We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Securing my files and data? (Best Secure Practice)

slajoh01
slajoh01 asked
on
Medium Priority
198 Views
Last Modified: 2013-12-04
Greetings to all,

I am running Windows 2000 Pro and I created an extended partition. In that partition, I have a folder with very important accounting information.  I logon everytime as a RESTRICTED USER instead of Administrator.

I have an NTFS file system of course. By going to Properties/Security tab, who should I add/remove from the list? I have options here that all of you may want to look at for securing this partition and the folder on whats indise of it.

1. Make MYUSERNAME the only one in Security list and make myself FULL CONTROL.

2. Or, Add the Administrator account as Full Control and then myself as READ-ONLY? Then that would be very inconvenient because eveytime I want to change something I have to log-off and log back in as Administrator..

So what would be the best option for my documents to prevent malware, spyware, or a Trojan to have write access to my data?

In other words, I like to have the closest protection that I can have with my data similar to a  Mandatory Access Control on Trusted computer systems.

Thanks.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
Hi slajoh01,

i would never lock myself out of my own directory.... this owuld drive you mad in abotu 30 seconds flat.... as far as security against malware goes - NTFS permissions arent really a good route to take    you are much better with real time scanners to protect you,

however protecting your self from other users NTFS is great

I would never remove the administrator from that list, nor the creater / owner group in 2003      you can remove the anyone group as long as you have added your user in and have given it approp permissions,

if you lock down the program files directory and windows directories etc, then you can counter it by running programs with The RUN AS option and then run as the admin - still i wouldnt be taking that route...

Cheers!

Author

Commented:
So, as far as my data goes, what and what type of permissions should I give myself and Administrator? Please post an example please on the best possible way to secure my file using the SECURITY TAB?

Please. Thanks

Author

Commented:
Should I give myself full control and inclusing the Admin full control as well? Or, read-only to myself and full for the Admin?
CERTIFIED EXPERT
Top Expert 2006

Commented:
i would leave the settings as default and just remove the uneeded groups - default security is usually the smartest

eg on my files i have   system group    me   and adminstrator with full control and thats it

Author

Commented:
Ok...so ONLY the users who have login access to Windows and plus Admin should be the only ones listed as full control..am I right?

Author

Commented:
I just set it to list only the Admin > FULL CONTROL and plus MYSELF as FULL CONTROL too and NOTHING else..IS this secure enough?
CERTIFIED EXPERT
Top Expert 2006
Commented:
yes thats right, there is no need for anyone else except you and the administrator and they system group.

otherwise you open small yet possibly dangerous holes, remember when youplay with security though, you also have to take into account that sharing of folders and things like that    if a folder isnt shared then it doesnt matter what the security is on a file, noone can access it anywayz!

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2006

Commented:
thats fine :) if you find you ever get access issues you can add backin the system group...

Author

Commented:
Thanks...And I am not on a shared network by the way...but I still want to protect my data..
CERTIFIED EXPERT
Top Expert 2006

Commented:
fair enough :)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.