Announcement

Collapse
No announcement yet.

Permissions do not deny access on a USB/Firewire drive

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Permissions do not deny access on a USB/Firewire drive

    I copy files and folders from a Server 2008 computer onto a blank NTFS formatted Lacie firewire drive. I use Robocopy to do the actual copying.

    In the folder structure on the firewire drive, I can examine the permissions and they are exactly the same on the firwire drive as they are on the server, which is great. I ensured that the permissions are copied across by using the /copyall switch in Robocopy.

    I then unplug the drive from the server an attach it by a usb cable to an end user's XP Pro box on the domain. The end user cannot browse to certain folders on the 2008 server as expected, but he can browse thorugh all the folders on the Lacie drive even though I can see that the permissions on those folders should not allow him any access.

    How can I ensure that when the Lacie drive is physically in the posession of end users, they are subjected to the same permission restrictions as I would expect them to have, that were copied from the server?

    I'm always referring to NTFS permissions here, not share permissions which are irrelevant.
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

  • #2
    Re: Permissions do not deny access on a USB/Firewire drive

    You can't. If they're a local admin they can just take ownership and then change the permissions.

    Comment


    • #3
      Re: Permissions do not deny access on a USB/Firewire drive

      Thank you. These end users are just browsing into folders they shouldn't be able to get to - they're not taking ownership at all (they don't know how to), so I am wondering why the permissions simply do not work at all when the USB drive is plugged in to an XP machine. It's as if the ACL doesn't work at all.
      Best wishes,
      PaulH.
      MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

      Comment


      • #4
        Re: Permissions do not deny access on a USB/Firewire drive

        Are you using well-known groups?

        Comment


        • #5
          Re: Permissions do not deny access on a USB/Firewire drive

          We are using a combination of the built in groups and a few security groups that I created.

          There is a folder, for example, called "Directors". Normal end users cannot browse into this folder when it is on the server because the only NTFS permissions on the Directors folder are:

          DomainName\Administrators=full control
          DomainName\Directors=Modify

          DomainName\Directors is a domain security group that I created and has a few members. A very simple setup.

          Normal end users can plug the USB disk into their PC and browse into the Directors folder even though when I examine the folder security on the USB drive it confirms that only Domain Admins and Directors have any access.

          I don't understand why permissions should just "not work at all" when the USB disk is plugged into an XP workstation. That's my problem!
          Best wishes,
          PaulH.
          MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

          Comment


          • #6
            Re: Permissions do not deny access on a USB/Firewire drive

            Try removing the built in groups. These use the same SID machine to machine.

            Comment


            • #7
              Re: Permissions do not deny access on a USB/Firewire drive

              Ok, good idea, will try and report back! Thanks.
              Best wishes,
              PaulH.
              MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

              Comment

              Working...
              X