If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
|
#1
|
|||
|
|||
Log access or prevent access to private/confidential information.
Hi,
I would like to be able to log access to my folders from the network. That is, I want to know when an administrator has accessed my drive. I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. |
#2
|
|||
|
|||
Ask your administrators.
--=20 -------------------------------------------------------------------------= ------------------------- http://webdiary.smh.com.au/archives/...nt/001075.html =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D "Robin Tucker" wrote in message = ... Hi, =20 I would like to be able to log access to my folders from the network. = That=20 is, I want to know when an administrator has accessed my drive. I = have=20 private/confidential information on my PC and do not want = administrators to=20 be able to access it, unless I give explicit permission. How can I = achieve=20 this? =20 Thanks, =20 =20 Robin.=20 =20 |
#3
|
|||
|
|||
In ,
Robin Tucker had this to say: My reply is at the bottom of your sent message: Hi, I would like to be able to log access to my folders from the network. That is, I want to know when an administrator has accessed my drive. I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. As has been mentioned by David Candy, ask them. If you have, as it seems, administrators then the implication is that the PC doesn't belong to you. Private/confidential information should not really be kept on property not belonging to you and the company has a right (and perhaps and obligation) to monitor the contents of their property. Given that they're the admins and likely able to access your account at any time (and probably have rules regarding third party software installations) your best bet would be to accept that anything you put on the work computer belongs, by default, to the company or at least gives them rights to access it with or without your consent. Your personal computing should probably be done at home -- if you want to keep your job. More and more companies, for various reasons, are starting to not only monitor internet access but files on their PCs. With the increase in various regulations (Sarbox, HIPPA, etc) it's in your best interest to really keep your personal, private, and confidential data on a system that you are the only administrator of. Note that this is mostly a U.S. thing though the EU and surely other countries have similar policies. Galen -- "You know that a conjurer gets no credit when once he has explained his trick; and if I show you too much of my method of working, you will come to the conclusion that I am a very ordinary individual after all." Sherlock Holmes |
#4
|
|||
|
|||
Yes, it is company property. No, I am not asking that MY PERSONAL
INFORMATION be locked down. The administrators should not have the right to view any/all information, some of which is potentially confidential such as, for example, Personel Records. No I am not a n00b sitting in a cubicle passing wind every 30 seconds. I am genuiunely asking this question, for the purposes of security of personal information. How can we allow administration of a network/domain, but protect information from prying eyes, be they administrators or not. Thankyou. "Galen" wrote in message ... In , Robin Tucker had this to say: My reply is at the bottom of your sent message: Hi, I would like to be able to log access to my folders from the network. That is, I want to know when an administrator has accessed my drive. I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. As has been mentioned by David Candy, ask them. If you have, as it seems, administrators then the implication is that the PC doesn't belong to you. Private/confidential information should not really be kept on property not belonging to you and the company has a right (and perhaps and obligation) to monitor the contents of their property. Given that they're the admins and likely able to access your account at any time (and probably have rules regarding third party software installations) your best bet would be to accept that anything you put on the work computer belongs, by default, to the company or at least gives them rights to access it with or without your consent. Your personal computing should probably be done at home -- if you want to keep your job. More and more companies, for various reasons, are starting to not only monitor internet access but files on their PCs. With the increase in various regulations (Sarbox, HIPPA, etc) it's in your best interest to really keep your personal, private, and confidential data on a system that you are the only administrator of. Note that this is mostly a U.S. thing though the EU and surely other countries have similar policies. Galen -- "You know that a conjurer gets no credit when once he has explained his trick; and if I show you too much of my method of working, you will come to the conclusion that I am a very ordinary individual after all." Sherlock Holmes |
#5
|
|||
|
|||
You need to ask your administrators how to do this. Admins can't =
secretly peek at your documents. They are in charge and may prefer you = to do it their way. They are the experts in your company on this = subject. But basically you can't stop them but nor can they do it = secretly. Admins are used to concerns like this. To take action without their = approval could be a criminal offense. --=20 -------------------------------------------------------------------------= ------------------------- http://webdiary.smh.com.au/archives/...nt/001075.html =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D "Robin Tucker" wrote in message = ... Yes, it is company property. No, I am not asking that MY PERSONAL=20 INFORMATION be locked down. The administrators should not have the = right to=20 view any/all information, some of which is potentially confidential = such as,=20 for example, Personel Records. No I am not a n00b sitting in a = cubicle=20 passing wind every 30 seconds. I am genuiunely asking this question, = for=20 the purposes of security of personal information. How can we allow=20 administration of a network/domain, but protect information from = prying=20 eyes, be they administrators or not. =20 Thankyou. =20 =20 =20 "Galen" wrote in message=20 ... In , Robin Tucker had this to say: My reply is at the bottom of your sent message: Hi, I would like to be able to log access to my folders from the = network. That is, I want to know when an administrator has accessed my drive. = I=20 have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. As has been mentioned by David Candy, ask them. If you have, as it = seems,=20 administrators then the implication is that the PC doesn't belong to = you.