[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Encripted file in domain...but why every one can access it?

Posted on 2004-11-17
10
Medium Priority
?
154 Views
Last Modified: 2010-04-11
Hi,
This morning boss asked me to make his files and folders secure or some how authorized whenever anyone tries to access them. So far i have come up with two options
One, compress it and add a password to the compressed folder. The probem with it is, whenever i add a new file in the compressed folder with password already set, it does not set password for just added file. So anyone can access the file even if it is in compressed folder with password set. In order to have a password on just added file as well, i have to remove pasword and add again for all compressed folder. This can be time consuming if in compressed folder are a lot of files. Is there a way to make it automaticly set the password for just added file or just for file?...i could not find a way to do it

Second option would be encription. After spending hours to finaly be able to encript file on network drive(system attribute have been set to files on network which did not allowed encription), it allows to access anyone. The file finaly is green, but access is available for any user in domain. How come? Also when i try to add another user (properties-Advanced Attributes)to access the encripted file it gives me following error: "NO apporopriate certificates correspond to the selected user". What is cousing it?

Besides that, does anyone has better ideas on how to make the file or folder on LAN secure or accessable only by one person excluding Administrator of domain?
Thank's
m

P.S. We are runing 2000 server and client PC is XP pro.
0
Comment
Question by:margotsk
  • 5
  • 4
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12607611
???????

as you have compression and encryption - Ill take a leap of faith and say we are dealing with an NTFS drive? if so right click the folder > properties >and on the security tab remove everyone then add in your user - that way only they can open the folder
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 12609768
right Pete, permissions govern access
the least common denominator governs access, if a domain group has access, the file is decrypted
you can also explicitly exclude the administrator (you really ought to rename that account)
you can also equip your user with PGP so that only (s)he can control access to a file or folder

0
 

Author Comment

by:margotsk
ID: 12616809

Thank's for getting back,
Yes, we have NTFS drive....sorry forgetting to mention.
PeteLong, That's a way, but we are looking to restrict administrator in accessing files as much as possible as well. So, if administrator assigns any other user to folder, user will still not get access to file, because it is encripted. The same thing would happen if Adminnistrator add himself. Ofcourse, Administrator could reset password and log in as the user who encripted files, but in that case user will notice that at first time he wants to log in, because his pasword have been changed. So, that's why we are looking for encription and password setup and not premission access.

Chicagoan, what is PGP?

Today for some reasan enscripted file is not accessable by any other user except the one encrypted, but still generates error when trying to add another user to share the encrypted file. I am able to find the user in domain, but after selecting user to add, it returns error:"NO apporopriate certificates correspond to the selected user". Its different than yesterday. Yesterday, i get the same messege before searching for other users in domain to add. From time in yesterday till time today, the server have been restarted and the users accounts on which i do experiment. So, i guess somewhere along these changes ecryption took full effect.

So, i gues now my question is: why it does not allow to add another user to share encrypted file?

Thank's
m
 
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:Pete Long
ID: 12616856
>>That's a way, but we are looking to restrict administrator in accessing

simply set Administrator to DENY - deny over-rides all settingss :)

just remove the everyone group and domain useers groups (dont DENY them causae your user will be in these groups)
0
 

Author Comment

by:margotsk
ID: 12644607
Thank's PeteLong for responding,
PeteLong,I am not sure how to set Administrator to DENY. Would you please guid me through by listing steps or referencing to some tutorial. It is not under folder properties, is it?
Thank's
Margots
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12647642
you can set deny on a folder of file - I suggest putting it on a folder with the file(s) in it

is it on a 2k server or a 2k3 server, the process is more or less identical but I'll get it spot on if you tell me
0
 

Author Comment

by:margotsk
ID: 12656450
it's 2K server and XP as client.
Looking to hear from.
Thank's
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 12657339
on the server

Right-click the folder or drive you intend to share. In Windows 2000, select Sharing... .


Select Share this folder.


In the appropriate fields, type the name of the share (as it appears to other computers), the maximum number of simultaneous users, and any comments that should appear beside it.


Click the Permissions button  - you need to remove inheritable permissions either on this page (or press the advanced button - and untick the "allow inheritable permissions...." box, if it prompts you to confirm select the COPY option


now set administrators to deny (tick all the boxes)
click add and addin the user concerned and give them "full controll"
and remove all the other groups it has listed there
0
 

Author Comment

by:margotsk
ID: 12707878
Thank's PeteLong,
You got the points
Cheer's
M
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12708511
ThanQ
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question