Re: setting access restrictions on external drive

[jamesworld () intelligencia com]

Looked at it.  Thanks for the link

Questions:

Are you logged in as an Admin trying this?
Is this drive formatted as NTFS by you or by vendor?

IF by vendor, it may be emulated.  SNAP servers do this as well  Copy the 
data local, format using WINDOWS and then copy the data back.  See if you 
have access to the security features.

Alas...another example that the XP home edition is cripple 
ware.  (regarding the KB article....this behavior is by design)


At 11:33 12/26/2003, J. Yoon wrote:
> I have Microsoft Windows XP Home Edition and this is what the article says..
>
> http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q307/2/86.asp&NoWebContent=1
>
>
> > From: jamesworld () intelligencia com
> > To: "J. Yoon" <supercool9000 () hotmail com>
> > CC: jamesworld () intelligencia com, security-basics () securityfocus com
> > Subject: Re: setting access restrictions on external drive
> > Date: Tue, 23 Dec 2003 08:41:46 -0600
> >
> > J,
> >
> > That is absolutely not true.  If you can, please post the URL to the MS 
> > page.  If that was so.... I don't even want to go down that thread.  Try 
> > creating a folder on C: call it anything.  create a folder or 2 under it.
> > Try setting security permission on it.  They will work,  out side of  the 
> > Documents & Settings folder.
> >
> > I just did this on a removable drive and it worked.
> >
> > I logged in as a non administrator (basic user) and my security tab was 
> > grayed out.
> >
> >
> >
> > At 21:08 12/22/2003, J. Yoon wrote:
> > > Hi,
> > > thanks for your advice but unfortunately if it was that simple I would 
> > > not have posted here...
> > > The drive is already formated NTFS (not fat32) and I've tried setting 
> > > the security tab to restrict others from access but it's completely grayed out.
> > >
> > > When I searched the Microsoft website about this problem, it says that 
> > > only folders and files in Documents/Settings dir can have access 
> > > restrictions...
> > > Still I'm wondering if there's a way...
> > >
> > >
> > > > From: jamesworld () intelligencia com
> > > > To: "J. Yoon" <supercool9000 () hotmail com>
> > > > CC: security-basics () securityfocus com
> > > > Subject: Re: setting access restrictions on external drive
> > > > Date: Mon, 22 Dec 2003 20:07:01 -0600
> > > >     Tue, 23 Dec 2003 02:07:50 +0000
> > > > In-Reply-To: <LAW12-F28hA4iJ3hYpa0005c518 () hotmail com>
> > > > Return-Path: jamesworld () intelligencia com
> > > > X-OriginalArrivalTime: 23 Dec 2003 02:07:52.0187 (UTC) 
> > > > FILETIME=[923514B0:01C3C8F9]
> > > >
> > > > Format the drive using NTFS  (it's prolly FAT32 be default)
> > > >
> > > > Then with NTFS, you can set ACL's via the security tab.
> > > >
> > > > Give your self access and everyone else DENY access.  This plus your 
> > > > encryption should do the trick.
> > > >
> > > > You must of course have physical security of the device.  Someone could 
> > > > pick the unit up,  and plug it into their laptop,  take administrative 
> > > > ownership of everything and still be able to delete your stuff.  Maybe 
> > > > even decrypt it if they can get the recovery key from your system or 
> > > > break the crypto......or of corse thing the things is broken and format 
> > > > it to do you a 'favor' :-)
> > > >
> > > > At 15:13 12/22/2003, J. Yoon wrote:
> > > > > I have an external USB drive using Windows XP file system,
> > > > > I have turned on encryption so that other users can't access the files
> > > > > but they can still view and browse the folders
> > > > > or even "delete" the encrypted files it if they wanted to.
> > > > >
> > > > > I've read on microsoft website that you can only
> > > > > restrict files/folders if you put them inside your Documents & 
> > > > > Settings folder,
> > > > > but since this is an external drive it's not possible.
> > > > >
> > > > > How then, do I set this so that other users can't see or access 
> > > > > anything inside folders that i restrict?
> > > > > I would like to know if this is possible without using 3rd party 
> > > > > software...
> >
> >
> > ---------------------------------------------------------------------------
> > ----------------------------------------------------------------------------
>
> _________________________________________________________________
> Have fun customizing MSN Messenger — learn how here!
> http://www.msnmessenger-download.com/tracking/reach_customize
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------