Security of `My Documents' on D partition

Discussion in 'other security issues & news' started by buckshee, Jul 25, 2011.

Thread Status:
Not open for further replies.
  1. buckshee

    buckshee Registered Member

    Joined:
    Apr 11, 2006
    Posts:
    134
    My primary drive is partioned as a C and D partitions. Windows 7 is installed on C as usual and after install I wenrt in to the properties of the My Documents folder and through it moved the My Documents folder to the D partition. I did the same with My Videos etc.
    Windows 7 is password protected through the normal login. My question is.. How secure is the My Documents data on the D drive (partition).. Is it protected by the OS login effectively enough or is it less protected than it would be on the C drive
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Typically when you install the OS, every file/directory it creates is known about and rights are applied.

    When you create directories, they might inherit rights from thier parent or grand parent directories, if the setting is told to do so.

    If you create a root level directory (ie. c:\mydir) these are the normal rights AFAIK
    Admin group - apply to all items
    System - apply to all items
    Users - apply to all items
    Authenticated Users - subdirs and files only
    Authenticated Users - This dir only

    On a data drive, like d: you would have
    Admins group - apply to all items
    System - apply to all items
    Creator/owner - subdirs and files only
    Users - read/execute - all items
    Users - create folders/append - this folder and subfolders
    Users -special- subdirs only
    Everyone - this folder only

    The integrity level will be at Medium because it is not explicit.

    Objects/containers created by the user might be owned by the user, giving them full rights. If owned by admins, then you have to look at the top levels to see who has what rights, and what inheritance levels they will propagate to children/grandchildren.

    What I typically see is that Users are limited, but the limitations don't really imply much. They can read and execute in any custom directory, they can create/append in all directories, and some special rights (write) to this subfolder only. But it is the inheritance that plays the role. You would generally have to create your own restrictions on anything in a directory not put in place during initial install.

    I have never checked to see what rights might follow when you do what you have done. When I do this, it is generally to redirect the mydocs stuff to a NAS box, which is not using NTFS but a linux FS, I think ext3 or 4.

    Sul.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    With proper security permissions, they'll be safe within your Windows OS, but not others when your's is off. The location doesn't change that.
     
Loading...
Thread Status:
Not open for further replies.