?
Solved

passwords in excel

Posted on 2013-11-26
5
Medium Priority
?
273 Views
Last Modified: 2013-11-28
If a user has NTFS read, write, execute permissions to a spreadsheet (password protected), can they still delete the excel xlsx file? Or does the fact they have a password on the spreadsheet mitigate if a user can delete the file or not (not sure if there are numerous types of password one for access or one for stuff like move/delete etc)?

Are excel passwords still deemed to be quite weak and easily cracked - i.e. are NTFS more effeective than excel passwords for security.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 19

Accepted Solution

by:
regmigrant earned 1000 total points
ID: 39677383
The OS has no reference to the Excel password on a spread sheet, its only 'read' when Excel tries to open the file so the OS can always delete it because the permissions on the folder apply at the file level (regardless of application). - this is standard behaviour on every OS as far as I'm aware

You could use document management system (like sharepoint or a more grown up one) and a macro to ensure that a particular worksheet could not be deleted if it was marked appropriately.

As far the passwords themselves the passwords are more about preventing accidental (or malicious) updates by people who have been given access to the files rather than 'encryption' to keep people out of the file in the first place. So you need to decide which you want. A brute force attack would break an 8 digit password in a few hundred years.

The NTFS passwords are tougher to crack but still open to brute force by those with time and inclination.

The only way to both prevent unauthorised deletion and protect the content is to Encrypt the file at the OS level - then you need an NTFS password to log in, a decrypt password to open and the Excel password to allow editing etc.

In other words - you need to define what you are trying to achieve and choose the appropriate toll at the appropriate level - "defence in depth"

Reg
0
 
LVL 3

Author Comment

by:pma111
ID: 39677415
Is it the NTFS "write" permission that allows a user to delete a file, my understanding was NTFS "read" permissions let them potentially open it but they couldnt move or delete it? Is that correct?
0
 
LVL 19

Expert Comment

by:regmigrant
ID: 39677460
Here's a summary of the various permissions
http://technet.microsoft.com/en-us/library/cc732880.aspx


You are correct that Read does not allow delete but in order to update you need to grant them Write - they still can't delete unless they also have modify (or full control) - however you would then be relying on Excel to prevent them from simply erasing the data in the file and saving it empty

Reg
0
 
LVL 81

Assisted Solution

by:byundt
byundt earned 1000 total points
ID: 39679617
Excel 2013 has more robust worksheet password protection (512 bit with a "salt") than previous versions. The password can no longer be cracked using the widely available Bob McCormick brute force macro originally posted (May 22, 2001) in the Microsoft newsgroups. You can still crack it with a manual method, but you have to know how.
0
 
LVL 27

Expert Comment

by:tliotta
ID: 39682937
Note that Write permission can effectively be the same as Delete, and potentially worse, since the file can be written with essentially no (useful) content. That is, in many cases, erasing content can be worse than deleting the file because there may be less indication that the file (content) is gone.

Tom
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question