Master file system security in Windows

In this sample chapter from Securing Windows Server 2003, you can learn how to avoid common mistakes and take advantage of best practices for securing the Windows file system using NTFS file permissions and the Encrypting File System (EFS).

In the opening of Chapter 4 of Securing Windows Server 2003, author Mike Danseglio explains, "The use of long-term computer data storage, whose benefits are numerous, raises special security consideration for the system administrator: how do you protect data so that only the intended user has access while ensuring some level of recoverability over time? In this chapter, you'll learn how to use file permissions and EFS—the two main file protection mechanisms provided by Windows Server 2003—to control user access to files. You'll see how to use these mechanisms appropriately and how they are often misconfigured in ways that prevent desired access. You'll also learn how to plan for a number of special security concerns specific to the use of portable computers. These plans may include Syskey, a special tool for protecting the account database, which I show you how to use properly."

Also in this chapter, which you can download here for free, Danseglio provides in-depth information, including full explanations of how the features work, best practices, common mistakes, configuration tips, and several usage examples.

Title: Securing Windows Server 2003
ISBN: 0596006853
Published: November 2004
Author: Mike Danseglio
Chapter: Chapter 4: File System Security
Publisher: O'Reilly