=20 Private/confidential information should not really be kept on = property not=20 belonging to you and the company has a right (and perhaps and = obligation)=20 to monitor the contents of their property. Given that they're the = admins=20 and likely able to access your account at any time (and probably have = rules regarding third party software installations) your best bet = would be=20 to accept that anything you put on the work computer belongs, by = default,=20 to the company or at least gives them rights to access it with or = without=20 your consent. Your personal computing should probably be done at home -- if you = want to=20 keep your job. More and more companies, for various reasons, are = starting=20 to not only monitor internet access but files on their PCs. With the=20 increase in various regulations (Sarbox, HIPPA, etc) it's in your = best=20 interest to really keep your personal, private, and confidential data = on a=20 system that you are the only administrator of. Note that this is = mostly a=20 U.S. thing though the EU and surely other countries have similar = policies. Galen --=20 "You know that a conjurer gets no credit when once he has explained = his trick; and if I show you too much of my method of working, you will come to the conclusion that I am a very ordinary individual after = all." Sherlock Holmes =20 =20 |
#6
|
|||
|
|||
In ,
Robin Tucker had this to say: My reply is at the bottom of your sent message: Yes, it is company property. No, I am not asking that MY PERSONAL INFORMATION be locked down. The administrators should not have the right to view any/all information, some of which is potentially confidential such as, for example, Personel Records. No I am not a n00b sitting in a cubicle passing wind every 30 seconds. I am genuiunely asking this question, for the purposes of security of personal information. How can we allow administration of a network/domain, but protect information from prying eyes, be they administrators or not. Thankyou. "Galen" wrote in message ... In , Robin Tucker had this to say: My reply is at the bottom of your sent message: Hi, I would like to be able to log access to my folders from the network. That is, I want to know when an administrator has accessed my drive. I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. As has been mentioned by David Candy, ask them. If you have, as it seems, administrators then the implication is that the PC doesn't belong to you. Private/confidential information should not really be kept on property not belonging to you and the company has a right (and perhaps and obligation) to monitor the contents of their property. Given that they're the admins and likely able to access your account at any time (and probably have rules regarding third party software installations) your best bet would be to accept that anything you put on the work computer belongs, by default, to the company or at least gives them rights to access it with or without your consent. Your personal computing should probably be done at home -- if you want to keep your job. More and more companies, for various reasons, are starting to not only monitor internet access but files on their PCs. With the increase in various regulations (Sarbox, HIPPA, etc) it's in your best interest to really keep your personal, private, and confidential data on a system that you are the only administrator of. Note that this is mostly a U.S. thing though the EU and surely other countries have similar policies. Galen -- "You know that a conjurer gets no credit when once he has explained his trick; and if I show you too much of my method of working, you will come to the conclusion that I am a very ordinary individual after all." Sherlock Holmes As has been pointed out already you really can't. The admin can simply take your account, kill your password, use your encrypted files, and take ownership of any file they want. Depending on whom you work for or where you live I'd contend that they CAN do so without prior notice legally. There's the moral issue but, well, the PC doesn't belong to you. In my country, the USA, they don't need your permission to look at the computer's files - they need the permission of the owner of the computer. One of the main concerns here is that you'd want to be able to allow these same admins, whom you're trying to keep out, to be able to recover your PC and it's information in the event of failure. If the problem is trust then perhaps you need better admins or an established corporate policy dealing with this. A third party encryption tool (properly used with a strong password and at least 128 bit encryption) would do you well and if allowed to be configured/installed would suit your needs. Again, this likely violates any policy you may have in place or certainly makes the admin's job more difficult when things go corrupted/kabloey and you need recovery. Who then, for instance, would you trust to be the person to hold the second copy of the key for opening these files? The admin or a sticky pad stuck to the underside of your desk? Following the directions below, using encryption and file permissions, is just false security. Any admin worth their salt still has complete access. It might take an extra two or three minutes to figure out what you've done but, well, fortunately encrypted files come pre-colored so you know which ones they are. Grabbing ownership of a file is all of thirty seconds work at best. Installing a third party encryption tool without sanction from your boss is a "sackable" offense. Failure to provide a fail-safe should that encrypted file become corrupt is also a fireable offense too. The best options are to ask the admin and your supervisor. Write up an email and CC it to both your boss and the head of your IT Department describing what you want to do, why, and your goals. Your goals being pretty simple (and honorable from my perspective) in that you're trying to keep personal/HR-type data private for the sake of the employees? Explaining that and finding a compromise is the goal - not complete usurpation of ability (nor false sense of security) which is sure to result in disciplinary actions in any reputable business. Please don't think for a minute that I don't think you're justified in your ideals but rather your methods are subject to some very basic flaws which I believe I've covered above. Galen -- "You know that a conjurer gets no credit when once he has explained his trick; and if I show you too much of my method of working, you will come to the conclusion that I am a very ordinary individual after all." Sherlock Holmes |
