How can I get access to files and folders on my portable drive on other computers?

[Dmitry Kopnichev]

Our domain administrator will not take ownership because I will see it. If I
will see it he could lose his job.

Only General manager is supposed to see all the information. But he will
not administrate the network himself of course. General manager has even
a second computer separate from the Admins network to keep information
securely. Our Admin is two times younger than most of our specialists and
has only computer education and is not devoted to our business as the
General manager is. A company can never take just a computer specialist
into it's confidence, can never entrust all its commercial information to
him.

As others have pointed out you need to rethink your business model when it
comes to computers. With today's technology the network administrator will
potentially have access to everything. You can use auditing to see what
has been done but it's pretty hard to stop it from being done. The only
way I know to get around this is to keep data that sensitive on a computer
not connected to the LAN or use 3rd party encryption software.

Kerry

Why do you think the data isn't supposed to be on my computer? Our
Admin
just keeps the network working, they are not supposed to see all the
commercial data that other specialists possess.

You are wrong, the network admin can and will be able to see all data on
the network, if you don't trust the network admin then you need to get a
new one.

It really seems like you're doing something you don't need to be doing
and that you feel you have a reason to hide.



"Lanwench [MVP - Exchange]"
message


In Dmitry Kopnichev <[email protected]> typed:
Hello
How can I get access to my files and folders on my portable drive on
other computers? I do not want to give access to a Windows XP group
because I don't want
Administrators of our domain have direct access to my files on the
drive. They will not take ownership because I will see the taking. I
want to get access by a password.

Roger's reply re NTFS is correct. However, if you're trying to bypass
your
network admins, and you are not officially one yourself, I can't help
you.
If the data isn't supposed to be on your computer/on the network,
don't do
it.

 

[Roger Abell]

Neither does use of Users
Remember, the grant is only needed while defining a new
specific user grant, and you certainly could have the network
wire disconnected during that time.

 

[Dmitry Kopnichev]

"Admins having full access to everything by default" is the cause of CDs
with sensitive information appearing on a black market. Some Admins steal
personal information about customers, especially, users of mobile networks,
owners of properties, money orders logs, bank transactions logs, etceteras,
before changing work. These information is invaluable for criminals,
thieves, robbers, killers for searching for their victim.
Admins do not lose much if a company loses its sensitive information. They
can always find another work, but owners lose money and top managers work
and their credit.

 

[Dmitry Kopnichev]

I would have to do disconnect too often.

Neither does use of Users
Remember, the grant is only needed while defining a new
specific user grant, and you certainly could have the network
wire disconnected during that time.

 

[Roger Abell]

You must have a lot of different machines not in domain(s)
where use of this external storage would be needer.

 

[Dmitry Kopnichev]

Yes.
This drive contains 25 GB of information. I almost never save files to local
HDDs, but to the portable drive.

 

[Kerry Brown]

"Admins having full access to everything by default" is the cause of CDs
with sensitive information appearing on a black market. Some Admins steal
personal information about customers, especially, users of mobile
networks, owners of properties, money orders logs, bank transactions logs,
etceteras, before changing work. These information is invaluable for
criminals, thieves, robbers, killers for searching for their victim.
Admins do not lose much if a company loses its sensitive information. They
can always find another work, but owners lose money and top managers work
and their credit.

You have several options. Most of the computer related ones have already
been explained to you. If none of those work for you, you will have to do
some more research. Personally I believe you need to rethink you company's
hierarchy. If your data is that sensitive you need to do one of two things.
Hire someone you trust to manage your network. Train an existing empoyee you
trust to manage your network. If it is so lucrative to steal your data then
you can afford to pay someone enough that they won't steal your data. Most
organizations and governments have policies to deal with this issue. In the
end what it comes down to is trust. It sounds like you don't have any. You
could physically search your admin as he leaves the building.

Kerry

 

[Roger Abell]

You have several options. Most of the computer related ones have already
been explained to you. If none of those work for you, you will have to do
some more research. Personally I believe you need to rethink you company's
hierarchy. If your data is that sensitive you need to do one of two things.
Hire someone you trust to manage your network. Train an existing empoyee you
trust to manage your network. If it is so lucrative to steal your data then
you can afford to pay someone enough that they won't steal your data. Most
organizations and governments have policies to deal with this issue. In the
end what it comes down to is trust. It sounds like you don't have any. You
could physically search your admin as he leaves the building.

Funning you say that. Last night I was considering how much
one would have to pay a net admin to sit all day naked in a
glass cage while working and to be searched on the way to
the locker at the end of the day.

--
Roger

 

[Kerry Brown]

Funning you say that. Last night I was considering how much
one would have to pay a net admin to sit all day naked in a
glass cage while working and to be searched on the way to
the locker at the end of the day.

I was thinking of diamond mines while writing the post

Kerry

 

[Dmitry Kopnichev]

Not giving access to sensitive data to the domain administrator is more
effective.

