be28committed at the time of the unauthorised conduct or at29a later time.30(5) It is not an offence to attempt to commit an offence against this31section.32
--------------------------------------------------------------------------------
Page 10
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 6308D Unauthorised modification of data with intent to cause1impairment2(1) A person who:3(a)causes any unauthorised modification of data held in a4computer, and5(b)knows that the modification is unauthorised, and6(c)intends by the modification to impair access to, or to7impair the reliability, security or operation of, any data8held in a computer, or who is reckless as to any such9impairment,10is guilty of an offence.11Maximum penalty: Imprisonment for 10 years.12(2) Aconviction foranoffenceagainst this section is analternative13verdict to a charge for:14(a)an offence against section 195 (Maliciously destroying15or damaging property), or16(b)an offence against section 308E (Unauthorised17impairment of electronic communication).18308E Unauthorised impairment of electronic communication19(1) A person who:20(a)causes any unauthorised impairment of electronic21communication to or from a computer, and 22(b)knows that the impairment is unauthorised, and23(c)intends to impair electronic communication to or from24the computer, or who is reckless as to any such25impairment,26is guilty of an offence.27Maximum penalty: Imprisonment for 10 years.28(2) Aconviction foranoffenceagainst this section is analternative29verdict to a charge for:30(a)an offence against section 195 (Maliciously destroying31or damaging property), or32(b)an offence against section 308D (Unauthorised33modification of data with intent to cause impairment).34
--------------------------------------------------------------------------------
Page 11
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 7308F Possession of data with intent to commit computer offence1(1) A person who is in possession or control of data:2(a)with the intention of committinga computer offence, or3(b)with the intention of facilitating the commission of a4computer offence (whether by the person or by another5person),6is guilty of an offence.7Maximum penalty: Imprisonment for 3 years.8(2) For the purposes of this section, possession or control of data9includes:10(a)possession of a computer ordatastoragedeviceholding11or containing the data or of a document in which the12data is recorded, and13(b)control of data held in a computer that is in the14possession of another person (whether the computer is15in this jurisdiction or outside this jurisdiction).16(3) A person maybe found guiltyof an offence against this section17even if committing the computer offence concerned is18impossible.19(4) It is not an offence to attempt to commit an offence against this20section.21308G Producing, supplying or obtaining data with intent to commit22computer offence23(1) A person who produces, supplies or obtains data:24(a)with the intention of committinga computer offence, or25(b)with the intention of facilitating the commission of a26computer offence (whether by the person or by another27person),28is guilty of an offence.29Maximum penalty: Imprisonment for 3 years.30(2) For the purposes of this section, produce, supply or obtain31data includes:32(a)produce, supply or obtain data held or contained in a33computer or data storage device, or34
--------------------------------------------------------------------------------
Page 12
Crimes Amendment (Computer Offences) Bill 2001Schedule 1Amendment of Crimes Act 1900 Page 8(b)produce, supplyor obtain a document in which the data1is recorded.2(3) A person maybe found guiltyof an offence against this section3even if committing the computer offence concerned is4impossible.5308H Unauthorised access to or modification of restricted data held6in computer (summary offence)7(1) A person:8(a)who causes any unauthorised access to or modification9of restricted data held in a computer, and10(b)who knows that the access or modification is11unauthorised, and12(c)who intends to cause that access or modification,13is guilty of an offence.14Maximum penalty: Imprisonment for 2 years.15(2) An offence against this section is a summary offence.16(3) In this section:17restricted data means data held in a computer to which access18is restricted by an access control system associated with a19function of the computer.20308I Unauthorised impairment of data held in computer disk, credit21card or other device (summary offence)22(1) A person:23(a)who causes any unauthorised impairment of the24reliability, security or operation of any data held on a25computer disk, credit card or other device used to store26data by electronic means, and27(b)who knows that the impairment is unauthorised, and28(c)who intends to cause that impairment,29is guilty of an offence.30Maximum penalty: Imprisonment for 2 years.31(2) An offence against this section is a summary offence.32