#7
|
|||
|
|||
"Robin Tucker" wrote in message
... Hi, I would like to be able to log access to my folders from the network. That is, I want to know when an administrator has accessed my drive. I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. Robin, I don't think you can log access to folders. I've certainly not come across a way to do it. In terms of preventing administrators or any others from accessing your folders, there are a few options: 1. Use file permissions. Using windows explorer, right click the folder you want to protect, select properties. Then on the "Security" tab you have control over who has permissions to view, edit, etc on the folder. To stop system administrators I think you will need to revoke access to "Administrators". But review each of the permissions because I think the logic is to grant access to someone if they have access via any of the accounts/groups listed. You will also need to consider permissions on the files themselves. If you can't view or change the security permissions then its likely that the system administrators have locked this out - after all, fiddling with the file permissions in say the windows folder and you could break your system. 2. Encrypt your files. If you have your disk formatted NTFS then you can encrypt files (file properties general Advanced), but if you encrypt a file then I think that only you can read it - which isn't any good if you need to share the file with anyone else. Hope this helps, Brian. www.cryer.co.uk/brian |
#8
|
|||
|
|||
This is exactly the information I needed. Thankyou very much.
"Brian Cryer" wrote in message ... "Robin Tucker" wrote in message ... Hi, I would like to be able to log access to my folders from the network. That is, I want to know when an administrator has accessed my drive. I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. Robin, I don't think you can log access to folders. I've certainly not come across a way to do it. In terms of preventing administrators or any others from accessing your folders, there are a few options: 1. Use file permissions. Using windows explorer, right click the folder you want to protect, select properties. Then on the "Security" tab you have control over who has permissions to view, edit, etc on the folder. To stop system administrators I think you will need to revoke access to "Administrators". But review each of the permissions because I think the logic is to grant access to someone if they have access via any of the accounts/groups listed. You will also need to consider permissions on the files themselves. If you can't view or change the security permissions then its likely that the system administrators have locked this out - after all, fiddling with the file permissions in say the windows folder and you could break your system. 2. Encrypt your files. If you have your disk formatted NTFS then you can encrypt files (file properties general Advanced), but if you encrypt a file then I think that only you can read it - which isn't any good if you need to share the file with anyone else. Hope this helps, Brian. www.cryer.co.uk/brian |
#9
|
|||
|
|||
Admins can take ownership of any file. File permissions won't help. =
Admins can reset the user's password and login and access encrypted = files. --=20 -------------------------------------------------------------------------= ------------------------- http://webdiary.smh.com.au/archives/...nt/001075.html =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D "Brian Cryer" wrote in message = ... "Robin Tucker" wrote in message=20 ... Hi, I would like to be able to log access to my folders from the network. = That is, I want to know when an administrator has accessed my drive. = I=20 have private/confidential information on my PC and do not want=20 administrators to be able to access it, unless I give explicit = permission.=20 How can I achieve this? Thanks, Robin. =20 Robin, =20 I don't think you can log access to folders. I've certainly not come = across=20 a way to do it. =20 In terms of preventing administrators or any others from accessing = your=20 folders, there are a few options: =20 1. Use file permissions. Using windows explorer, right click the = folder you=20 want to protect, select properties. Then on the "Security" tab you = have=20 control over who has permissions to view, edit, etc on the folder. To = stop=20 system administrators I think you will need to revoke access to=20 "Administrators". But review each of the permissions because I think = the=20 logic is to grant access to someone if they have access via any of the = accounts/groups listed. You will also need to consider permissions on = the=20 files themselves. If you can't view or change the security = permissions then=20 its likely that the system administrators have locked this out - after = all,=20 fiddling with the file permissions in say the windows folder and you = could=20 break your system. =20 2. Encrypt your files. If you have your disk formatted NTFS then you = can=20 encrypt files (file properties general Advanced), but if you = encrypt a=20 file then I think that only you can read it - which isn't any good if = you=20 need to share the file with anyone else. =20 Hope this helps, =20 Brian. =20 www.cryer.co.uk/brian =20 |
#10
|
|||
|
|||