"Admins having full access to everything by default" is the cause of CDs
with sensitive information appearing on a black market. Some Admins steal
personal information about customers, especially, users of mobile
networks, owners of properties, money orders logs, bank transactions
logs, etceteras, before changing work. These information is invaluable
for criminals, thieves, robbers, killers for searching for their victim.
Admins do not lose much if a company loses its sensitive information.
They can always find another work, but owners lose money and top managers
work and their credit.

You have several options. Most of the computer related ones have already
been explained to you. If none of those work for you, you will have to do
some more research. Personally I believe you need to rethink you company's
hierarchy. If your data is that sensitive you need to do one of two
things. Hire someone you trust to manage your network. Train an existing
empoyee you trust to manage your network. If it is so lucrative to steal
your data then you can afford to pay someone enough that they won't steal
your data. Most organizations and governments have policies to deal with
this issue. In the end what it comes down to is trust. It sounds like you
don't have any. You could physically search your admin as he leaves the
building.

Kerry

 

[Dmitry Kopnichev]

Yes. It is more effective just not give access to the data.

You have several options. Most of the computer related ones have already
been explained to you. If none of those work for you, you will have to do
some more research. Personally I believe you need to rethink you
company's
hierarchy. If your data is that sensitive you need to do one of two things.
Hire someone you trust to manage your network. Train an existing empoyee you
trust to manage your network. If it is so lucrative to steal your data then
you can afford to pay someone enough that they won't steal your data.
Most
organizations and governments have policies to deal with this issue. In the
end what it comes down to is trust. It sounds like you don't have any.
You
could physically search your admin as he leaves the building.

Funning you say that. Last night I was considering how much
one would have to pay a net admin to sit all day naked in a
glass cage while working and to be searched on the way to
the locker at the end of the day.

--
Roger

 

[Roger Abell]

Not giving access to sensitive data to the domain administrator is more
effective.

While that may be so, the best, in fact only, way to do that
is to have no domain.

--
Roger Abell
Microsoft MVP (Windows Security)

"Admins having full access to everything by default" is the cause of CDs
with sensitive information appearing on a black market. Some Admins steal
personal information about customers, especially, users of mobile
networks, owners of properties, money orders logs, bank transactions
logs, etceteras, before changing work. These information is invaluable
for criminals, thieves, robbers, killers for searching for their victim.
Admins do not lose much if a company loses its sensitive information.
They can always find another work, but owners lose money and top managers
work and their credit.

You have several options. Most of the computer related ones have already
been explained to you. If none of those work for you, you will have to do
some more research. Personally I believe you need to rethink you company's
hierarchy. If your data is that sensitive you need to do one of two
things. Hire someone you trust to manage your network. Train an existing
empoyee you trust to manage your network. If it is so lucrative to steal
your data then you can afford to pay someone enough that they won't steal
your data. Most organizations and governments have policies to deal with
this issue. In the end what it comes down to is trust. It sounds like you
don't have any. You could physically search your admin as he leaves the
building.

Kerry

 

[Dmitry Kopnichev]

Our domain is needed for our women usually and Windows XP illiterate workers
who can not administer their Windows XP themselves.

Not giving access to sensitive data to the domain administrator is more
effective.

While that may be so, the best, in fact only, way to do that
is to have no domain.

--
Roger Abell
Microsoft MVP (Windows Security)

 

[Leythos]

Not giving access to sensitive data to the domain administrator is more
effective.

No, it's not more effective, it's a lost cause as you do not understand
how Network Administration is handled. If you need a secure area, one
that the normal network administrator can not access, then you create a
separate network or you setup a firewall area where the protected
network can reach the unprotected network, but the unprotected network
can't reach the protected network, and you don't have systems in the
protected network as part of the domain.

If you better understood the ideals of a Network and the ideals of a
network administrator you would have a much easier management time.

 

[Leythos]

Our domain is needed for our women usually and Windows XP illiterate workers
who can not administer their Windows XP themselves.

Administration of Windows XP has nothing to do with a Domain - you can
manage Windows XP without a Domain - any good Network Administrator
would already know that and how to do it.

All computers should be locked down for all users, exceptions can be
made for specific special cases.

It's starting to appear that you are making decisions and managing
without understanding the basic network administration concepts and that
will be the ruin of your network scheme.

 

[Kerry Brown]

Yes. It is more effective just not give access to the data.

While it may be more effective it is not possible with your current network.
Change your network, or change your management style. These are your
alternatives. I'm tired of going around in circles. You have been given good
advice by many people. If you don't trust anyone then you'll have to do it
yourself. As others pointed out it sounds like you don't have the knowledge
required to do this. This means you will have to learn it. It can't be
taught via a newsgroup. I suggest you look into some courses on networking
and computer security.

Kerry