What set of access permissions on content in USB HDDs will ensure portability in Windows?

views:

answers:

What set of access permissions on content in USB HDDs will ensure portability in Windows?

I have content on a portable HDD that is to be shared between 2 or more computers, but none of the computers are connected to a domain (none exists). I want to give permissions to the content in such a way that the permissions remain the same across all my computers, irrespective of which computer I connect the HDD to and irrespective of which user account was used to set the permissions.

For example, I want the built-in Administrators group (SID: S-1-5-32-544) to have Full Control of a file on the portable HDD, irrespective of the computer it is connected to (I am aware this constitutes a big security hole, but so long as the drive doesn't get stolen, I am ok with it. Anyway, once an attacker has physical access to a drive, all bets are off.).

Problem I am trying to solve is this: I connect the HDD to computer1, set all permissions, disconnect. Then I connect the HDD to computer2, and suddenly the permissions aren't right for the user on this computer since the SIDs are different (both in terms of permissions and ownership of content).

The permission scheme you choose for your HDD depends on the filesystem you've formatted the drive with. Different filesystems specify permissions differently and have to be treated separately.

Ryan 2009-04-17 03:34:42

I know. Made the mistake of thinking that specifying "Windows" equated to saying "NTFS", but of course it doesn't. NTFS is the filesystem.

markvgti 2009-04-17 04:38:14

+1 A:

If you want the Administrators group to have full control, just set it that way. In Windows XP Pro or some other system that gives you a Security tab in Properties, use it. In the drive's security properties, add Administrators (if it's not already there), and in the privileges for Administrators give full control and enable all inheritance. You just have to set that on one machine and then other NT-based Windows PCs will obey the settings.

If you can't find one Pro system to use for that setting, then you'll have to learn the cacls command line. Fortunately you still just have to do it once. Oops. You'll have to do it n times where the first (n-1) times are various mistakes, but you just have to get it right once.

Windows programmer 2009-04-17 03:51:05

Using Vista and yes, have used the icacls (cacls for XP/Server 2003) command before--definitely has a learning curve. I think I will settle for permissions for built-in Administrators group and for Everyone.

markvgti 2009-04-17 04:34:25

Why are you using permissions at all? If someone gets the drive then they have access. Instead, just use something like truecrypt to protect everything, and give everyone permissions to everything in the truecrypt volume.

Zoredache 2009-04-17 03:59:46

I am not looking for security with this solution, just access control. Don't want unsophisticated users (family friends etc.) messing up my precious content. So they get view rights only.Am already using TrueCrypt for securing content that needs to be secure.

markvgti 2009-04-17 04:39:42

ansaurus

tags:

views:

answers:

What set of access permissions on content in USB HDDs will ensure portability in Windows?

related questions