Windows 8 and 8.1 Forums


Windows 8x File Security – 3 fundamental questions

Page 1 of 2 12 LastLast
  1. #1
    Win8fait's Avatar

    Member

    Join Date : Sep 2013
    Santa Monica, CA
    Posts : 100
    Win 8.1
    us california

    Windows 8x File Security – 3 fundamental questions


    So an administrator of a Windows 8.1 machine has access to everything-but-everything; and I think I understand the purpose of the three tier user types:

    - Built-in Administrator (elevated - hidden by default)
    - Admin-User (not elevated – default Windows account)
    - Standard-User (no admin rights – best for day-to-day use)

    However, what I do not understand at all is why/when/how this security architecture affects files outside of the User-&-MyDocuments secured domain – particularly older files from an XP environment on an external drive.

    When I connect said older external drive, and move files around here and there, occasionally I'll be challenged as Admin-User. (wut?...) All I have to do is hit [Enter] and I'm moving right along. ???

    1.) How does having to hit [Enter] without satisfying a password challenge increase file security for an external drive?

    2.) Is there any chance I'm “hosing up” a perfectly fine old archive of files by somehow shuffling in file-level security, or directory-level security (or any-level security) on an external NTFS drive?

    3.) What *is* the security at the User-&-MyDocuments level? If a machine BSODs, and I have no choice but to boot from say a Linux live-DVD and try to USB out some recent data before I reinstall Windows 8.1 – in THEORY – everything in, say, C:\Archive (and external X:\Archive), is totally free and clear of Windows access security; regardless of who created/copied/moved it. Only MyDocuments directories are protected. Right?

    UBCD is old-school – but with UEFI, and who knows what else in Windows 8.1 - what is the best USB/DVD/CD emergency boot method [name and version number please] to get [presumably] encrypted data out of MyDocuments? I'm not going to want to “fix” anything OS so I don't need a heafty toolbox. If a machine hoses I'll reinstall from scratch. I just want to be sure to be able to get my data out. (<In my best dramatic pose> “My intellectual assets.”)

    I'll gladly make a boot drive/disc using just Windows too. I have a Lenovo tower with the OEM partition (and access to a Yoga with same - so that begs the question if tablets require different methods - I expect not, but better to ask) - and I also have the 32-bit and 64-bit install discs (copies.)

    Q.#3 then = What's the A, B, C's to create [.."best"] bootable drive/disc for 8x?


    Thank you for your time.

    (Edit: Mistake - I don't have the Windows 8 install discs. I only have Windows 7 (32&64) install discs. The latter may or may not be useful for a 8x boot disc.)
    Last edited by Win8fait; 04 Dec 2013 at 03:48 PM.


      My System SpecsSystem Spec

  2. #2
    oneeyed's Avatar

    Member

    Join Date : Nov 2013
    Posts : 308
    Windows 8.1 (x64)


    Well starting by the end, there are lots of Live-CD solutions existing (List of live CDs - Wikipedia, the free encyclopedia), most based on linux. Are they able to access encrypted data ? I doubt it, but it probably depends on the encrypting software used.

    Your best bet though is to use Microsoft's own solution : Windows PE (Windows Preinstallation Environment - Wikipedia, the free encyclopedia). You can download it via windows ADK : Download Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 from Official Microsoft Download Centre, it's a large download (1.7 GB+)... It's essentially a small windows 8 OS, you can include your own drivers/software. This will be compatible with whatever the full OS is (UEFI, GPT, etc...)

    About the permissions on NTFS external drives : AFAIK users are only permitted Read/Execute on those. If you try to write/delete from an admin account with UAC on, it will indeed show you a warning (with UAC, an admin has user privileges most of the time). You already provided your credentials at login, so windows assume you're who you say you are and doesn't ask for a password. Try under a limited user account and see the difference...

    It's perfectly fine to change these permissions on an external drives Feel free to give Users full access control if you feel like it. However I'd advise not messing up your NTFS permissions on your OS drive, the defaults are perfectly fine, assigning wrong permissions could brick your pc.
      My System SpecsSystem Spec

  3. #3
    Win8fait's Avatar

    Member

    Join Date : Sep 2013
    Santa Monica, CA
    Posts : 100
    Win 8.1
    us california


    Thank you. Nice links/info, as always.

    I had a heck of a time downloading it, but I finally got the PE component of ADK installed, and I was able to make a PE USB drive and boot from it. (Oh yeah!)

    And I was able to dust off my DOS skills and “cd” and “md” and from c:\users\JohnDoe - “copy *.* /s x:\data\*.*

    Well... the “/s” subdirectory thing didn't work. I think back in my DOS 5.0 days I had a tool that would make that subdirectory toggle happen somehow. That and a little app called nuke.exe so you didn't have to go in and manually remove all the subdirectories... Those halcyon days of yore.

