We help IT Professionals succeed at work.

Taking access rights from the System

Hi Guys! I am making Cryptolocker-safe backup.

The idea is that I have a HDD where only BACKUP user can change files. Admin and System can only view.

The setup works, but the Windows is constantly reporting corruption of HDD and RecycleBin due to lack of access rights.

What special rights I need to set-up to fix this?

Thanks!
Comment
Watch Question

Distinguished Expert 2019
Commented:
What account will cryptolocker use? It will use the user account, not the system account. So normally you won't need to keep the system account from writing there. If you insist on doing that, take a separate folder and you will not have these problems.

Author

Commented:
I am not sure what account will Cryptolocker use, but I don't particularly trust System. How hard - or easy is to subvert System?
Distinguished Expert 2019

Commented:
It is only possible if you are already administrator. And even then, you still need to circumvent UAC. So it is hard. And please don't think it would act as system. It would definitely act as the user himself, because that way, it could do maximum damage. The system account could not reach network drives, that's why.

Author

Commented:
Ha! I forgot about System network access! The UAC is a problem, as it is off or nonexistent on most systems I am looking to implement this.

I will probably just ban everyone from backup folder, and that's it.

Thanks.