--------------------------------------------------------------------------------
Page 13
Crimes Amendment (Computer Offences) Bill 2001Amendment of Crimes Act 1900 Schedule 1Page 9(3) For the purposes of this section, impairment of the reliability,1security or operation of data is unauthorised if the person is2not entitled to cause that impairment.3[2] Section 428B Offences of specific intent to which Part applies4Omit from the Table to the section the matter relating to section 309 (2).5
--------------------------------------------------------------------------------
Page 14
Crimes Amendment (Computer Offences) Bill 2001Schedule 2Amendment of Criminal Procedure Act 1986Page 10Schedule 2 Amendment of Criminal Procedure1Act 19862(Section 4)3Schedule 1 Indictable offences triable summarily4Omit “section 309 (2),(3)or(4)or310”fromitem14 ofTable1 (Indictable5offences to be dealt with summarily unless prosecuting authority or person6charged elects otherwise).7Insert instead “section 308C (where the serious indictable offence to be8committed is punishable byimprisonment for10 years orless),308D,308E,9308F or 308G”.10
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message news:D f1r43$n56$1$8302bc10@news.demon.co.uk...
>
> "To take action without their approval could be a criminal offense."
>
>
> Please, this is completely incorrect. It may be against company policy (in
> some companies), but it is certainly not illegal. Are you a member of the
> administrators trades union or something?
>
>
>
>
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1n77$e6k$1$8300dec7@news.demon.co.uk...
>> Yes, it is company property. No, I am not asking that MY PERSONAL
>> INFORMATION be locked down. The administrators should not have the right
>> to
>> view any/all information, some of which is potentially confidential such
>> as,
>> for example, Personel Records. No I am not a n00b sitting in a cubicle
>> passing wind every 30 seconds. I am genuiunely asking this question, for
>> the purposes of security of personal information. How can we allow
>> administration of a network/domain, but protect information from prying
>> eyes, be they administrators or not.
>>
>> Thankyou.
>>
>>
>>
>> "Galen" <galennews@gmail.com> wrote in message >
>> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>>
>>> My reply is at the bottom of your sent message:
>>>
>>>> Hi,
>>>>
>>>> I would like to be able to log access to my folders from the network.
>>>> That is, I want to know when an administrator has accessed my drive. I
>>>> have private/confidential information on my PC and do not want
>>>> administrators to be able to access it, unless I give explicit
>>>> permission. How can I achieve this?
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Robin.
>>>
>>> As has been mentioned by David Candy, ask them. If you have, as it seems,
>>> administrators then the implication is that the PC doesn't belong to you.
>>> Private/confidential information should not really be kept on property
>>> not
>>> belonging to you and the company has a right (and perhaps and obligation)
>>> to monitor the contents of their property. Given that they're the admins
>>> and likely able to access your account at any time (and probably have
>>> rules regarding third party software installations) your best bet would
>>> be
>>> to accept that anything you put on the work computer belongs, by default,
>>> to the company or at least gives them rights to access it with or without
>>> your consent.
>>>
>>> Your personal computing should probably be done at home -- if you want to
>>> keep your job. More and more companies, for various reasons, are starting
>>> to not only monitor internet access but files on their PCs. With the
>>> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
>>> interest to really keep your personal, private, and confidential data on
>>> a
>>> system that you are the only administrator of. Note that this is mostly a
>>> U.S. thing though the EU and surely other countries have similar
>>> policies.
>>>
>>> Galen
>>> --
>>>
>>> "You know that a conjurer gets no credit when once he has explained his
>>> trick; and if I show you too much of my method of working, you will
>>> come to the conclusion that I am a very ordinary individual after all."
>>>
>>> Sherlock Holmes
>>>
>>
>>
>
>
Anonymous
August 31, 2005 5:36:12 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