    Anyway – it didn't work. I mean, I was able to manually copy the data from user's Documents directories from a DOS prompt (or whatever we're to call it now) – and from a couple of Windows 8.1 machines – and confirm the data was copied to the USB (mounted as X:\) – but after – when booting normal and looking at the F:\ USB flash drive, all I see are a bunch of language directories and not my X:\Data directory. It all has to be encased somehow within one of the files I can see, I suppose. Anyway, I'm not able to “get” the data I manually copied over.

    So close, but yet so far...

    And my whole premise was that when you login your Documents directory was somehow “encrypted”. So much for that false sense of security. With this PE bootable USB I'm able to get at all the data with no password challenge.

    OR – maybe that's why I still can't see it? Maybe it is encrypted, and I need to get into that USB with the password somehow.

    I have no idea.

    It's a good thing I went through this though:

    1.) My UEFI (..BIOS 2.0) wasn't setup correctly. I was not booting securely.

    2.) I realized that on this UEFI Windows 8.1 machine, I'm able to boot to a Linux Live DVD, but having done so, I'm NOT able to mount the C:\ - so that avenue to recover data would not have worked under fire.

    Or maybe ... if I set the UEFI back to NOT booting securly, the Linux DVD will boot the C:\.

    This is painful. I need a beer.

    3.) Even with this PE-fortified USB, I'm still not able to VIEW the data I pulled off the machine(s).

    I need to solve this. (So I can stick my little PE drive in a box and think to myself, “No matter what happens, I've got that bootable USB thing taken care of.”)

    (..I take my preferred First-World problem pill: a 4-finger Lagavulin - Bodum Pavina 12 oz. double-wall glass - ROCK hard ice.)
      My System SpecsSystem Spec

  4. #4
    Tepid's Avatar

    Vapor

    Join Date : Jun 2010
    Posts : 835
    Win 8.1 Pro
    USA


    Quote Originally Posted by Win8fait View Post
    Thank you. Nice links/info, as always.

    I had a heck of a time downloading it, but I finally got the PE component of ADK installed, and I was able to make a PE USB drive and boot from it. (Oh yeah!)

    And I was able to dust off my DOS skills and “cd” and “md” and from c:\users\JohnDoe - “copy *.* /s x:\data\*.*

    Well... the “/s” subdirectory thing didn't work. I think back in my DOS 5.0 days I had a tool that would make that subdirectory toggle happen somehow. That and a little app called nuke.exe so you didn't have to go in and manually remove all the subdirectories... Those halcyon days of yore.

    Anyway – it didn't work. I mean, I was able to manually copy the data from user's Documents directories from a DOS prompt (or whatever we're to call it now) – and from a couple of Windows 8.1 machines – and confirm the data was copied to the USB (mounted as X:\) – but after – when booting normal and looking at the F:\ USB flash drive, all I see are a bunch of language directories and not my X:\Data directory. It all has to be encased somehow within one of the files I can see, I suppose. Anyway, I'm not able to “get” the data I manually copied over.

    So close, but yet so far...

    And my whole premise was that when you login your Documents directory was somehow “encrypted”. So much for that false sense of security. With this PE bootable USB I'm able to get at all the data with no password challenge.

    OR – maybe that's why I still can't see it? Maybe it is encrypted, and I need to get into that USB with the password somehow.

    I have no idea.

    It's a good thing I went through this though:

    1.) My UEFI (..BIOS 2.0) wasn't setup correctly. I was not booting securely.

    2.) I realized that on this UEFI Windows 8.1 machine, I'm able to boot to a Linux Live DVD, but having done so, I'm NOT able to mount the C:\ - so that avenue to recover data would not have worked under fire.

    Or maybe ... if I set the UEFI back to NOT booting securly, the Linux DVD will boot the C:\.

    This is painful. I need a beer.

    3.) Even with this PE-fortified USB, I'm still not able to VIEW the data I pulled off the machine(s).

    I need to solve this. (So I can stick my little PE drive in a box and think to myself, “No matter what happens, I've got that bootable USB thing taken care of.”)

    (..I take my preferred First-World problem pill: a 4-finger Lagavulin - Bodum Pavina 12 oz. double-wall glass - ROCK hard ice.)
    First thing you need to do is read up on NTFS security
    this can not be answered in a few posts, it's not overly complicated, but can get confusing.

    nothing on a windows pc is encrypted by default, especially Documents
    Second, My Documents does not exist any longer, it's just Documents
    Any link references to My Documents are Symbolic Links, or Junction Points
    Again, there is a lot of data out there about that as well.

    As for a recovery disk or Live USB Recovery, their is a ton of info and threads in this forum

    All the info is around here but you will have to read a lot and search
    This stuff can't be answered in a couple of posts.

    Search the key words, WinPe, Symbolic Links and Junction Points, and NTFS Security

    Note: XP is dead, don't think or treat Windows 8 as XP, they are nit the same.
    Much is similar, but there is a lot of difference.
      My System SpecsSystem Spec

  5. #5
    Win8fait's Avatar

    Member

    Join Date : Sep 2013
    Santa Monica, CA
    Posts : 100
    Win 8.1
    us california


    I'll believe everything you say if you tell me what that scary Avatar is first.

