Link to home
Start Free TrialLog in
Avatar of AXISHK
AXISHK

asked on

Protect file copying on a Window Domain

I have highly confidential files stored in Window 2003 / 2008 server. Is there a way to only allow internal access of these files. Users couldn't access the files in their personal computer, or copy through the USB port.

Any recommendation ?

Thanks
Avatar of Raiduu
Raiduu
Flag of Estonia image

Hello!

Under internal access you mean only you can access them or only from the local network? There's no way you can disable the copying if you allow users to look at the files and open them. They can save them to their computer and copy from there. The only solution to this is to limit access to those files that only you can see them. As I know there isn't much that you can do about this. You can limit the internet access via MAC address so they can not connect their personal computers to the network without talking to you.

I hope this gives you your answer.
Avatar of AXISHK
AXISHK

ASKER

But can I prevent unauthorized computer to access my domain - ie computer without granting into my domain.

In addition, is there a way to block the USB access for my domain computers such that they couldn't access the USB drive.

Thanks
SOLUTION
Avatar of Raiduu
Raiduu
Flag of Estonia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Lucian Constantin
I think this could help you: Active Directory Rights Management Services
You need to block them from the network in the first place...
So start at the network ports look into 802.1x, radius etc. to manage switch ports based on
certificates etc.  MAC addresses can be spoofed, too easy to break.
From there see to it that you have "trusted" systems inside their own perimiter network, only allow access through a firewalling-router [ not just the windows firewall ].
and work your way up.

Maybe you need to limit the access to a terminal server based soution, but then still anybody can make screenshots & photo's from a screen. [ the ultimate takeaway ].
Enable auditing on the folder access/logon failures  etc. Hide the shares and remove NTFS permission for all extra people.

Check the logs for any attempts.

If you find any such attempts then fire the people.

Or your machines are accessible on the internet?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial