Re: small office and branches setup

2012-12-03 Thread Angus Scott-Fleming 
On 28 Nov 2012 at 12:37, Matthew W. Ross  wrote:

> Cubby from Logmein is a new (beta) option: Free and unlimited if you don't 
> use their cloud storage. Just sync it between computers.
> 
> But I agree, Dropbox, Box.net or Skydrive (or, or, or...) all would be good
> inexpensive options for this. 

Just pair your cloud-drive-of-choice with BoxCryptor to secure the documents 
from nosy cloud admins and others who might want to read your 
data-in-the-cloud.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: FORMAT without admin

2012-12-03 Thread Ben Scott 
On Mon, Dec 3, 2012 at 12:20 PM, Christopher Bodnar
 wrote:
> I haven't tested this, but would granting the "Perform Volume maintenance 
> task" give them this right?

  It doesn't appear to, in my testing.  FORMAT still says "Access
denied".  I'd also be concerned that privilege
(SeManageVolumePrivilege) might grant ability to do things I don't
want the user (or malware in their account) to be able to do.  As is
typical for NT privileges, exactly what it does isn't very well
explained.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: FORMAT without admin

2012-12-03 Thread Ben Scott 
On Mon, Dec 3, 2012 at 12:14 PM, Matthew W. Ross
 wrote:
> I did a quick search, and I found this:
>
> http://blogx.co.uk/ViewItem.asp?Entry=794
>
> It alludes to a group policy that allows users to format electable media...

  Windows apparently doesn't consider USB flash drives "removable" (as
far as that policy goes, anyway).

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: FORMAT without admin

2012-12-03 Thread Christopher Bodnar 
I haven't tested this, but would granting the "Perform Volume maintenance 
task" give them this right? 




Christopher Bodnar 
Enterprise Architect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Ben Scott 
To: "NT System Admin Issues" 
Date:   12/03/2012 12:03 PM
Subject:FORMAT without admin



  Is there a way to grant a user the ability to format hard disks,
without granting them other permissions/privileges/rights/etc.?  In
particular, without Administrator rights?

  I want our Security dept people be able to format USB flash drives
(which are considered hard disks), without needing to grant them full
admin (even in a separate account).

  Under *nix, this is as easy as "chmod g+w /dev/hd*" or similar, but
Windows is rather more complicated.  There are things like the
\Device\Hardisk*\DR* names, which allegedly have security features
like ACLs, but I can't find anything useful about how to examine or
change said ACLs.

  XP Pro SP3 and/or Vista Biz SP1.  I'll take what I can get.

  Anyone got a clue they can spare me?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: FORMAT without admin

2012-12-03 Thread Matthew W. Ross 
I did a quick search, and I found this:

http://blogx.co.uk/ViewItem.asp?Entry=794

It alludes to a group policy that allows users to format electable media...

I hope that was the clue you were looking for!


--Matt Ross
Ephrata School District


- Original Message -
From: Ben Scott
[mailto:mailvor...@gmail.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 03 Dec 2012
09:01:56 -0800
Subject: FORMAT without admin


>   Is there a way to grant a user the ability to format hard disks,
> without granting them other permissions/privileges/rights/etc.?  In
> particular, without Administrator rights?
> 
>   I want our Security dept people be able to format USB flash drives
> (which are considered hard disks), without needing to grant them full
> admin (even in a separate account).
> 
>   Under *nix, this is as easy as "chmod g+w /dev/hd*" or similar, but
> Windows is rather more complicated.  There are things like the
> \Device\Hardisk*\DR* names, which allegedly have security features
> like ACLs, but I can't find anything useful about how to examine or
> change said ACLs.
> 
>   XP Pro SP3 and/or Vista Biz SP1.  I'll take what I can get.
> 
>   Anyone got a clue they can spare me?
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin