Solved Windows 8x File Security – 3 fundamental questions

Win8fait

New Member
Member
Messages
102
Location
Santa Monica, CA
So an administrator of a Windows 8.1 machine has access to everything-but-everything; and I think I understand the purpose of the three tier user types:

- Built-in Administrator (elevated - hidden by default)
- Admin-User (not elevated – default Windows account)
- Standard-User (no admin rights – best for day-to-day use)

However, what I do not understand at all is why/when/how this security architecture affects files outside of the User-&-MyDocuments secured domain – particularly older files from an XP environment on an external drive.

When I connect said older external drive, and move files around here and there, occasionally I'll be challenged as Admin-User. (wut?...) All I have to do is hit [Enter] and I'm moving right along. ???

1.) How does having to hit [Enter] without satisfying a password challenge increase file security for an external drive?

2.) Is there any chance I'm “hosing up” a perfectly fine old archive of files by somehow shuffling in file-level security, or directory-level security (or any-level security) on an external NTFS drive?

3.) What *is* the security at the User-&-MyDocuments level? If a machine BSODs, and I have no choice but to boot from say a Linux live-DVD and try to USB out some recent data before I reinstall Windows 8.1 – in THEORY – everything in, say, C:\Archive (and external X:\Archive), is totally free and clear of Windows access security; regardless of who created/copied/moved it. Only MyDocuments directories are protected. Right?

UBCD is old-school – but with UEFI, and who knows what else in Windows 8.1 - what is the best USB/DVD/CD emergency boot method [name and version number please] to get [presumably] encrypted data out of MyDocuments? I'm not going to want to “fix” anything OS so I don't need a heafty toolbox. If a machine hoses I'll reinstall from scratch. I just want to be sure to be able to get my data out. (<In my best dramatic pose> “My intellectual assets.”)

I'll gladly make a boot drive/disc using just Windows too. I have a Lenovo tower with the OEM partition (and access to a Yoga with same - so that begs the question if tablets require different methods - I expect not, but better to ask) - and I also have the 32-bit and 64-bit install discs (copies.)

Q.#3 then = What's the A, B, C's to create [.."best"] bootable drive/disc for 8x?


Thank you for your time.

(Edit: Mistake - I don't have the Windows 8 install discs. I only have Windows 7 (32&64) install discs. The latter may or may not be useful for a 8x boot disc.)
 
Last edited:

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
Well starting by the end, there are lots of Live-CD solutions existing (List of live CDs - Wikipedia, the free encyclopedia), most based on linux. Are they able to access encrypted data ? I doubt it, but it probably depends on the encrypting software used.

Your best bet though is to use Microsoft's own solution : Windows PE (Windows Preinstallation Environment - Wikipedia, the free encyclopedia). You can download it via windows ADK : Download Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 from Official Microsoft Download Centre, it's a large download (1.7 GB+)... It's essentially a small windows 8 OS, you can include your own drivers/software. This will be compatible with whatever the full OS is (UEFI, GPT, etc...)

About the permissions on NTFS external drives : AFAIK users are only permitted Read/Execute on those. If you try to write/delete from an admin account with UAC on, it will indeed show you a warning (with UAC, an admin has user privileges most of the time). You already provided your credentials at login, so windows assume you're who you say you are and doesn't ask for a password. Try under a limited user account and see the difference...

It's perfectly fine to change these permissions on an external drives Feel free to give Users full access control if you feel like it. However I'd advise not messing up your NTFS permissions on your OS drive, the defaults are perfectly fine, assigning wrong permissions could brick your pc.
 

My Computer

System One

  • OS
    Windows 8.1 (x64)
    Computer type
    PC/Desktop
Thank you. Nice links/info, as always.

I had a heck of a time downloading it, but I finally got the PE component of ADK installed, and I was able to make a PE USB drive and boot from it. (Oh yeah!)

And I was able to dust off my DOS skills and “cd” and “md” and from c:\users\JohnDoe - “copy *.* /s x:\data\*.*

Well... the “/s” subdirectory thing didn't work. I think back in my DOS 5.0 days I had a tool that would make that subdirectory toggle happen somehow. That and a little app called nuke.exe so you didn't have to go in and manually remove all the subdirectories... Those halcyon days of yore.

Anyway – it didn't work. I mean, I was able to manually copy the data from user's Documents directories from a DOS prompt (or whatever we're to call it now) – and from a couple of Windows 8.1 machines – and confirm the data was copied to the USB (mounted as X:\) – but after – when booting normal and looking at the F:\ USB flash drive, all I see are a bunch of language directories and not my X:\Data directory. It all has to be encased somehow within one of the files I can see, I suppose. Anyway, I'm not able to “get” the data I manually copied over.

So close, but yet so far...

And my whole premise was that when you login your Documents directory was somehow “encrypted”. So much for that false sense of security. With this PE bootable USB I'm able to get at all the data with no password challenge.

OR – maybe that's why I still can't see it? Maybe it is encrypted, and I need to get into that USB with the password somehow.

I have no idea.

It's a good thing I went through this though:

1.) My UEFI (..BIOS 2.0) wasn't setup correctly. I was not booting securely.

2.) I realized that on this UEFI Windows 8.1 machine, I'm able to boot to a Linux Live DVD, but having done so, I'm NOT able to mount the C:\ - so that avenue to recover data would not have worked under fire.

Or maybe ... if I set the UEFI back to NOT booting securly, the Linux DVD will boot the C:\.

This is painful. I need a beer.

3.) Even with this PE-fortified USB, I'm still not able to VIEW the data I pulled off the machine(s).

I need to solve this. (So I can stick my little PE drive in a box and think to myself, “No matter what happens, I've got that bootable USB thing taken care of.”)

(..I take my preferred First-World problem pill: a 4-finger Lagavulin - Bodum Pavina 12 oz. double-wall glass - ROCK hard ice.)
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
Thank you. Nice links/info, as always.

I had a heck of a time downloading it, but I finally got the PE component of ADK installed, and I was able to make a PE USB drive and boot from it. (Oh yeah!)

And I was able to dust off my DOS skills and “cd” and “md” and from c:\users\JohnDoe - “copy *.* /s x:\data\*.*

Well... the “/s” subdirectory thing didn't work. I think back in my DOS 5.0 days I had a tool that would make that subdirectory toggle happen somehow. That and a little app called nuke.exe so you didn't have to go in and manually remove all the subdirectories... Those halcyon days of yore.

Anyway – it didn't work. I mean, I was able to manually copy the data from user's Documents directories from a DOS prompt (or whatever we're to call it now) – and from a couple of Windows 8.1 machines – and confirm the data was copied to the USB (mounted as X:\) – but after – when booting normal and looking at the F:\ USB flash drive, all I see are a bunch of language directories and not my X:\Data directory. It all has to be encased somehow within one of the files I can see, I suppose. Anyway, I'm not able to “get” the data I manually copied over.

So close, but yet so far...

And my whole premise was that when you login your Documents directory was somehow “encrypted”. So much for that false sense of security. With this PE bootable USB I'm able to get at all the data with no password challenge.

OR – maybe that's why I still can't see it? Maybe it is encrypted, and I need to get into that USB with the password somehow.

I have no idea.

It's a good thing I went through this though:

1.) My UEFI (..BIOS 2.0) wasn't setup correctly. I was not booting securely.

2.) I realized that on this UEFI Windows 8.1 machine, I'm able to boot to a Linux Live DVD, but having done so, I'm NOT able to mount the C:\ - so that avenue to recover data would not have worked under fire.

Or maybe ... if I set the UEFI back to NOT booting securly, the Linux DVD will boot the C:\.

This is painful. I need a beer.

3.) Even with this PE-fortified USB, I'm still not able to VIEW the data I pulled off the machine(s).

I need to solve this. (So I can stick my little PE drive in a box and think to myself, “No matter what happens, I've got that bootable USB thing taken care of.”)

(..I take my preferred First-World problem pill: a 4-finger Lagavulin - Bodum Pavina 12 oz. double-wall glass - ROCK hard ice.)

First thing you need to do is read up on NTFS security
this can not be answered in a few posts, it's not overly complicated, but can get confusing.

nothing on a windows pc is encrypted by default, especially Documents
Second, My Documents does not exist any longer, it's just Documents
Any link references to My Documents are Symbolic Links, or Junction Points
Again, there is a lot of data out there about that as well.

