michaaal said:
In the past I have found that you can take any Windows 2000 Pro hard
drive and set it up as a slave on another Windows 2000 Pro hard
drive and you can read it. And if there is a permissions problem
you can just "take ownership" and the problem is solved.
Is there any way to make it so that my hard drive is not readable
when put into another computer as a slave?
Use EFS.
The permissions for SIDs are controlled only by the instance of the
OS that created them. When you move the drive to another machine,
it is highly unlikely the same SIDs are created, and the SAM will be
different. Since the other instance of the OS has no info regarding
permissions on SIDs it didn't create, no [restrictive] permissions
get enforced. The only account that probably retains permissions is
Administrator since, I believe, Windows uses the same SID on every
install for the Administrator account. So permissions for
Administrator on one hard drive in one instance of Windows when the
drive gets moved to a different instance of Windows will still get
those Administrator permissions enforced. But, as you've mentioned,
you can still take permission by any account in the Administrators
group (and the Administrator on the second instance of Windows would
have the same permissions on the files as the Administrator on the
drive from the first instance of Windows). This is a big loophole
in Windows file-based security, but I'm not sure it's just a Windows
defect. How would any instance of an OS know how to enforce
permissions on a drive for files on which permissions were
established for accounts in a different instance of the OS? Those
accounts are not known to the second instance of the OS. I suppose
one behavior would be to disallow all access to any files in which
permissions were defined for accounts that were unknown (i.e., not
defined in that instance of the OS).
If you use EFS (encrypting file system) to secure files and/or
directories, they won't be readable on the second instance of the OS
to which the drive gets moved. That's because the second instance
of the OS won't have the security certificate. So it behooves you
to export your certificates to floppy or CD media and lock it up.
Then when you have to move the drive, or after a fresh reinstall of
Windows, you'll have the security certificate to import to gain read
access to the EFS-protected files. Users on the other instance of
Windows won't be able to read the EFS-protected files. However, the
Administrator might still be able to read those files. EFS won't
eliminate the Administrator from taking ownership, but if you set
permissions in EFS to remove the Administrator account or group
(i.e., only *your* account is list) then they won't be able to see
into the file. So you can use EFS to even hide the contents of
files from administrators, but you won't stop them from changing
ownership or permissions (so even if they cannot see into the file,
they can still steal it away from you and prevent you from getting
to it). Be sure to export the security certificate(s) so you can
recover from a fresh reinstall or when migrating to another instance
of the OS.
