I wanted to share this interesting Windows 2000 hack with you. Before you shout me off the list for suggesting such a thing, I need to say that I find this procedure to be very useful for securely sharing files between Windows 2000 and Linux on my dual boot machine, and that aside from that I cannot find any other useful reason for this trick.
This hack is a method of securing a FAT partition behind NTFS security in Windows 2000. Little-known to most people, Windows 2000 has a feature that allows one to mount a volume in a folder, similar to the way we mount filesystems under Linux. To make use of this feature, follow the following steps. 1. Boot into Windows 2000. If your computer already has Windows 2000, you're fine you do not need to reboot before starting this. Be sure you are logged in as a system administrator. 2. Find an appropriate place on the directory tree of one of your NTFS partitions to mount the FAT partition. Keep in mind that Windows 2000 does not allow you to actually assign permissions to the mountpoint - you will assign the protection permissions to the directory above the mountpoint. Therefore, instead of setting up a mountpoint like c:\mount\my_fat_drive, set up a mountpoint like c:\mount\my_fat_drive\actual_mount . Also, keep in mind that Windows doesn't let you mount anything in a folder on a FAT partition - you must use an NTFS partition. 3. Create all of the directories needed to reach the mountpoint, including the acutal directory where you plan to mount the drive - the mounting feature of Windows 2000 works like Linux mountpoints: the mount replaces an existing folder. In my example, you would need to create the folders c:\mount\, c:\mount\my_fat_drive\,and c:\mount\my_fat_drive\actual_mount. 4. Go to the Computer Management administration tool. This tool can be found by opening up the Control Panels folder, double-clicking the Administrative Tools folder, and double clicking Computer Management. In the left pane of this window, go to Disk Management. 5. Right-click on the graphical representation of the partition you want, and choose an optiont that is similar to "Assign Drive Letters" 6. Remove all drive letters from the box (drive letters can't be secured) and add the folder that you have designated for the mountpoint (in this case c:\mount\my_fat_drive\actual_mount ). Alternatively, if you dislike the graphical tool, you can use the windows mountvol command from the commandline instead of performing steps 4 thru 6. Information about the mountvol command can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winxppro/proddocs/mountvol.asp 7. Assign permissions to the directory above the mount point (in this case c:\mount\my_fat_drive\ ). Anybody that has no access whatsoever to this directory will have no access to the mountpoint it contains. Anyone to whom you give full control over this directory will have full control over the FAT partition (note that he still can't unmount the partition). I haven't tested what happens if you give a user read-only access to the directory. I am uncertain as to whether or not he will have read-write access to the FAT partition. 8. Reboot the computer. The mountpoint appears immediately when you finish assigning the mountpoint, but the drive letter won't go away until you reboot the computer. I used this on my computer to create a read-write documents folder that was inaccessible to anybody else who uses my system (which should be nobody, but nonetheless). I mounted my fat partition on linux using the uid, gid, and umask (I used umask=077) options to assign permissions to linux users to access the partition. Please note that anybody who boots your computer off a windows boot disk or off a bootable linux CD (like demolinux) can still mount your fat partition and get read/write access. The simple fact here, however, is that if somebody has a bootable linux CD, they can get read/write access to every file on your ext2, ext3, or resierfs partitions, so you need to make sure you have a physical security policy in place anyway to prevent this from happening. I thought I'd share this with all of you so that if anybody finds it useful, they know about it. I am not sure which versions of XP this works on, as I do not have XP to test it on. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
