Re: Password Protecting/Hiding Files & Folders Remotely on Windows Server???

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Something to look for with pgp is how you intend to recover if a) a user
loses their keys (hint: administrator usually do this for you if they are a
trusted agent) or b) a user that was securing information like this leaves
the company and doesn't have the key or fails to give it over (see previous
hint).

For what it's worth, I think it's best to go with the level of trust needed.
If you manage people, and I'm suspecting you do, then you'll have to
understand when a certain level of trust is needed. My argument is that this
is one of those. Making it a legal requirement of employment seems fair to
me but I am not familiar with the laws of your country or if there is any
redress if that trust is breached. Most countries have some sort of legal
action that is allowed and even expected for such breach of trust.

I also get the idea of trust but verify. No sense in giving away the keys
to the kingdom if you have no way to get them back. But at some point
you'll have to trust somebody else just as your boss trusts you and your IT
manager.

Hope it works out well.

Al



<shannonw@xxxxxxxxxxxxxxx> wrote in message
news:1159239684.010861.49170@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks for the feedback.

The Manager of IT can definitely be trusted and I am his senior so
between us I do not have a problem (We take the tapes off-site
ourselves and on-site tapes are stored under lock and key).

We have just employed an administrator to manage this process and I
guess I am over cautious especially with the CEO & CFO's documents - if
we don't get their buy-in on this project then it will go nowhere and I
know their main concern is security.

Based on your feedback I really only have 2 options:

1. Create an administration policy where I have the administrator sign
a document confirming their understanding of the nature of the data to
be stored and the privacy implications therein.
2. Tell users not to store sensitive information on the file server.

I am not concerned about hackers etc. - If they want to get in they
will... I want basic security for trusted people i.e. just enough to
feel safe in knowing they can't just double click and open any
document...

I am currently investigating pgp - I'll see how that goes.

Thanks for your help.
Shannon

Al Mulnick wrote:
Something I forgot to mention.

In your original plan, has nobody asked what it was you were going to do
to
safeguard the tapes from the same prying eyes? Are they stored off-site?
If
so, by whom? Do you know them? Trust them?

Al


"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:O$URsqP4GHA.292@xxxxxxxxxxxxxxxxxxxxxxx
I agree. At some point, if you have physical access to something, you
have
to assume that you *could* see that data. It's possible. Not always
likely, but possible.

No, for what you're trying to provide there is a level of trust
required
as Herb mentions. If that cannot be had, then perhaps they'd prefer to
use
an online backup service? That would help protect you against the issue
of
theft or other loss. The USB key stick I suggest helps with that as
well.

Al


"Hank Arnold" <rasilon@xxxxxxx> wrote in message
news:eIzEPaI4GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
You need to work with IT on how to get as much as you can
accomplished.

IMNSHO, you have to trust IT to do it's job. If you can't, then you
have
a *BIG* problem....

Regards,
Hank Arnold

shannonw@xxxxxxxxxxxxxxx wrote:
All I want to do is encourage other managers to store their files on
the server so that they can be backed up regularly. I can't do this
unless I can ensure that files such as:

- Employee Reviews
- Financial Budgets
- Incentive Plans

can be secured so that no prying eyes can view them. It is no point
only storing non-sensitive documents on the file server - if the
laptop
is lost or stolen, the sensitive documents will be the only ones
affected - and they're the most important!






.

Relevant Pages

  • Re: Transitive Trust
    ... Domain administrator in domain B can't by default administer domain A even ... Transitive trust means e.g. if A trust B and A trust C then B trust C and C ... > remove trusts from the other child domain within the ...
    (microsoft.public.win2000.security)
  • Re: AD and hidden admin shares
    ... Administrator come and go. ... But if you don't trust them, don't give them the abillity to do ... They're very handy tools. ... Hmm I mnot sure how these Admin shares can come in handy. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Migration trust error
    ... > I understand that you were unable to establish a trust between a Windows ... it was not removed from the registry on the primary ... Log on as an administrator to the domain from the PDC. ... Highlight the SAM key. ...
    (microsoft.public.windows.server.migration)
  • RE: Error creating trust between NT 4 and new 2003 server
    ... Did you have ever trust other domain on this PDC? ... Using Registry Editor incorrectly can cause serious, ... Log on as an administrator to the domain from the PDC. ... Highlight the SAM key. ...
    (microsoft.public.windows.server.migration)
  • Re: Digital signatures
    ... You can choose to trust whomever you wish. ... In PGP, you have ... key that's used for this encryption is generated ... to use a rubber hose attack to beat the information out of you. ...
    (Fedora)