I have a Windows Server 2012 machine where I have created a VHD disk that is stored on my Desktop. That disk is encrypted by Bitlocker. However when I mount the disk and enter the encryption password, other users (Administrators) can also access the files on it. Is there a way to prevent other users (even Administrators) from accessing that drive?
Asked
Active
Viewed 1,220 times
2 Answers
2
As a general rule, any attempt at preventing administrators from being administrators is a waste of time. Administrators, by definition, have unrestricted access to the machine and the devices connected to it.
However, you could perhaps hypothetically encrypt the files and folders on the drive and require another password that only you know. That way, the contents of the drive are still encrypted, even after you have un-locked the drive vis a vis Bitlocker.
But again, this approach is specious at best, since you wouldn't be able to use something like EFS, since EFS is dependent on your Windows or AD username and password, and any administrator on the same machine is easily capable of stealing your Windows or AD username and password by inspecting lsass process memory or installing a keylogger.
So... no.
Ryan Ries
- 55,481
- 10
- 142
- 199
1
No, users with full administrative permissions always have full access to all system resources. This is true for Windows as it is for every other OS I can think of.
With regards to other non-administrative users, just set permissions appropriately on the mounted volume and access will not be possible.
EEAA
- 109,363
- 18
- 175
- 245