Home page logo

basics logo Security Basics mailing list archives

RE: setting access restrictions on external drive
From: "aldr1c" <aldr1c () nildram co uk>
Date: Fri, 26 Dec 2003 11:01:53 -0000


        What the gents have stated should work.  NTFS permissions should
prevent other users from accessing the files, especially with EFS enabled.
This brings up a few points:

        Is the computer on a domain?  If so, the administrator is set as a
recovery agent, allowed to decrypt domain user files.
        More concerning, do other users have administrative permissions?
This can be used to bypass EFS and NTFS ACLs and give them access to the
recovery agent.

The device is USB.  Is it 'permanently' connected to your box, or is it a
physically shared resource (anyone can sign it out of the cupboard and plug
it into their machine)?

If the device is to be 'permanently' attached to your box, try mounting the
device into a folder.  Create a file folder called 'my disk', and set its
permissions to allow only you and system access.  Create a subfolder in this
called 'USB drive'.  
Connect the USB drive and go to the computer management MMC.  In this access
the disk management and right click on the USB drive entry on the details
pane (right hand side).  Select change drive letter and paths.  Press Add.
The option to mount the drive in an empty NTFS folder should be accessible.
Browse to your new subfolder 'USB Drive' and click OK.  Close down these
windows, then remove and reinsert the device (use unplug device wizard of
course!).  The disk should now be accessible through the folder.

This should ensure that when the device is connected to your machine, it is
not easy to gain access to the files (others could remap the device again if
they have permissions of course!).

Usual caveats (YMMV etc), but HTH


-----Original Message-----
From: Mike [mailto:mike () superiorholidayadventures ca] 
Sent: 23 December 2003 13:38
To: J. Yoon; security-basics () securityfocus com
Subject: RE: setting access restrictions on external drive

I wonder if changing the target on your 'My Documents' folder (right
click & properties) to the USB drive letter would have any effect.

Mike Fetherston

-----Original Message-----
From: J. Yoon [mailto:supercool9000 () hotmail com]
Sent: Monday, December 22, 2003 4:13 PM
To: security-basics () securityfocus com
Subject: setting access restrictions on external drive

I have an external USB drive using Windows XP file system,
I have turned on encryption so that other users can't access the files
but they can still view and browse the folders
or even "delete" the encrypted files it if they wanted to.

I've read on microsoft website that you can only
restrict files/folders if you put them inside your Documents &
but since this is an external drive it's not possible.

How then, do I set this so that other users can't see or access
inside folders that i restrict?
I would like to know if this is possible without using 3rd party


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]