    (..and how the heck do I find the data files on my PE F:\ USB?)
      My System SpecsSystem Spec

  6. #6
    Tepid's Avatar

    Vapor

    Join Date : Jun 2010
    Posts : 835
    Win 8.1 Pro
    USA


    That is a Vamo v3 E-Cig Battery Mod
    Variable Voltage or Variable Wattage with Ohm Reader

    Vamo Variable Volt/Watt APV V3.0 Kit - High Desert Vapes

    I am getting a Provari Mini for Christmas

    ProVari Mini Titanium White Variable Voltage Electronic Cigarette

    as for finding the files, it depends on exactly where you saved them.
    try searching for a file name you remember.
      My System SpecsSystem Spec

  7. #7
    Win8fait's Avatar

    Member

    Join Date : Sep 2013
    Santa Monica, CA
    Posts : 100
    Win 8.1
    us california


    I'm able to confirm the files have been copied to the PE USB, but then after the session they are erased.

    I see now when I re-boot to the drive a second time, it's a clean virtual X:\ mount WITHOUT the data I copied in the first session. Bummer.


    ...so.

    How do I get user data off my hypothetically-Windows-failed machine?

    WinPE - fail (confirmed copied files mysteriously disappear)
    Linux Live DVD - fail (can't mount the C:\)

    ?
      My System SpecsSystem Spec

  8. #8
    Tepid's Avatar

    Vapor

    Join Date : Jun 2010
    Posts : 835
    Win 8.1 Pro
    USA


    it's not a fail.

    it's by design
    the x drive is a virtual drive
    you need to save the data else where

    there are more than enough threads here and all over the net on how to use WinPE
      My System SpecsSystem Spec

  9. #9



    Member

    Join Date : Apr 2013
    Posts : 409
    Windows 7
    Canada ca saskatchewan


    A Linux live CD cannot access encrypted files. The need to protect sensitive files from access by similar methods was one of the reasons why encryption was developed.

    A limitation of file level security is that the protection only exists when the files are accessed by a file system that understands the security system. As long as you are accessing files from within Windows the system works well. But a Linux live CD knows nothing of NTFS security so it grants full read access to everyone. Or the hard drive can be removed from the computer and attached to another where a user has admin rights. He can then assign himself any file permissions desired and do anything he wishes, regardless of the original NTFS permissions. That is an inherent right of an admin user.

    Encryption works differently. File contents are scrambled using an encryption key that is a part of the users account. Without knowledge of that key and the details of how to use it the encrypted files remain a scrambled mess. For the same reasons that a Linux live CD knows nothing of NTFS security it also knows nothing of encryption keys or how to use them. Attaching the drive to another computer doesn't work either. Without knowledge of the file owners login credentials a hacker has no way of accessing the encryption keys in a usable form. Even an admin user cannot see the password of another user.
      My System SpecsSystem Spec

  10. #10
    Win8fait's Avatar

    Member

    Join Date : Sep 2013
    Santa Monica, CA
    Posts : 100
    Win 8.1
    us california


    Quote Originally Posted by Tepid View Post
    there are more than enough threads here and all over the net on how to use WinPE
    Right. So many that you're not able to link just one that would solve the problem...

    I'm half convinced nobody here knows. Not really.

    If I knew, I would be able to resolve this entire thread soundly in 250 words or less.

    ...

    I have not installed encryption; other than whatever vanilla Windows 8.1 brings to the table native. (No Pro, so no Bitlocker, and no Trucrypt. Etc.)

    I ASSUMED Windows encrypted the \users subdirectories (if you created a password anyway.) It seemed to me that is how one would protect your \users files from other's who login to the same machine.

    Is that the case? Apparently not. And if not, we can take “encryption” off the table – because that seems to be confusing and derailing everyone off the point. (Through no fault of my own I hasten to add.. OPs are generally supposed to be stupid. ; )

    So … no encryption. Off the roster. No longer talkin' about encryption.

    How do you boot to a USB/DVD and copy c:\archive\*.* - as well as c:\users\JohnDoe\Documents\*.* to your F:\ USB drive on a Windows 8.1 UEFI secure boot machine?

    PE – great idea – how do you get files off the #*%^@ computer?
    Linux Mint 15 Cinnamon – love it how do you mount the C:\?

    Any solution will due. Whatever's cleaver.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
Windows 8x File Security – 3 fundamental questions
Similar Threads
Thread Forum
Router Security Questions... Network & Sharing
some questions about trust port internet security 2013 Software and Apps
Some security questions System Security
Ballmer to Microsoft shareholders: 'a fundamental shift [is] underway Windows 8 News
File Structure and new security System Security
Eight Forums Android App Eight Forums IOS App Follow us on Facebook

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23