Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 898
  • Last Modified:

Prevent screen capture, keep data private.

I need to publish a list of customer information in any format (word, excel, pdf).  This information is intended for internal company use only.  I can lock the file down sufficiently using NTFS permissions to protect the actual file, but I need a way to be able to prevent the data from being recaptured, saved and removed.  Some sort of "view only" utility or application so that the info can't be captured via File/Save, Select All/copy, screen capture, etc.
1 Solution
impossible unless you have full control over the client
scotthereAuthor Commented:
I do have full administrative control of the pc's. They are in a Server 2003 (will be 2008 soon) environment.
I'm not a M$ admin, but I assume that group policies can do what you want
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

There are tools that prevent drag to desktop etc but if its really confidential, just about every employee has access to a camera on there mobile phone, surely they'd just take a snap and use conversion tools like in Adobe.
You can not do this through group policies. Of course you can use software restriction policies to define which applications and tools can be run, but it is not linked to a document. If a user has read rights on a document and can run the original application he can copy it, or email it, or print it, or .... Even if the user only has read rights, he may still copy it to a thumbstick. At the application level, restrictions are possible (e.g. in PDF, or for Office using Microsoft DRM).
If you want to restrict distribution, you are looking at a full fledged data loss prevention project, which has to create policies, define confidentiality levels and implement security controls. And holes will always exist, e.g. like pma111 said: there is no way to prevent a user of taking a photo or movie using a camera.
In my opinion you should start with creating (paper) policies, user awareness traingings, etc ...

kr, J.
Windows File Resource Manager will allow you to lock things down.  But you need to be running Server 2003 R2 or Storage Server R2.
You could also use Windows Sharepoint as well.
Using NTFS and Built in policy mechanisms you can not apply all your desired limitations on document outputs (like screen capture, copy, transfer and ...)

In this case it's better to use Digital Right Management technology which will bring more control for you and your company over your sensitive documents.

Here are some drm technologies which you may use for Internal Company Document security
Microsoft's Digital Rights Management ServiceAegisDRMArmjisoft OwnerGuard DRM Technology

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now