Securing my files and data? (Best Secure Practice)

Greetings to all,

I am running Windows 2000 Pro and I created an extended partition. In that partition, I have a folder with very important accounting information.  I logon everytime as a RESTRICTED USER instead of Administrator.

I have an NTFS file system of course. By going to Properties/Security tab, who should I add/remove from the list? I have options here that all of you may want to look at for securing this partition and the folder on whats indise of it.

1. Make MYUSERNAME the only one in Security list and make myself FULL CONTROL.

2. Or, Add the Administrator account as Full Control and then myself as READ-ONLY? Then that would be very inconvenient because eveytime I want to change something I have to log-off and log back in as Administrator..

So what would be the best option for my documents to prevent malware, spyware, or a Trojan to have write access to my data?

In other words, I like to have the closest protection that I can have with my data similar to a  Mandatory Access Control on Trusted computer systems.

Thanks.
slajoh01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jay_Jay70Commented:
Hi slajoh01,

i would never lock myself out of my own directory.... this owuld drive you mad in abotu 30 seconds flat.... as far as security against malware goes - NTFS permissions arent really a good route to take    you are much better with real time scanners to protect you,

however protecting your self from other users NTFS is great

I would never remove the administrator from that list, nor the creater / owner group in 2003      you can remove the anyone group as long as you have added your user in and have given it approp permissions,

if you lock down the program files directory and windows directories etc, then you can counter it by running programs with The RUN AS option and then run as the admin - still i wouldnt be taking that route...

Cheers!
0
slajoh01Author Commented:
So, as far as my data goes, what and what type of permissions should I give myself and Administrator? Please post an example please on the best possible way to secure my file using the SECURITY TAB?

Please. Thanks
0
slajoh01Author Commented:
Should I give myself full control and inclusing the Admin full control as well? Or, read-only to myself and full for the Admin?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Jay_Jay70Commented:
i would leave the settings as default and just remove the uneeded groups - default security is usually the smartest

eg on my files i have   system group    me   and adminstrator with full control and thats it
0
slajoh01Author Commented:
Ok...so ONLY the users who have login access to Windows and plus Admin should be the only ones listed as full control..am I right?
0
slajoh01Author Commented:
I just set it to list only the Admin > FULL CONTROL and plus MYSELF as FULL CONTROL too and NOTHING else..IS this secure enough?
0
Jay_Jay70Commented:
yes thats right, there is no need for anyone else except you and the administrator and they system group.

otherwise you open small yet possibly dangerous holes, remember when youplay with security though, you also have to take into account that sharing of folders and things like that    if a folder isnt shared then it doesnt matter what the security is on a file, noone can access it anywayz!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jay_Jay70Commented:
thats fine :) if you find you ever get access issues you can add backin the system group...
0
slajoh01Author Commented:
Thanks...And I am not on a shared network by the way...but I still want to protect my data..
0
Jay_Jay70Commented:
fair enough :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.