What's the point of this. It's exactly the same as if you don't do anything (you'll kmow if they access it). Talk to your admins, this is admins area of professional expertise. And unlike silly girls out of their depths they'll consider lots of other factors incl data recovery.





--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message news:D f1t8v$pgm$1$8302bc10@news.demon.co.uk...
>
> Yes indeed they can. But a reset password will give me some indication that
> this has been done.
>
> Note: I am not seeking to make sure this information *cannot ever be access
> by any administrator at any time*, I am merely wanting such information to
> be accessed with my or my managers permission in such circumstances as this
> may be neccessary. With this method, my manager can, if required gain
> access to the data by asking the administrator to reset the password.
>
>
>
> "David Candy" <.> wrote in message
> news:eQIm3DXrFHA.3640@tk2msftngp13.phx.gbl...
> Admins can take ownership of any file. File permissions won't help. Admins
> can reset the user's password and login and access encrypted files.
>
> --
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
> "Brian Cryer" <brianc@127.0.0.1.activesol.co.uk> wrote in message
> news:1125410994.18200.0@damia.uk.clara.net...
>> "Robin Tucker" <unmailable@duetospam.com> wrote in message
>> news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk...
>>> Hi,
>>>
>>> I would like to be able to log access to my folders from the network.
>>> That is, I want to know when an administrator has accessed my drive. I
>>> have private/confidential information on my PC and do not want
>>> administrators to be able to access it, unless I give explicit
>>> permission.
>>> How can I achieve this?
>>>
>>> Thanks,
>>>
>>>
>>> Robin.
>>
>> Robin,
>>
>> I don't think you can log access to folders. I've certainly not come
>> across
>> a way to do it.
>>
>> In terms of preventing administrators or any others from accessing your
>> folders, there are a few options:
>>
>> 1. Use file permissions. Using windows explorer, right click the folder
>> you
>> want to protect, select properties. Then on the "Security" tab you have
>> control over who has permissions to view, edit, etc on the folder. To stop
>> system administrators I think you will need to revoke access to
>> "Administrators". But review each of the permissions because I think the
>> logic is to grant access to someone if they have access via any of the
>> accounts/groups listed. You will also need to consider permissions on the
>> files themselves. If you can't view or change the security permissions
>> then
>> its likely that the system administrators have locked this out - after
>> all,
>> fiddling with the file permissions in say the windows folder and you could
>> break your system.
>>
>> 2. Encrypt your files. If you have your disk formatted NTFS then you can
>> encrypt files (file properties > general > Advanced), but if you encrypt a
>> file then I think that only you can read it - which isn't any good if you
>> need to share the file with anyone else.
>>
>> Hope this helps,
>>
>> Brian.
>>
>> www.cryer.co.uk/brian
>>
>>
>
>
Anonymous
August 31, 2005 6:32:32 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Well it's like that now. He can't access the files secretly. On domains admins don't get permissions to users accounts. Therefore he has to use special admin powers, but he has to take ownership away from you to do so. You cannot give ownership only take it (so s/he can't set it back). Likewise with passwords, admins can reset but not know what it was so they can't set it the same.

Admins are accountable.

But windows security only works when it is running. Therefore physical security is essential. Encryption is for computers where physical security cannot be assured (like with laptops). I lock servers in cupboards as the most likely threat is theft of the computer (if you really want some data it is best to steal the computer). But encryption requires plenty of thought from your admins. There are lots of posts here of people forever losing data by encryption.

If he ran a physical network sniffer nothing can stop him. However only admins can install a computer program sniffer (but there are things one can do).

I'm uncertain if your admin is the biggest or smallest security flaw. While he should be sacked least you know who the enemy is, and he CAN'T betray your trust (as you have none in him). More dangerous is someone you trust.

The traditional way to steal secrets is to turn someone if you don't have physical access by some nice man offering compliements, then large cash gifts, untill you are compromised. With physical access they will go through your rubbish (at home and work) to look for password/username hints.

