Prevent program from getting stolen with Windows permissions

Posted on

QUESTION :

I’ll be sharing a dedicated Windows 2008 R2 server with another person. I will have admin rights and admin an account. The other person will only have a “normal” account and no admin rights.

I have a program, which is my intellectual property (it will be installed in my admin account) and I don’t want it to be stolen by the other user under any circumstances.

If I just deny any permissions for this program to any non-admin user in Windows rights management, will that be enough to make sure that the other user will not be able make a copy of my program from his non-admin account? Or are there ways to get around Windows rights management and steal the program anyway?

EDIT: the server is a remote server and neither me nor the other user have local access to the HD.

ANSWER :

If I was your other user and tasked with circumventing your security, assuming I had local access to the system I’d use any of useful offline admin reset bootable CD’s to gain your administrative privs.

If your application was encrypted with EFS either by the local system or yourself and granting your or the other system account EFS access to your file ensuring your application run times are functional, such as a web app you’d also grant IUsr EFS access an any other supporting system accounts.

Then, give his account EFS access but reset his password w/o a formal change, that will revoke his EFS key and even if he comes in offline with a recovery booter or mounts the drive as data he’ll at best only delete the files but won’t open them even with a LINUX LiVE CD.

He can still use Arne Vidstrom’s EFS and other EFS recovery tools used to parse formatted drives for EFS keys.

Leave a Reply

Your email address will not be published.