Taking access rights from the System

Hi Guys! I am making Cryptolocker-safe backup.

The idea is that I have a HDD where only BACKUP user can change files. Admin and System can only view.

The setup works, but the Windows is constantly reporting corruption of HDD and RecycleBin due to lack of access rights.

What special rights I need to set-up to fix this?

Thanks!
mrmutAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
What account will cryptolocker use? It will use the user account, not the system account. So normally you won't need to keep the system account from writing there. If you insist on doing that, take a separate folder and you will not have these problems.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mrmutAuthor Commented:
I am not sure what account will Cryptolocker use, but I don't particularly trust System. How hard - or easy is to subvert System?
0
McKnifeCommented:
It is only possible if you are already administrator. And even then, you still need to circumvent UAC. So it is hard. And please don't think it would act as system. It would definitely act as the user himself, because that way, it could do maximum damage. The system account could not reach network drives, that's why.
0
mrmutAuthor Commented:
Ha! I forgot about System network access! The UAC is a problem, as it is off or nonexistent on most systems I am looking to implement this.

I will probably just ban everyone from backup folder, and that's it.

Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.