I'd bring these issues out into the open as you should not be setting security policy and if you can't trust the admins too ...
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message news:D f1uuj$o6h$1$8300dec7@news.demon.co.uk...
> Listen, no I'm not trying to hack anything! If I were, my question would
> be, "how can I gain access to xyz", not "how can I prevent access to xyz".
>
> Also consider that on our system, we do not have such "anal" control. Our 2
> System administrators are there to secure our firewall, audit software
> installed and ensure all users have up to date anti-virus. Their main task
> is providing network and application support. However, one of these people
> used to run a "packet sniffer" on the network (before we moved over to
> switches) in order to snoop on other peoples email. This, I might add, was
> before he was an administrator (he admitted it in the pub one evening so I
> have been told).
>
> Now, I do not feel comfortable with any information on my system, some of
> which YES may be personal, being accessible by this "snoop". Company policy
> does not dictate he audit my machine for anything other than software
> installed that should not be. So, I want to secure my "Documents and
> Settings", which may contain among other things, email correspondance
> between myself and my managers or other collegues and some confidential
> documents.
>
> I am mainly interested in preventing casual snooping on my system. I have
> no interest in locking the administrators out completely.
>
>
> "David Candy" <.> wrote in message
> news:%23bwNqVXrFHA.3444@TK2MSFTNGP12.phx.gbl...
> It would be where I live (one cannot change a single byte on a computer
> without permission or 5 years goal). Why do you want to ask people who don't
> know rather than the experts in your company? You can't stop an admin.
> That's the whole purpose of admins. But nor can the admin do it secretly.
> One suggestion you have been given I would sack you on the spot as it
> threatens the survival of the company.
>
> Sure you aren't trying to hack into these files.
>
> --
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1r43$n56$1$8302bc10@news.demon.co.uk...
>>
>> "To take action without their approval could be a criminal offense."
>>
>>
>> Please, this is completely incorrect. It may be against company policy
>> (in
>> some companies), but it is certainly not illegal. Are you a member of the
>> administrators trades union or something?
>>
>>
>>
>>
>> --------------------------------------------------------------------------------------------------
>> http://webdiary.smh.com.au/archives/_comment/001075.htm...
>> =================================================
>> "Robin Tucker" <unmailable@duetospam.com> wrote in message
>> news:D f1n77$e6k$1$8300dec7@news.demon.co.uk...
>>> Yes, it is company property. No, I am not asking that MY PERSONAL
>>> INFORMATION be locked down. The administrators should not have the right
>>> to
>>> view any/all information, some of which is potentially confidential such
>>> as,
>>> for example, Personel Records. No I am not a n00b sitting in a cubicle
>>> passing wind every 30 seconds. I am genuiunely asking this question, for
>>> the purposes of security of personal information. How can we allow
>>> administration of a network/domain, but protect information from prying
>>> eyes, be they administrators or not.
>>>
>>> Thankyou.
>>>
>>>
>>>
>>> "Galen" <galennews@gmail.com> wrote in message >
>>> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>>>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>>>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>>>
>>>> My reply is at the bottom of your sent message:
>>>>
>>>>> Hi,
>>>>>
>>>>> I would like to be able to log access to my folders from the network.
>>>>> That is, I want to know when an administrator has accessed my drive. I
>>>>> have private/confidential information on my PC and do not want
>>>>> administrators to be able to access it, unless I give explicit
>>>>> permission. How can I achieve this?
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>> Robin.
>>>>
>>>> As has been mentioned by David Candy, ask them. If you have, as it
>>>> seems,
>>>> administrators then the implication is that the PC doesn't belong to
>>>> you.
>>>> Private/confidential information should not really be kept on property
>>>> not
>>>> belonging to you and the company has a right (and perhaps and
>>>> obligation)
>>>> to monitor the contents of their property. Given that they're the admins
>>>> and likely able to access your account at any time (and probably have
>>>> rules regarding third party software installations) your best bet would
>>>> be
>>>> to accept that anything you put on the work computer belongs, by
>>>> default,
>>>> to the company or at least gives them rights to access it with or
>>>> without
>>>> your consent.
>>>>
>>>> Your personal computing should probably be done at home -- if you want
>>>> to
>>>> keep your job. More and more companies, for various reasons, are
>>>> starting
>>>> to not only monitor internet access but files on their PCs. With the
>>>> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
>>>> interest to really keep your personal, private, and confidential data on
>>>> a
>>>> system that you are the only administrator of. Note that this is mostly
>>>> a
>>>> U.S. thing though the EU and surely other countries have similar
>>>> policies.
>>>>
>>>> Galen
>>>> --
>>>>
>>>> "You know that a conjurer gets no credit when once he has explained his
>>>> trick; and if I show you too much of my method of working, you will
>>>> come to the conclusion that I am a very ordinary individual after all."
>>>>
>>>> Sherlock Holmes
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
August 31, 2005 6:42:32 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

You can audit the file but again you have to remember to look or get your admins to automatically write a program to look for you. But this will not add anything (except make working with the file fractionally slower) as you can check the owner to see what admin took ownership from you.

You can't give ownership but can give permissions - so even if an admin looks he can allow you to access the file normally. you must check ownership (r/c file - Properties - Security - Advanced - Owner).

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"David Candy" <.> wrote in message news:o lFCuBYrFHA.3640@tk2msftngp13.phx.gbl...
Well it's like that now. He can't access the files secretly. On domains admins don't get permissions to users accounts. Therefore he has to use special admin powers, but he has to take ownership away from you to do so. You cannot give ownership only take it (so s/he can't set it back). Likewise with passwords, admins can reset but not know what it was so they can't set it the same.

Admins are accountable.

But windows security only works when it is running. Therefore physical security is essential. Encryption is for computers where physical security cannot be assured (like with laptops). I lock servers in cupboards as the most likely threat is theft of the computer (if you really want some data it is best to steal the computer). But encryption requires plenty of thought from your admins. There are lots of posts here of people forever losing data by encryption.

If he ran a physical network sniffer nothing can stop him. However only admins can install a computer program sniffer (but there are things one can do).

I'm uncertain if your admin is the biggest or smallest security flaw. While he should be sacked least you know who the enemy is, and he CAN'T betray your trust (as you have none in him). More dangerous is someone you trust.

The traditional way to steal secrets is to turn someone if you don't have physical access by some nice man offering compliements, then large cash gifts, untill you are compromised. With physical access they will go through your rubbish (at home and work) to look for password/username hints.

