The ultimate solution for company data loss…

No Comments

Or your money back!

Sounds like a pitch for snake oil medicines. ๐Ÿ˜€

Tonight I opened my company mail and I found a curious memo about a new guideline about backing up data on company owned machines. The first though that entered my mind was “WTF, another roadblock for doing backups?”

Reading the memo, it made some sense if you apply some common sense. And then I tried reading it from a “Security Expert slash Manager extraordinaire” perspective who follows everything by the book and then my world shrunk by a magnitude of ten. The phrasing combined with current practices is enough to give me the shivers if I think about embarking in a simple task of performing backups.

In line with the companyโ€™s commitment to protecting client data, effective immediately we are implementing the following process for backing up data on company-owned machines (desktops or laptops):

You may not back up any sensitive data residing on a company-owned computer (Laptop or Desktop) without permission of the IT Support team and obtaining a signed form. Only encrypted back ups are allowed, including copying files to flash media or CD.

Not bad eh? Not until you read that you need a very high approver before you can even think of performing a backup. If you need an analogy then think of the company as ruled by a god and you need the approval of the high priests. That approval is now on top of soaking one’s self in gasoline, rolling in live coals, and dancing a cha-cha number on top of broken blades and glasses.

To top it all, the last sentence was like adding insult to injury:

Further details will be released this week, as the IT Support team mobilizes to handle this task.

Yeah, I am brimming with confidence that the over-worked and ticket-closing trigger happy support team is able to take on this new task while spreading cheer and world peace. I am saying goodbye to backups then. I think it is easier to just slaughter some chicken and offer it to my anito to protect the company data that I am working on from sudden glitches and electronic crashes.


Access denied for local Windows Admin User

No Comments

My Windows XP installation is acting up again. For some reason I cannot pinpoint directories will change permission and it locks me out with an “Access Denied” permission. The problem is that I am logged in as a local administrator (hey, its Windows so its the only way to really work while in it ๐Ÿ˜› ) and following the maxim “Computer Security stops with full physical access” then everything should be available to me. First reaction would be to check and modify the file security properties but since I don’t have “access” then the Security tab will not show in the properties window of the file.

Normally I would note the directory down somewhere in the desk, wait finishing my current work, and then reboot to Linux and access the files. Linux allows me to bypass the NTFS access control list so I can take out the files and move/copy them to a new location before deleting the old location. I run a chkdsk next time I boot into Windows to reset the index and have a semblance of sanity in the drive.

Today this can’t be my route as it locked a directory containing some files that I need for the current document I am working on. Rebooting to Linux to bail out Windows is not an option so I searched a way on how to circumvent this, and now I have two (well technically one with a backup).


CACLS is the built-in command line utility for modifying file access control lists in Windows. Invoking the help file (cacls /?)presents a pretty concise and helpful help message. To give my user account full access to the misbehaving directory and all the files inside, the command is

cacls [path to directory to be change] /T /G Erin:F

where /T specifies that all contents of the directory will be modified and the last switch tells the utility to give user name Erin full access.

If the cacls command still fails for your admin user, then try using the SYSTEM user as that generally have more privileges than the administrator users. You basically need to execute the same CACLS command under that privilege but the “runas” command will not work as you will need the SYSTEM password. You will have to trick the machine into opening the doors for you [insert devil grin here]. Not really, I was talking about the Scheduler trick that is only accessible to Administrators and some special user groups.


HH and MM is to be replaced with the time + one or two minutes from the current system time (use 24H format for the hours). This will trigger the task scheduler to open a command prompt at the set time which uses the SYSTEM account. You can try the cacls modification from the resulting prompt.

And if all else fails, there is always Linux. ๐Ÿ˜€