Securing SBS 2003 data from internal mis-use or robbery

Posted on 2006-04-19
Last Modified: 2013-12-04
I have an SBS 2003 server and XP Pro workstations. We have less than 10 users. Our data is extremely valuable and often confidential. I have 2 areas which are currently security holes for data in my network:

1. I assign users particular projects. These users have the ability to work with the data (mostly MS Word docs) regarding the project. Other users must not be allowed access.

Possible solution: NTFS permissions. But this does not prevent users with the permission to access files, copying them and making them available to other persons.

2. I need to prevent that any data from leaving our premises (either via email, copying to floppy, USB stick or even the servers hard disk being removed!). Putting it blunting, I don't want data to be stolen!

Possible solution: Encryption using private/public key rings? Administrative nightmare? Expensive?

Any ideas what measures I can put into practise to allow data just to be used by authorised persons and preventing it from wandering outside of our network.

Thanks for your comments.
Question by:omb
    LVL 12

    Assisted Solution

    Have a look at Terminal Services and thin clients, this might prove to be the ultimate solution. Set up a separate Windows 2003 Terminal Server (this will be a completely locked down workstation) and some Wyse thin clients (for example Winterm 1125SE,

    True thin clients do not have any means of copying data to other media (no usb, floppy drives, etc) and data cannot be copy/pasted from the client. As long as they can't use e-mail or a webbrowser from the Terminal Server, that is.

    100% security is probably utopia. If somebody wants to steal data, they can copy it with pencil and paper.

    Terminal Services is a one time investment that, in your situation, will probably be around $4000-$5000 depending on your server performance needs. But it'll protect your data far better than XP clients with encryption and this it offers great central management features.
    LVL 74

    Accepted Solution


    For sure you should be using file Encryption but are you aware of Office 2003's Information Rights Management feature?

    I think that this would really be the way for you to manage these things.  It's not expensive (you already have it if you have Office 2003 and Windows Server 2003) and it's fairly easy to manage, considering the complexity of it all.

    Then, to stop any document or data from being taken, you need to ensure that you disable all USB ports on each workstation.  But there are many other things to consider, such as emailing information, etc.  You should probably take a look at this article which is quite good:


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now