is thre some advice to *not* use ntfs on removable media under xp?

is ntfs removable drive protected with accaunts accessible on other computer
[not the one formated it]?

what if other computer is or is not memeber of same domain like first?

if original computer is rebuilt [new install], is ntfs removable media still
accessible?

and what if data on removable media are crypted, are they readable only on
original computer?

are there some compactt link to address these basic questions?

some advice, thnx.

> is thre some advice to *not* use ntfs on removable media under xp?

For traditional small removable media, such as floppy diskettes,
advanced filesystems such as NTFS or Reiser are not recommended,
because they have too much overhead. FAT is better in that scenario,
because it leaves more space for your data.

For optical discs like CDs, filesystems based on ISO9660 (possibly
with extensions) are traditional and work well, so you'd want to have
some kind of _reason_ to use something different, but that doesn't
mean that NTFS would be unusable or even bad on them, if you had
some kind of actual reason for wanting to use it.

> is ntfs removable drive protected with accaunts accessible on other
> computer [not the one formated it]? what if other computer is or is
> not memeber of same domain like first? if original computer is
> rebuilt [new install], is ntfs removable media still accessible?

Filesystem permissions (well, restrictions, actually) are generally
only meaningful as long as you've booted from the system that set
them. If you toss a Knoppix CD in the drive and boot from that,
you can read (and, with captive-ntfs, also write) any of the files
on the disk, including protected system files, other users' private
files, whatever. The only exception to this is if the filesystem is
encrypted, which brings us to your next question:

> and what if data on removable media are crypted, are they
> readable only on original computer?

If the filesystem is encrypted, it is (barring that the encryption has
some large weakness and someone exploits that; e.g., PKWare's
zip file format's encryption is known to be weak) readable only
_with the encryption key_. This doesn't have to mean necessarily
that it's only readable on the original system, unless you lose the
key with the original system. If you are planning to encrypt anything
you don't want to lose, you should take suitable precautions to
avoid losing the key. This is true whether you're encrypting
individual files, archives of files, or entire filesystems.

Nathan Eady wrote on 24-Feb-2006 10:38 AM:
>
> Filesystem permissions (well, restrictions, actually) are generally
> only meaningful as long as you've booted from the system that set
> them.

If the permissions on the removeable media use only standard users or
user groups (eg, Administrator, Administrators, SYSTEM, Users, etc.)
then you can access the data on any NTFS system. If you use specific
user IDs, then the other systems will only see an unidentified GUID.

That said, most USB drives are small enough that FAT or FAT32 works
best. But if you have a big honking 200 GB USB drive, I'd recommend
using NTFS.

--
Kent

> > Filesystem permissions (well, restrictions, actually)
> > are generally only meaningful as long as you've booted
> > from the system that set them.
>
> If the permissions on the removeable media use only
> standard users or user groups (eg, Administrator,
> Administrators, SYSTEM, Users, etc.) then you can access
> the data on any NTFS system. If you use specific user IDs,
> then the other systems will only see an unidentified GUID.

I should have been more clear.

So let's say Alice is a sysadmin on Artichoke, which is
running Windows Server 2003. Alice pops a large removable
disk of some kind into the drive on Artichoke, creates an
NTFS filesystem on it, and uses it to back up the contents
of "Documents and Settings", including permissions. Alice
then unmounts the disk, labels it with a date and "Documents
and Settings Backup", then she sticks it back in to check on
how the permissions work. She logs in as Xosha, which is a
limited user account, and tries to read some private files
that are owned by Administrator, but the system won't let
her. Alice now believes the backup is secure, so she logs
out, takes out the disk, and entrusts it to Bob, who is
supposed to store it offsite, in case there's ever some kind
of building-level disaster.

Bob, strapped for cash and disgruntled, clandestinely sells
the disk to George, who works for a rival company. George
takes the disk to *his* computer, where he *has*
administrative privileges, and proceeds to read all of the
unencrypted data on the disk. George may mount the disk
on a Windows system at his company, or he may mount it
on his FreeBSD laptop the minute he gets it from Bob, or
he might take it back to the office and use his Solaris
workstation to mount it. It doesn't matter; any way you
look at it, the security of the data is compromised.

Do not trust ownerships and privileges on removable media.
Ownerships and privileges on removable media are insecure.
If you need to prevent unauthorized people from reading
anything you put on removable media, encrypt it, or store
it in a secure location.