Sunday 16 Apr 2023

Protected Backup Folder

Image copyright

I used a folder on my attached mass storage hard drive to store backups. The program that creates the backups runs so as administrator. So it makes sense to me not to allow other users to access this folder. I change the permissions on the folder to only allow administrators. The account I use is a standard user, only elevating my user privilege to complete administrative tasks.

Users have read and list privileges, and administrators have read and write.

Go to Folder Properties, select security tab and click Advanced.

Click Disable inheritance.

Choose Remove all inherited permissions …

Now you have a clear box.

Add Administrators as full control,
then add users as read.

Click Add button
Choose Select principal

Type Administrators and click Check Names

Ensure the admin permissions are as follows:

Do the same for users. However ensure users have these permissions:

Your box should look like this.

Assuming ransomware has not escalated to administrator privileges then your backup folder should be safe. For this to work, I am running as a standard users, and only up my privileges for recognised requests. This does assume I have a backup on another device just in case this folder is comprimised.