As for a recovery disk or Live USB Recovery, their is a ton of info and threads in this forum

All the info is around here but you will have to read a lot and search
This stuff can't be answered in a couple of posts.

Search the key words, WinPe, Symbolic Links and Junction Points, and NTFS Security

Note: XP is dead, don't think or treat Win8 as XP, they are nit the same.
Much is similar, but there is a lot of difference.
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self Built
    CPU
    I7-3770K
    Motherboard
    ASUS SABERTOOTH Z77
    Memory
    CORSAIR 8GB 2X4 D3 1866
    Graphics Card(s)
    EVGA GTX680 4GB
    Monitor(s) Displays
    ASUS 24" LED VG248QE
    Hard Drives
    SAMSUNG E 256GB SSD 840 PRO -
    SAMSUNG E 120GB SSD840 -
    SEAGATE 1TB PIPELINE
    PSU
    CORSAIR GS800
    Case
    CORSAIR 600T
    Cooling
    CORSAIR HYDRO H100I LIQUID COOLER
    Keyboard
    THERMALTA CHALLENGER ULT GAME-KYBRD
    Mouse
    RAZER DEATHADDER GAME MS BLK-ED
    Antivirus
    Windows Defender
    Other Info
    APC 1000VA -
    LGELECOEM LG 14X SATA BD BURNER -
    CORSAIR SP120 Fans x 3 -
    NZXT 5.25 USB3 BAY CARD READER -
    HAUPPAUGE COLOSSUS
I'll believe everything you say if you tell me what that scary Avatar is first.

(..and how the heck do I find the data files on my PE F:\ USB?)
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self Built
    CPU
    I7-3770K
    Motherboard
    ASUS SABERTOOTH Z77
    Memory
    CORSAIR 8GB 2X4 D3 1866
    Graphics Card(s)
    EVGA GTX680 4GB
    Monitor(s) Displays
    ASUS 24" LED VG248QE
    Hard Drives
    SAMSUNG E 256GB SSD 840 PRO -
    SAMSUNG E 120GB SSD840 -
    SEAGATE 1TB PIPELINE
    PSU
    CORSAIR GS800
    Case
    CORSAIR 600T
    Cooling
    CORSAIR HYDRO H100I LIQUID COOLER
    Keyboard
    THERMALTA CHALLENGER ULT GAME-KYBRD
    Mouse
    RAZER DEATHADDER GAME MS BLK-ED
    Antivirus
    Windows Defender
    Other Info
    APC 1000VA -
    LGELECOEM LG 14X SATA BD BURNER -
    CORSAIR SP120 Fans x 3 -
    NZXT 5.25 USB3 BAY CARD READER -
    HAUPPAUGE COLOSSUS
I'm able to confirm the files have been copied to the PE USB, but then after the session they are erased.

I see now when I re-boot to the drive a second time, it's a clean virtual X:\ mount WITHOUT the data I copied in the first session. Bummer.


...so.

How do I get user data off my hypothetically-Windows-failed machine?

WinPE - fail (confirmed copied files mysteriously disappear)
Linux Live DVD - fail (can't mount the C:\)

?
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
it's not a fail.

it's by design
the x drive is a virtual drive
you need to save the data else where

there are more than enough threads here and all over the net on how to use WinPE
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self Built
    CPU
    I7-3770K
    Motherboard
    ASUS SABERTOOTH Z77
    Memory
    CORSAIR 8GB 2X4 D3 1866
    Graphics Card(s)
    EVGA GTX680 4GB
    Monitor(s) Displays
    ASUS 24" LED VG248QE
    Hard Drives
    SAMSUNG E 256GB SSD 840 PRO -
    SAMSUNG E 120GB SSD840 -
    SEAGATE 1TB PIPELINE
    PSU
    CORSAIR GS800
    Case
    CORSAIR 600T
    Cooling
    CORSAIR HYDRO H100I LIQUID COOLER
    Keyboard
    THERMALTA CHALLENGER ULT GAME-KYBRD
    Mouse
    RAZER DEATHADDER GAME MS BLK-ED
    Antivirus
    Windows Defender
    Other Info
    APC 1000VA -
    LGELECOEM LG 14X SATA BD BURNER -
    CORSAIR SP120 Fans x 3 -
    NZXT 5.25 USB3 BAY CARD READER -
    HAUPPAUGE COLOSSUS
A Linux live CD cannot access encrypted files. The need to protect sensitive files from access by similar methods was one of the reasons why encryption was developed.

