Is it possible to block access to some files/folders from outside of a Windows account?
e.g. if I boot the PC with a Linux live-USB, I can access all the files within the NTFS partitions and I'd like to avoid that
Add a comment
|
1 Answer
Encryption. The only way.
macOS can be told to ignore permissions on any volume it is not booted from, making it trivial to read data from it.
After comments
I had originally claimed all OSes can do this, but after multiple comments below I'm not sure if they can. There appears to be some debate as to whether this is possible on any other OS.
However, give me any boot or data drive & I can read it, so long as I mount it to another machine. I've been doing it for more years than I can remember. I exclusively use a Mac to analyse & fix various drives from other OSes & never once had any difficulty so long as they're not encrypted.
There's just a checkbox to switch off permissions.
I use the Mac to do this for several reasons, one is that simple checkbox, the other is the simplicity of fixing/cloning/rescuing non-Mac drives compared to doing it under native conditions or from command-line 'live' unix rescue solutions.
A simple example with 2 volumes mounted on a Mac. One is a direct clone of the other, though not absolutely up to date so they are not literally identical. Both are bootable volumes, of course. The one on the left is the current boot volume, the other merely mounted as any other internal drive.
The non-boot volume has a simple switch to ignore permissions, giving me unlimited access, unfettered by any restriction applied while it is the boot volume. Note the permissions are already slightly different, as the OS itself does not claim to 'own' the filesystem on the clone. If I swap which drive I'm booted from, these permissions will swap one to the other, as will the 'ignore ownership' flag.
-
"No OS respects permissions applied to a non-boot drive" is demonstrably wrong: If I boot my Linux PC, later plug in an extX-formated USB-drive (obviously a "non-boot drive") permissions there are enforced. I do agree on crypto being the only reliable way though. Commented Jan 1, 2021 at 13:19
-
Give me any boot drive & I can read it, so long as I mount it to another machine. I've been doing it for more years than I can remember. i exclusively use a Mac to analyse & fix various drives from other OSes & never once had any difficulty so long as they're not encrypted. There's just a checkbox to switch off permissions.– TetsujinCommented Jan 1, 2021 at 13:25
-
1@Tetsujin befored you edited your answer it was reading
No OS respects permissions applied to a non-boot drivethis is ofcourse horribly wrong. All I did was make this clear. Commented Jan 1, 2021 at 14:55 -
1I’m afraid Eugen is right here: Both Windows and Linux will absolutely enforce permissions/ACLs anywhere. The problem stems from the fact that I can become root/Administrator easily on an OS I control, enabling me to override/ignore/change those permissions.– Daniel BCommented Jan 1, 2021 at 14:55
-
1In my experience, it's also trivial to ignore any and all access restrictions on a non-boot drive using Linux or Windows. The fact that those OS's can be set to act otherwise is irrelevant to what the Question is about. Commented Jan 1, 2021 at 18:35