Avatar of AXISHK
AXISHK
 asked on

Protect file copying on a Window Domain

I have highly confidential files stored in Window 2003 / 2008 server. Is there a way to only allow internal access of these files. Users couldn't access the files in their personal computer, or copy through the USB port.

Any recommendation ?

Thanks
Network ManagementWindows Server 2003Windows Server 2008

Avatar of undefined
Last Comment
Nagendra Pratap Singh

8/22/2022 - Mon
Raiduu

Hello!

Under internal access you mean only you can access them or only from the local network? There's no way you can disable the copying if you allow users to look at the files and open them. They can save them to their computer and copy from there. The only solution to this is to limit access to those files that only you can see them. As I know there isn't much that you can do about this. You can limit the internet access via MAC address so they can not connect their personal computers to the network without talking to you.

I hope this gives you your answer.
AXISHK

ASKER
But can I prevent unauthorized computer to access my domain - ie computer without granting into my domain.

In addition, is there a way to block the USB access for my domain computers such that they couldn't access the USB drive.

Thanks
SOLUTION
Raiduu

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Lucian Constantin

I think this could help you: Active Directory Rights Management Services
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
noci

You need to block them from the network in the first place...
So start at the network ports look into 802.1x, radius etc. to manage switch ports based on
certificates etc.  MAC addresses can be spoofed, too easy to break.
From there see to it that you have "trusted" systems inside their own perimiter network, only allow access through a firewalling-router [ not just the windows firewall ].
and work your way up.

Maybe you need to limit the access to a terminal server based soution, but then still anybody can make screenshots & photo's from a screen. [ the ultimate takeaway ].
Nagendra Pratap Singh

Enable auditing on the folder access/logon failures  etc. Hide the shares and remove NTFS permission for all extra people.

Check the logs for any attempts.

If you find any such attempts then fire the people.

Or your machines are accessible on the internet?
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.