[unisog] File protection in a Windows Environment

Rob Whalen rwhalen at stmarys-ca.edu
Fri Dec 9 22:51:48 GMT 2005


jkerr at business.buffalo.edu wrote:

> Rob
>
>   That is one of the options we are considering, except that would 
> include either giving the Microsoft recovery key to a technical staff 
> member who would then have access, or the customers being the only 
> ones with a key which might cause complications if there is a system 
> problem and the customer is unavailable.  In the end that is probably 
> the kinds of alternatives we are left with, but wanted to see if 
> others are handling it differently, or if there are any "best 
> practices" in place.
>
>  
>
> Thanks
>
> Joe
>
>  
>
>  
>
> ------------------------------------------------------------------------
>
> *From:* unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] *On Behalf Of *Rob Whalen
> *Sent:* Tuesday, December 06, 2005 2:29 PM
> *To:* UNIversity Security Operations Group
> *Subject:* Re: [unisog] File protection in a Windows Environment
>
>  
>
> jkerr at business.buffalo.edu <mailto:jkerr at business.buffalo.edu> wrote:
>
> Hi
>
>   We are evaluating solutions for protecting the confidentiality of 
> electronic files / documents.  Our Employee Relations area is 
> concerned about making sure that no one can view their files, 
> including technical staff.  We are a "Microsoft shop" both on the 
> desktop and servers.
>
>   Are there any recommendations for a solution?  How do you handle 
> this or similar situations?
>
> Thanks
> Joe Kerr
> University at Buffalo
>
>
>
> 
>
>
>
>------------------------------------------------------------------------
>
>
> 
>
>_______________________________________________
>
>unisog mailing list
>
>unisog at lists.sans.org <mailto:unisog at lists.sans.org>
>
>http://www.dshield.org/mailman/listinfo/unisog
>
>  
>
> Joe,
> This is a simple one. Just encrypt the HR shared folder and only give 
> the password to the appropriate personnel.
> Rob
>
>------------------------------------------------------------------------
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>  
>
Joe,
Having the folder encrypted allows techs to work on the box without 
being able to see the sensitive data. As the Dir of Tech there I never 
had the encryption key- only the CFO and Accounting Mgr had access to 
the password and the safe. I could work away on the CFO's box or the 
server where the data was stored with full admin rights, and he would 
not have to wory about me seeing personnel info.
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20051209/0deb88db/attachment-0001.htm


More information about the unisog mailing list