Yes indeed they can. But a reset password will give me some indication that this has been done. Note: I am not seeking to make sure this information *cannot ever be access by any administrator at any time*, I am merely wanting such information to be accessed with my or my managers permission in such circumstances as this may be neccessary. With this method, my manager can, if required gain access to the data by asking the administrator to reset the password. "David Candy" . wrote in message ... Admins can take ownership of any file. File permissions won't help. Admins can reset the user's password and login and access encrypted files. -- -------------------------------------------------------------------------------------------------- http://webdiary.smh.com.au/archives/...nt/001075.html ================================================= "Brian Cryer" wrote in message ... "Robin Tucker" wrote in message ... Hi, I would like to be able to log access to my folders from the network. That is, I want to know when an administrator has accessed my drive. I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit permission. How can I achieve this? Thanks, Robin. Robin, I don't think you can log access to folders. I've certainly not come across a way to do it. In terms of preventing administrators or any others from accessing your folders, there are a few options: 1. Use file permissions. Using windows explorer, right click the folder you want to protect, select properties. Then on the "Security" tab you have control over who has permissions to view, edit, etc on the folder. To stop system administrators I think you will need to revoke access to "Administrators". But review each of the permissions because I think the logic is to grant access to someone if they have access via any of the accounts/groups listed. You will also need to consider permissions on the files themselves. If you can't view or change the security permissions then its likely that the system administrators have locked this out - after all, fiddling with the file permissions in say the windows folder and you could break your system. 2. Encrypt your files. If you have your disk formatted NTFS then you can encrypt files (file properties general Advanced), but if you encrypt a file then I think that only you can read it - which isn't any good if you need to share the file with anyone else. Hope this helps, Brian. www.cryer.co.uk/brian |
#11
|
|||
|
|||
What's the point of this. It's exactly the same as if you don't do =
anything (you'll kmow if they access it). Talk to your admins, this is = admins area of professional expertise. And unlike silly girls out of = their depths they'll consider lots of other factors incl data recovery. --=20 -------------------------------------------------------------------------= ------------------------- http://webdiary.smh.com.au/archives/...nt/001075.html =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D "Robin Tucker" wrote in message = ... =20 Yes indeed they can. But a reset password will give me some = indication that=20 this has been done. =20 Note: I am not seeking to make sure this information *cannot ever be = access=20 by any administrator at any time*, I am merely wanting such = information to=20 be accessed with my or my managers permission in such circumstances as = this=20 may be neccessary. With this method, my manager can, if required gain = access to the data by asking the administrator to reset the password. =20 =20 =20 "David Candy" . wrote in message=20 ... Admins can take ownership of any file. File permissions won't help. = Admins=20 can reset the user's password and login and access encrypted files. =20 --=20 = -------------------------------------------------------------------------= ------------------------- http://webdiary.smh.com.au/archives/...nt/001075.html = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D "Brian Cryer" wrote in message=20 ... "Robin Tucker" wrote in message ... Hi, I would like to be able to log access to my folders from the = network. That is, I want to know when an administrator has accessed my drive. = I have private/confidential information on my PC and do not want administrators to be able to access it, unless I give explicit=20 permission. How can I achieve this? Thanks, Robin. Robin, I don't think you can log access to folders. I've certainly not come=20 across a way to do it. In terms of preventing administrators or any others from accessing = your folders, there are a few options: 1. Use file permissions. Using windows explorer, right click the = folder=20 you want to protect, select properties. Then on the "Security" tab you = have control over who has permissions to view, edit, etc on the folder. To = stop system administrators I think you will need to revoke access to "Administrators". But review each of the permissions because I think = the logic is to grant access to someone if they have access via any of = the accounts/groups listed. You will also need to consider permissions on = the files themselves. If you can't view or change the security = permissions=20 then its likely that the system administrators have locked this out - = after=20 all, fiddling with the file permissions in say the windows folder and you = could break your system. 2. Encrypt your files. If you have your disk formatted NTFS then you = can encrypt files (file properties general Advanced), but if you = encrypt a file then I think that only you can read it - which isn't any good if = you need to share the file with anyone else. Hope this helps, Brian. www.cryer.co.uk/brian =20 =20 |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
can't access networked computers - with authorisation | ashecorven | Windows XP Help and Support | 7 | August 25th 05 04:02 PM |
Set XP User Accounts to prevent access to certain programs | maluchic86 | General XP issues or comments | 1 | March 18th 05 08:12 PM |
Unidentifiable Programs Attempting Internet Access | cwadss | Networking and the Internet with Windows XP | 1 | March 10th 05 05:16 PM |
Host Computer with ICS cannot be accessed | Kass | Networking and the Internet with Windows XP | 21 | October 29th 04 08:52 PM |
Unable to access internet with MSIE | L Yearwood | Windows XP Help and Support | 1 | October 6th 04 06:01 PM |