• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

passwords in excel

If a user has NTFS read, write, execute permissions to a spreadsheet (password protected), can they still delete the excel xlsx file? Or does the fact they have a password on the spreadsheet mitigate if a user can delete the file or not (not sure if there are numerous types of password one for access or one for stuff like move/delete etc)?

Are excel passwords still deemed to be quite weak and easily cracked - i.e. are NTFS more effeective than excel passwords for security.
0
pma111
Asked:
pma111
2 Solutions
 
regmigrantCommented:
The OS has no reference to the Excel password on a spread sheet, its only 'read' when Excel tries to open the file so the OS can always delete it because the permissions on the folder apply at the file level (regardless of application). - this is standard behaviour on every OS as far as I'm aware

You could use document management system (like sharepoint or a more grown up one) and a macro to ensure that a particular worksheet could not be deleted if it was marked appropriately.

As far the passwords themselves the passwords are more about preventing accidental (or malicious) updates by people who have been given access to the files rather than 'encryption' to keep people out of the file in the first place. So you need to decide which you want. A brute force attack would break an 8 digit password in a few hundred years.

The NTFS passwords are tougher to crack but still open to brute force by those with time and inclination.

The only way to both prevent unauthorised deletion and protect the content is to Encrypt the file at the OS level - then you need an NTFS password to log in, a decrypt password to open and the Excel password to allow editing etc.

In other words - you need to define what you are trying to achieve and choose the appropriate toll at the appropriate level - "defence in depth"

Reg
0
 
pma111Author Commented:
Is it the NTFS "write" permission that allows a user to delete a file, my understanding was NTFS "read" permissions let them potentially open it but they couldnt move or delete it? Is that correct?
0
 
regmigrantCommented:
Here's a summary of the various permissions
http://technet.microsoft.com/en-us/library/cc732880.aspx


You are correct that Read does not allow delete but in order to update you need to grant them Write - they still can't delete unless they also have modify (or full control) - however you would then be relying on Excel to prevent them from simply erasing the data in the file and saving it empty

Reg
0
 
byundtCommented:
Excel 2013 has more robust worksheet password protection (512 bit with a "salt") than previous versions. The password can no longer be cracked using the widely available Bob McCormick brute force macro originally posted (May 22, 2001) in the Microsoft newsgroups. You can still crack it with a manual method, but you have to know how.
0
 
tliottaCommented:
Note that Write permission can effectively be the same as Delete, and potentially worse, since the file can be written with essentially no (useful) content. That is, in many cases, erasing content can be worse than deleting the file because there may be less indication that the file (content) is gone.

Tom
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now