I'd bring these issues out into the open as you should not be setting security policy and if you can't trust the admins too ...
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Robin Tucker" <unmailable@duetospam.com> wrote in message news:D f1uuj$o6h$1$8300dec7@news.demon.co.uk...
> Listen, no I'm not trying to hack anything! If I were, my question would
> be, "how can I gain access to xyz", not "how can I prevent access to xyz".
>
> Also consider that on our system, we do not have such "anal" control. Our 2
> System administrators are there to secure our firewall, audit software
> installed and ensure all users have up to date anti-virus. Their main task
> is providing network and application support. However, one of these people
> used to run a "packet sniffer" on the network (before we moved over to
> switches) in order to snoop on other peoples email. This, I might add, was
> before he was an administrator (he admitted it in the pub one evening so I
> have been told).
>
> Now, I do not feel comfortable with any information on my system, some of
> which YES may be personal, being accessible by this "snoop". Company policy
> does not dictate he audit my machine for anything other than software
> installed that should not be. So, I want to secure my "Documents and
> Settings", which may contain among other things, email correspondance
> between myself and my managers or other collegues and some confidential
> documents.
>
> I am mainly interested in preventing casual snooping on my system. I have
> no interest in locking the administrators out completely.
>
>
> "David Candy" <.> wrote in message
> news:%23bwNqVXrFHA.3444@TK2MSFTNGP12.phx.gbl...
> It would be where I live (one cannot change a single byte on a computer
> without permission or 5 years goal). Why do you want to ask people who don't
> know rather than the experts in your company? You can't stop an admin.
> That's the whole purpose of admins. But nor can the admin do it secretly.
> One suggestion you have been given I would sack you on the spot as it
> threatens the survival of the company.
>
> Sure you aren't trying to hack into these files.
>
> --
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
> "Robin Tucker" <unmailable@duetospam.com> wrote in message
> news:D f1r43$n56$1$8302bc10@news.demon.co.uk...
>>
>> "To take action without their approval could be a criminal offense."
>>
>>
>> Please, this is completely incorrect. It may be against company policy
>> (in
>> some companies), but it is certainly not illegal. Are you a member of the
>> administrators trades union or something?
>>
>>
>>
>>
>> --------------------------------------------------------------------------------------------------
>> http://webdiary.smh.com.au/archives/_comment/001075.htm...
>> =================================================
>> "Robin Tucker" <unmailable@duetospam.com> wrote in message
>> news:D f1n77$e6k$1$8300dec7@news.demon.co.uk...
>>> Yes, it is company property. No, I am not asking that MY PERSONAL
>>> INFORMATION be locked down. The administrators should not have the right
>>> to
>>> view any/all information, some of which is potentially confidential such
>>> as,
>>> for example, Personel Records. No I am not a n00b sitting in a cubicle
>>> passing wind every 30 seconds. I am genuiunely asking this question, for
>>> the purposes of security of personal information. How can we allow
>>> administration of a network/domain, but protect information from prying
>>> eyes, be they administrators or not.
>>>
>>> Thankyou.
>>>
>>>
>>>
>>> "Galen" <galennews@gmail.com> wrote in message >
>>> news:o o3Ia2VrFHA.464@TK2MSFTNGP15.phx.gbl...
>>>> In news:D f1b6b$sr1$1$8300dec7@news.demon.co.uk,
>>>> Robin Tucker <unmailable@duetospam.com> had this to say:
>>>>
>>>> My reply is at the bottom of your sent message:
>>>>
>>>>> Hi,
>>>>>
>>>>> I would like to be able to log access to my folders from the network.
>>>>> That is, I want to know when an administrator has accessed my drive. I
>>>>> have private/confidential information on my PC and do not want
>>>>> administrators to be able to access it, unless I give explicit
>>>>> permission. How can I achieve this?
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>> Robin.
>>>>
>>>> As has been mentioned by David Candy, ask them. If you have, as it
>>>> seems,
>>>> administrators then the implication is that the PC doesn't belong to
>>>> you.
>>>> Private/confidential information should not really be kept on property
>>>> not
>>>> belonging to you and the company has a right (and perhaps and
>>>> obligation)
>>>> to monitor the contents of their property. Given that they're the admins
>>>> and likely able to access your account at any time (and probably have
>>>> rules regarding third party software installations) your best bet would
>>>> be
>>>> to accept that anything you put on the work computer belongs, by
>>>> default,
>>>> to the company or at least gives them rights to access it with or
>>>> without
>>>> your consent.
>>>>
>>>> Your personal computing should probably be done at home -- if you want
>>>> to
>>>> keep your job. More and more companies, for various reasons, are
>>>> starting
>>>> to not only monitor internet access but files on their PCs. With the
>>>> increase in various regulations (Sarbox, HIPPA, etc) it's in your best
>>>> interest to really keep your personal, private, and confidential data on
>>>> a
>>>> system that you are the only administrator of. Note that this is mostly
>>>> a
>>>> U.S. thing though the EU and surely other countries have similar
>>>> policies.
>>>>
>>>> Galen
>>>> --
>>>>
>>>> "You know that a conjurer gets no credit when once he has explained his
>>>> trick; and if I show you too much of my method of working, you will
>>>> come to the conclusion that I am a very ordinary individual after all."
>>>>
>>>> Sherlock Holmes
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
September 1, 2005 12:51:12 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"David Candy" <.> wrote in message
news:%23sHTpHYrFHA.1032@TK2MSFTNGP12.phx.gbl...
You can audit the file but again you have to remember to look or get your
admins to automatically write a program to look for you. But this will not
add anything (except make working with the file fractionally slower) as you
can check the owner to see what admin took ownership from you.