A limitation of file level security is that the protection only exists when the files are accessed by a file system that understands the security system. As long as you are accessing files from within Windows the system works well. But a Linux live CD knows nothing of NTFS security so it grants full read access to everyone. Or the hard drive can be removed from the computer and attached to another where a user has admin rights. He can then assign himself any file permissions desired and do anything he wishes, regardless of the original NTFS permissions. That is an inherent right of an admin user.

Encryption works differently. File contents are scrambled using an encryption key that is a part of the users account. Without knowledge of that key and the details of how to use it the encrypted files remain a scrambled mess. For the same reasons that a Linux live CD knows nothing of NTFS security it also knows nothing of encryption keys or how to use them. Attaching the drive to another computer doesn't work either. Without knowledge of the file owners login credentials a hacker has no way of accessing the encryption keys in a usable form. Even an admin user cannot see the password of another user.
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    PC/Desktop
there are more than enough threads here and all over the net on how to use WinPE
Right. So many that you're not able to link just one that would solve the problem...

I'm half convinced nobody here knows. Not really.

If I knew, I would be able to resolve this entire thread soundly in 250 words or less.

...

I have not installed encryption; other than whatever vanilla Windows 8.1 brings to the table native. (No Pro, so no Bitlocker, and no Trucrypt. Etc.)

I ASSUMED Windows encrypted the \users subdirectories (if you created a password anyway.) It seemed to me that is how one would protect your \users files from other's who login to the same machine.

Is that the case? Apparently not. And if not, we can take “encryption” off the table – because that seems to be confusing and derailing everyone off the point. (Through no fault of my own I hasten to add.. OPs are generally supposed to be stupid. ; )

So … no encryption. Off the roster. No longer talkin' about encryption.

How do you boot to a USB/DVD and copy c:\archive\*.* - as well as c:\users\JohnDoe\Documents\*.* to your F:\ USB drive on a Windows 8.1 UEFI secure boot machine?

PE – great idea – how do you get files off the #*%^@ computer?
Linux Mint 15 Cinnamon – love it how do you mount the C:\?

Any solution will due. Whatever's cleaver.
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
Now see, that is a damn good idea. (..thinking outside the box?)

Within 5min of reading your post I was in my car driving towards Best Buy.


All they had was a Blac X Thermaltake. It looks exactly the same but costs $38.12.

But it didn't work. I took my machine apart and plopped the HDD in the caddy and powered on, and can hear the drive spool up, but the USB isn't recognized by any of my other machines. I look online and everyone seems to be having the same problem with that devise. More problems to deal with.

Now I have to return that and I still don't have non-OS access to my files.

A Confederacy of Dunces I tell you. "Oh, Fortuna, you capricious sprite!"

 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
Okay, I solved it.

WinPE USB boots to a virtual drive X:\.

But there is
also an E:\ drive that is mounted. You can make a data directory on E:\ - then copy your data over to that. If you copy to the virtual X:\ it just disappears with the session.

The Steps:

- Per oneeyed, download and install the PE component of the Windows ADK - Download Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 from Official Microsoft Download Centre

- Follow these instructions - Windows PE USB: Install Windows PE to a USB drive

1.) Winkey, "Deployment and Imaging Tools Environment"

2.) Create a working copy of the Windows PE files. Specify either x86, amd64, or arm. In my case it's:
"copype amd64 C:\WinPE_amd64"

3.) Install Windows PE to the USB, specifying the correct drive letter.
"MakeWinPEMedia /UFD C:\WinPE_amd64 F:"

(Note: USB should be 1 to 4GB. The WinPE image is Fat32 so can't use more than 4GB.)

Reboot and use F12 (may be different for other manufacturers) to access the boot devise menu and select the USB. This will take you to an X:\ prompt.

- "cd e:" (to change directory to e. Or try "d", or "f" - depending on your machine and the drives it mounts.)

- "md data" (make a directory called data - or whatever you want to call it.)

- "copy c:\users\JohnDoe\Documents\*.* e:\data\*.*"

Using of course the actual user name(s). You'll see the files copied.




Done!
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
Back
Top