Security Basics mailing list archives
RE: Folder level Security
From: "Mike" <mike () superiorholidayadventures ca>
Date: Tue, 28 Oct 2003 09:51:44 -0500
I agree, you really can't do this as the data essentially has to be "copied" to the machine in the first place before it can be used. What you could do is lock down the individual computers so that there are no Write rights set except for where it needs to be (i.e. local settings\temp, winnt\temp, and other areas). In doing this your users can still copy the file to the open areas of their local pc, but this depends on how savvy your users are. You'd also have a fun time finding the right mix of permissions while still being able to lock down the machine to a certain degree. Another option would be to hide all the files on the C: drive and use a group policy to not allow the users to undo that setting. That way the users see an empty C: drive. Using a GP you can also limit the use of a floppy drive. Again, there are many ways around this if you're even slightly computer literate (i.e. view file, copy contents and paste it into an e-mail or a new document). What exactly are you trying to accomplish here? Mike Fetherston
-----Original Message----- From: Greg Morgan [mailto:Cybie () infinite-elements com] Sent: Monday, October 27, 2003 5:43 PM To: sfullman () opd5 com; security-basics () securityfocus com Subject: RE: Folder level Security Honestly, I can't think of any OS that can do this. While it's fairly easy to make a folder read-only, there's no way to prevent copying files from the read-only folder to a local PC and the user
making
changes to that local copy. -----Original Message----- From: Scott Fullman [mailto:sfullman () opd5 com] Sent: Monday, October 27, 2003 9:21 AM To: security-basics () securityfocus com Subject: Folder level Security I have a windows2k network and am trying to lock down a folder in such
a
way that users can view the files only. They should not be allowed to copy the files onto their desktop and make changes. Just View. Right now I have it all set up, but cannot find a way to disable the moving of files from the folder to their personal computers. Is this possible with W2k? Scott
------------------------------------------------------------------------ --
- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services
security
to simplify the management and deployment of PGP and reduce overall PGP
costs
by up to 80%. FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
------------------------------------------------------------------------ --
--
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: Folder level Security Mike (Oct 28)
- <Possible follow-ups>
- Re: Folder level Security Scott Cadwell (Oct 28)
- RE: Folder level Security thalm (Oct 28)
- Re: Folder level Security Chris Berry (Oct 30)
- Re: Folder level Security Paul O'Malley (Oct 30)
- Re: Folder level Security Nick Shapley (Oct 30)