You can't give ownership but can give permissions - so even if an admin
looks he can allow you to access the file normally. you must check ownership
(r/c file - Properties - Security - Advanced - Owner).

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...

Just checked, Admins can grant ownership - at least they can on a Windows
2003 domain.

Brian.

--
www.cryer.co.uk/brian
Anonymous
September 1, 2005 11:19:36 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Type sc in help.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Brian Cryer" <brianc@127.0.0.1.activesol.co.uk> wrote in message news:1125561078.28690.0@ersa.uk.clara.net...
> "David Candy" <.> wrote in message
> news:%23sHTpHYrFHA.1032@TK2MSFTNGP12.phx.gbl...
> You can audit the file but again you have to remember to look or get your
> admins to automatically write a program to look for you. But this will not
> add anything (except make working with the file fractionally slower) as you
> can check the owner to see what admin took ownership from you.
>
> You can't give ownership but can give permissions - so even if an admin
> looks he can allow you to access the file normally. you must check ownership
> (r/c file - Properties - Security - Advanced - Owner).
>
> --
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
>
> Just checked, Admins can grant ownership - at least they can on a Windows
> 2003 domain.
>
> Brian.
>
> --
> www.cryer.co.uk/brian
>
>
Anonymous
September 1, 2005 11:20:23 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

That was meant for another thread.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Brian Cryer" <brianc@127.0.0.1.activesol.co.uk> wrote in message news:1125561078.28690.0@ersa.uk.clara.net...
> "David Candy" <.> wrote in message
> news:%23sHTpHYrFHA.1032@TK2MSFTNGP12.phx.gbl...
> You can audit the file but again you have to remember to look or get your
> admins to automatically write a program to look for you. But this will not
> add anything (except make working with the file fractionally slower) as you
> can check the owner to see what admin took ownership from you.
>
> You can't give ownership but can give permissions - so even if an admin
> looks he can allow you to access the file normally. you must check ownership
> (r/c file - Properties - Security - Advanced - Owner).
>
> --
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
>
> Just checked, Admins can grant ownership - at least they can on a Windows
> 2003 domain.
>
> Brian.
>
> --
> www.cryer.co.uk/brian
>
>
Anonymous
September 1, 2005 11:20:24 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"David Candy" <.> wrote in message
news:%23oAYkZtrFHA.904@tk2msftngp13.phx.gbl...
That was meant for another thread.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================

Your newsgroup client should let you delete messages.

Brian.

--
www.cryer.co.uk/brian
Anonymous
September 2, 2005 12:50:46 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

It only works 5% of the time (and as it's time consuming to check I haven't been able to cancel for a year since I canceled some MS emplotees posts so I suspect it's now 0%), assuming it's still supported. Remember you are only getting a copy on usenet of this microsoft owned peer support group.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Brian Cryer" <brianc@127.0.0.1.activesol.co.uk> wrote in message news:1125570096.1318.0@ersa.uk.clara.net...
>
> "David Candy" <.> wrote in message
> news:%23oAYkZtrFHA.904@tk2msftngp13.phx.gbl...
> That was meant for another thread.
>
> --
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
>
> Your newsgroup client should let you delete messages.
>
> Brian.
>
> --
> www.cryer.co.uk/brian
>
>
!