Secure Office Files on Servers
GarrettD78
be locked down a little better than they are right now. Currently they are in
a file folder with security where he is the only one with write and modify
access and then there are others with read-only access. The only problem we
have found is that if those read only users open one of the spreadsheets on
their computer then they have the ability to save a local copy to their
computer. I need to stop that ability. Does anyone have any ideas on how to
stop this?
Shenan Stanley
Take away their rights.
If I can see it on my computer screen and I have pretty good control of my
system - I can get all of the data out of that document in one form or
another.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
Karl Levinson, mvp
Windows, MS Office, Linux or any other software. If you can read something,
you can copy it.
The closest thing that might permit something like this is DRM, Digital
Rights Management. Microsoft has a solution to do this that plugs into
Office you might look into, but I'm not sure how cheap or simple that will
or won't be.
"GarrettD78" <Garre...@discussions.microsoft.com> wrote in message
news:1AE1400C-4759-4D9D...@microsoft.com...
GarrettD78
Roger Abell [MVP]
even with DRM in use, there is still the old screen capture.
"Karl Levinson, mvp" <levin...@despammed.com> wrote in message
news:uPNmLKH$FHA....@TK2MSFTNGP10.phx.gbl...
Paul Adare
microsoft.public.security news group, Roger Abell [MVP]
<mvpN...@asu.edu> says...
> And, to prove what Karl has said about "if you can read . . . "
> even with DRM in use, there is still the old screen capture.
And to clarify here, the solution here is not Digital Rights Management
but rather Information Rights Management. In the Microsoft world, DRM
refers to protection and licensing of multimedia files, IRM refers to
the protection, based on policy, of data files and email.
The Microsoft solution is Windows Rights Management Services and will
solve the exact issue that the OP was asking about.
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
Roger is correct in stating that this is not complete protection, but
RMS is really intended to enforce policy and it does that fairly well.
--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
Amjad Zogby
I agree with most that has been said. Currently the only way to do this
is implement Windows Rights Management, this only makes the problem of
taking information harder, not impossible.
I think the person who invents a scheme where information stealing gets
impossible will make a LOT of money.
Some ideas:
1. Disable printscreen button using group policy
2. Purchase photo-proof monitors, where a black/white image is displayed
when the screen is photographed, they don't exist (yet) :)
3. Implement RMS
4. Implement corporate policy where users are informed that if stealing
corporate data will send them to court, send them to jail and make them
the shame of their family their community and their country. This really
works, people get scared.
The rest goes without saying: hire people you trust, implement
continuous staff training, continuous memos stating the corporate
security policy, implement auditing etc etc
Security is a tough business, and some challenges are not all possible
to solve yet.
I hope this helps.
Rgds
Paul Adare
microsoft.public.security news group, Amjad Zogby <azo...@gmail.com>
says...
> 1. Disable printscreen button using group policy
>
RMS already does this, however, screen capture programs that use kernel
mode video hooks will still be able to capture protected content.