My company uses a single server to host 3 virtual servers. This post probably sounds like it should be in the servers board, but I believe my question could apply to any standard Windows system. Anyway, the 'virtual' servers data and OS are all stored on a drive on the host machine. Unfortuantely, you can right click this drive, choose 'format,' and wipe out all the company data in about 2 seconds. This would be the same for any secondary hard drive on any PC, so long as it doesn't contain the OS for the machine you are logged on to. In our case, this happened and required a painful recovery from backup. I don't want it to happen again. How can some safeguard be put into place to not allow formatting of this one drive (or at least not making it so easy)?


Recommended Answers

All 4 Replies

Is the drive on the server a shared drive on each of the client computers? I have a home network setup like that, Windows 8 on one computer that shares a folder with other Windows 7 computers. When I'm on Windows 7 computer right click the shared drive I do not see an option to format the drive.

If yours is set up differently then I'd suggest you check the permissions for logged in users -- they should not have full control of the server computer.

the 'virtual' servers data and OS are all stored on a drive on the host machine

The way to address this is by ensuring that you have the proper rights and permissions configured on this server so that you only allow those individuals responsible for this system to log in and have control.

Take a look to see what accounts are created on this host computer, check their group memberships. Remove, disable any accounts that should not have access.

If this drive that is hosting the VM files is not the same drive as the one hosting the operating sysetm for the host computer, make sure that the proper permissions are in place at the drive (NTFS Security). Be careful to only review and not make any changes to permissions on the file system without knowing exactly what you are doing.

The problem wasn't irresponsible users. The issue is there is another backup drive attached to the host which is formatted daily. When the "Computer" window is open, you have the backup drive to be formatted right alongside the VHD drive which should never be formatted. In this case, the user simply accidentally right-clicked the wrong drive and formatted. I'm trying to put some kind of a lock or at least extra step on that drive before formatting can happen. Older Apple computers used to have a password that had to be entered before accessing / modifying a drive. Can't something similar be applied here?

Yes, i understand its not about irrespondibility. Permissions ensure that unintended mishaps are caught as well.

What you can do is create a login (not as an administrator) for this user and only provide the user with access to this target drive. In addition, you may consider creating a script of some sort that already has the logic to format the target drive and you have the user run this script so that there is no error in which drive is formatted.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.