Click here to get back home

Prevent Copying
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Prevent Copying GW 07-06-2006
---> Re: Prevent Copying Brian Lich [MSF...07-06-2006
Posted by GW on July 6, 2006, 8:28 am
Please log in for more thread options
 Hello,

I am trying to find a solution for the following scenario.

I have my data stored on a Windows 2003 strd server. I am concerned that
users who are about to leave the company can just copy sensitive data to any
device and will be able to use it at a competitor.
I would still like to use offline files on notebooks to access the files. I
dont want to disable the use of removable media.

Is it possible to use a certificate to encrypt the files based on the
location they are stored, i.e.: opened from the server = ok , Opened from a
Cdrom = bad?

I am not too worried about being able to use offline files, but it would be
nice.

Thanks for all the pointers and suggestions.
Graham

_________________
remove _SPAM-=_=-NO_ to reply to me direct.



Posted by Steven L Umbach on July 6, 2006, 12:23 pm
Please log in for more thread options
 If those users need access to those file there is not much you can do other
than look at using Microsoft Digital Rights Management which is not
something that is simple to set up and needs a SQL server, PKI, and
compatible applications. If you have malicious users that want to steal data
they most likely would have already done that long before they gave their
notice of leaving or they may simply stay employed for the sole reason of
stealing your data. Even DRM can not prevent determined users who could
simply write down information by hand or take digital photos of the display
monitor. -- Steve



> Hello,
>
> I am trying to find a solution for the following scenario.
>
> I have my data stored on a Windows 2003 strd server. I am concerned that
> users who are about to leave the company can just copy sensitive data to
> any device and will be able to use it at a competitor.
> I would still like to use offline files on notebooks to access the files.
> I dont want to disable the use of removable media.
>
> Is it possible to use a certificate to encrypt the files based on the
> location they are stored, i.e.: opened from the server = ok , Opened from
> a Cdrom = bad?
>
> I am not too worried about being able to use offline files, but it would
> be nice.
>
> Thanks for all the pointers and suggestions.
> Graham
>
> _________________
> remove _SPAM-=_=-NO_ to reply to me direct.
>



Posted by Brian Lich [MSFT] on July 6, 2006, 7:12 pm
Please log in for more thread options
Steve,

Are you referring to Windows Rights Management Services? The infrastructure
requirements are pretty large (SQL server, IIS, Active Directory), but you
aren't required to have a PKI implementation.

RMS can be found at http://www.microsoft.com/rms or the
microsoft.public.rights_mgmt_svcs newsgroup.

You're right though -- it won't prevent a digital camera in front of the
screen. :)

--
Brian Lich
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.



> If those users need access to those file there is not much you can do
> other than look at using Microsoft Digital Rights Management which is not
> something that is simple to set up and needs a SQL server, PKI, and
> compatible applications. If you have malicious users that want to steal
> data they most likely would have already done that long before they gave
> their notice of leaving or they may simply stay employed for the sole
> reason of stealing your data. Even DRM can not prevent determined users
> who could simply write down information by hand or take digital photos of
> the display monitor. -- Steve
>
>
>
>> Hello,
>>
>> I am trying to find a solution for the following scenario.
>>
>> I have my data stored on a Windows 2003 strd server. I am concerned that
>> users who are about to leave the company can just copy sensitive data to
>> any device and will be able to use it at a competitor.
>> I would still like to use offline files on notebooks to access the files.
>> I dont want to disable the use of removable media.
>>
>> Is it possible to use a certificate to encrypt the files based on the
>> location they are stored, i.e.: opened from the server = ok , Opened from
>> a Cdrom = bad?
>>
>> I am not too worried about being able to use offline files, but it would
>> be nice.
>>
>> Thanks for all the pointers and suggestions.
>> Graham
>>
>> _________________
>> remove _SPAM-=_=-NO_ to reply to me direct.
>>
>
>



Posted by Steven L Umbach on July 6, 2006, 8:53 pm
Please log in for more thread options
Yes you are right. I was referring to Windows Rights Management Services.
Thanks for correcting me. I know it is not something that is trivial to
implement. --- Steve


> Steve,
>
> Are you referring to Windows Rights Management Services? The
> infrastructure requirements are pretty large (SQL server, IIS, Active
> Directory), but you aren't required to have a PKI implementation.
>
> RMS can be found at http://www.microsoft.com/rms or the
> microsoft.public.rights_mgmt_svcs newsgroup.
>
> You're right though -- it won't prevent a digital camera in front of the
> screen. :)
>
> --
> Brian Lich
> Microsoft Corporation
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>> If those users need access to those file there is not much you can do
>> other than look at using Microsoft Digital Rights Management which is not
>> something that is simple to set up and needs a SQL server, PKI, and
>> compatible applications. If you have malicious users that want to steal
>> data they most likely would have already done that long before they gave
>> their notice of leaving or they may simply stay employed for the sole
>> reason of stealing your data. Even DRM can not prevent determined users
>> who could simply write down information by hand or take digital photos of
>> the display monitor. -- Steve
>>
>>
>>
>>> Hello,
>>>
>>> I am trying to find a solution for the following scenario.
>>>
>>> I have my data stored on a Windows 2003 strd server. I am concerned that
>>> users who are about to leave the company can just copy sensitive data to
>>> any device and will be able to use it at a competitor.
>>> I would still like to use offline files on notebooks to access the
>>> files. I dont want to disable the use of removable media.
>>>
>>> Is it possible to use a certificate to encrypt the files based on the
>>> location they are stored, i.e.: opened from the server = ok , Opened
>>> from a Cdrom = bad?
>>>
>>> I am not too worried about being able to use offline files, but it would
>>> be nice.
>>>
>>> Thanks for all the pointers and suggestions.
>>> Graham
>>>
>>> _________________
>>> remove _SPAM-=_=-NO_ to reply to me direct.
>>>
>>
>>
>
>



Similar ThreadsPosted
Prevent copying October 6, 2006, 4:50 pm
prevent copying of files August 17, 2006, 5:16 am
Automatic files copying July 8, 2005, 8:58 am
Re: Copying Local Account Permissions May 9, 2008, 6:50 am
Re: Copying Local Account Permissions May 9, 2008, 2:39 pm
Security Right question when copying or moving files September 11, 2006, 2:02 pm
copying local user accounts from one win2k server to another November 4, 2005, 8:38 am
Very slow performance copying encrypted files to a network share. October 27, 2006, 6:01 pm
How to prevent exploits June 23, 2007, 8:26 am
prevent cd-writer use September 18, 2007, 3:37 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap