paintb4707
asked on
How to prevent a user from taking an access database out of the building?
We have 3 access databases that are completely confidential and several years old. Currently the way I have it set up is, I have the 3 databases on our 2k3 file server. Only one person has access to these files and nearly has full control of the files in the sense that he can read/write/delete to routinely update these databases. I also have a daily scheduled back-up to back-up the databases to the local C: drive of the file server, which ofcourse no one else has access too.
Ultimately, what I am planning to do is cut access to his CD, USB, and floppy drives, which I'm all perfectly aware on how to do. This is a limit to some extent of transferring the files elswhere but I still am worried about UNC transfers, since even if I cut access to the workstation's C: drive, you could still transfer thes databases directly from the file server to another workstation that DOES have access to their C: drive. Also email attachments (powered by exchange 2k3) is another issue.
Database passwords would prevent other employees from somehow getting these databases, but the real concern is if the said person that updates these databases decides to leave the company and take these databases to a competitor, he would ultimately have the ability to do so since he obviously knows the passwords.
Any ideas?
Ultimately, what I am planning to do is cut access to his CD, USB, and floppy drives, which I'm all perfectly aware on how to do. This is a limit to some extent of transferring the files elswhere but I still am worried about UNC transfers, since even if I cut access to the workstation's C: drive, you could still transfer thes databases directly from the file server to another workstation that DOES have access to their C: drive. Also email attachments (powered by exchange 2k3) is another issue.
Database passwords would prevent other employees from somehow getting these databases, but the real concern is if the said person that updates these databases decides to leave the company and take these databases to a competitor, he would ultimately have the ability to do so since he obviously knows the passwords.
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, we can see about copyrighting the databases. Aside from that, is it possible to at least create a disclaimer upon opening the database that says "This database is property of so & so, etc, etc" ?
I believe there is a way but will a disclaimer like that really scare people off? Particularly if he/she delibrately "steal" the databases for whatever purpose?
ASKER
Maybe not so much the person stealing the data but the competitor.
ASKER
You're probably right. Establishing a contract would probably be the only thing left I can do.
To be honest I would be more worry he will do "something" to the databases, such as deleting x number of records, put in wrong data, etc to make the database un-usable. Backup to c:\ drive on a machine is also not safe. What happen if the server gone down completely? You should backup on a removable device so that you can take it offsite in case of diaster.