USB HDD 中内容的哪组访问权限可以确保 Windows 中的可移植性?
我的便携式硬盘上有要在两台或多台计算机之间共享的内容,但没有一台计算机连接到域(不存在)。 我希望以这样的方式授予内容权限:无论我将 HDD 连接到哪台计算机,也无论使用哪个用户帐户来设置权限,权限在所有计算机上都保持相同。
例如,我希望内置管理员组(SID:S-1-5-32-544)能够完全控制便携式硬盘上的文件,无论它连接到哪台计算机(我知道这构成这是一个很大的安全漏洞,但只要驱动器不被盗,我就可以接受,一旦攻击者物理访问驱动器,所有的赌注都会消失。)
我试图解决的问题是这样的:我将硬盘连接到computer1,设置所有权限,断开连接。 然后我将 HDD 连接到 computer2,突然权限不适用于该计算机上的用户,因为 SID 不同(在权限和内容所有权方面)。
I have content on a portable HDD that is to be shared between 2 or more computers, but none of the computers are connected to a domain (none exists). I want to give permissions to the content in such a way that the permissions remain the same across all my computers, irrespective of which computer I connect the HDD to and irrespective of which user account was used to set the permissions.
For example, I want the built-in Administrators group (SID: S-1-5-32-544) to have Full Control of a file on the portable HDD, irrespective of the computer it is connected to (I am aware this constitutes a big security hole, but so long as the drive doesn't get stolen, I am ok with it. Anyway, once an attacker has physical access to a drive, all bets are off.).
Problem I am trying to solve is this: I connect the HDD to computer1, set all permissions, disconnect. Then I connect the HDD to computer2, and suddenly the permissions aren't right for the user on this computer since the SIDs are different (both in terms of permissions and ownership of content).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果您希望管理员组具有完全控制权,只需这样设置即可。 在 Windows XP Pro 或其他在“属性”中提供“安全”选项卡的系统中,请使用它。 在驱动器的安全属性中,添加管理员(如果尚不存在),并在管理员权限中提供完全控制并启用所有继承。 您只需在一台计算机上进行设置,然后其他基于 NT 的 Windows PC 就会遵循该设置。
如果您找不到用于该设置的 Pro 系统,那么您必须学习 cacls 命令行。 幸运的是,您仍然只需要做一次。 哎呀。 你必须做 n 次,其中前 (n-1) 次是各种错误,但你只需要做对一次。
If you want the Administrators group to have full control, just set it that way. In Windows XP Pro or some other system that gives you a Security tab in Properties, use it. In the drive's security properties, add Administrators (if it's not already there), and in the privileges for Administrators give full control and enable all inheritance. You just have to set that on one machine and then other NT-based Windows PCs will obey the settings.
If you can't find one Pro system to use for that setting, then you'll have to learn the cacls command line. Fortunately you still just have to do it once. Oops. You'll have to do it n times where the first (n-1) times are various mistakes, but you just have to get it right once.
您为 HDD 选择的权限方案取决于您格式化驱动器所使用的文件系统。 不同的文件系统指定的权限不同,必须单独处理。
The permission scheme you choose for your HDD depends on the filesystem you've formatted the drive with. Different filesystems specify permissions differently and have to be treated separately.
你为什么要使用权限? 如果有人获得了驱动器,那么他们就可以访问。 相反,只需使用 truecrypt 之类的东西来保护所有内容,并授予每个人对 truecrypt 卷中所有内容的权限。
Why are you using permissions at all? If someone gets the drive then they have access. Instead, just use something like truecrypt to protect everything, and give everyone permissions to everything in the truecrypt volume.