Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

File Permissions, Widnows 2000 Professional 1

Status
Not open for further replies.
oceanone

oceanone

Technical User
Oct 15, 2001
17
US
Hello, We have installed several PCs running Windows 2000 Professional at work, and of course, we have the admin password to get into those Windows 2K pro. workstations. Users are assigned only Power Users right to those PCs. Many confidential excel files and folders are being saved into these PCs, and users don't want anybody can see those files and folders including the administrator. I already set the owner of the files is the only one who has full control, and nobody else has access to it. When I logged in as the admin and tried to open the files, I got "access denied" message. However, I know I am still be able to take ownership of the file because I log in as the admin. I also know that admin has implicit ability to take ownership of any files in the system. Does anybody know is there any way the owner of file can block others including the admin from accessing the files? Thanks
 
Sort by date Sort by votes
The admin. should be able to access any file, but the owner may use cryptification to hide the content of the files.
 
Upvote 0 Downvote
Don't store the files on the PC - USB flash disks are cheap enough these days.

John
 
Upvote 0 Downvote
Enable encryption on the folder that the file slay in; then ensure that the domain(or local PC) has a designated recovery agent in case the files need to be recovered and the person who encrypted them has left the company or forgerts their NT logon or whatever...

Back up the files on a regular basisi and remember, once these files are encrypted using EFS, there is only two ways to view them:

User who was logged into PC and/or users given permission after encryption can view/copy/paste/edit/delete the files

and recovery agent..thats it, anyone else will receive access denied when attempting to do anything but list the files.

Cheers,

J
 
Upvote 0 Downvote
One more thing; by default the local administrator is the recovery agent when not working in a domain environment; you would want to remove that and add a domain admin as the recovery agent...someone who can be trusted obviously

Cheers,

jatcan
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Deleting a file 1
Replies
13
Views
207
dik
dik
pjw001
  • Locked
  • Question
Windows 11 File Explorer Preview Pane for PDF files
Replies
2
Views
160
pjw001
pjw001
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
190
spamjim
spamjim
pjw001
  • Locked
  • Question
File Explorer New File Menu (Windows 8)
Replies
1
Views
105
pjw001
pjw001
dik
  • Locked
  • Question
Microsoft File Explorer 2
Replies
13
Views
206
dik
dik

Part and Inventory Search

Sponsor

Back
Top