Sign in with
Sign up | Sign in
Your question

Change default drive of Documents & Settings

Last response: in Windows XP
Share
Anonymous
June 19, 2005 10:16:37 PM

Archived from groups: alt.security.pgp,microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

On laptops I want to place user folders inside a PGP encrypted container in
case the laptop is lost/stolen. That way customer data, reports, e-mail,
etc...won't be compromised. One way is to change where Windows stores user
information.

1) Is there a way to change the default drive on which the \Documents and
Settings folder resides?

2) Can I change the default drive of a single user's \Document and Settings
folder?

3) If I change the default drive and user Joe starts his laptop up and the
\joe user folder is within a PGP container and the container isn't opened at
boot time (ie. Joe forgets to enter his passphrase), will XP hang or what
will XP do?




----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Anonymous
June 19, 2005 11:46:25 PM

Archived from groups: alt.security.pgp,microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

Hi John,

Some resources to help you out:

How To Change the Default Location of User Profiles and Program Settings
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q322014

How to Change the Default Location of the My Documents Folder
http://support.microsoft.com/?id=310147

You may also want to explore the options of encrypting files using EFS which is supported under the
NTFS file system.

Encrypting File System overview
http://www.microsoft.com/resources/documentation/window...

How To Encrypt a Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308989

--

Anando
Microsoft MVP- Windows Shell/User
http://www.microsoft.com/mvp
http://www.mvps.org

In memory of Alex Nichol
http://www.microsoft.com/windowsxp/expertzone/meetexper...

Folder customizations
http://newdelhi.sancharnet.in/minku

Protect your PC!
http://www.microsoft.com/protect


"John Smith" <a@nonymous.com> wrote in message news:42b5f102$1_1@spool9-west.superfeed.net...
>
> On laptops I want to place user folders inside a PGP encrypted container in
> case the laptop is lost/stolen. That way customer data, reports, e-mail,
> etc...won't be compromised. One way is to change where Windows stores user
> information.
>
> 1) Is there a way to change the default drive on which the \Documents and
> Settings folder resides?
>
> 2) Can I change the default drive of a single user's \Document and Settings
> folder?
>
> 3) If I change the default drive and user Joe starts his laptop up and the
> \joe user folder is within a PGP container and the container isn't opened at
> boot time (ie. Joe forgets to enter his passphrase), will XP hang or what
> will XP do?
>
>
>
>
> ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
> http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
> ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Anonymous
June 20, 2005 4:00:46 PM

Archived from groups: alt.security.pgp,microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

"John Smith" <a@nonymous.com> wrote in message
news:42b5f102$1_1@spool9-west.superfeed.net...
>
> On laptops I want to place user folders inside a PGP encrypted container
> in
> case the laptop is lost/stolen. That way customer data, reports, e-mail,
> etc...won't be compromised. One way is to change where Windows stores
> user
> information.
>
> 1) Is there a way to change the default drive on which the \Documents and
> Settings folder resides?
>
> 2) Can I change the default drive of a single user's \Document and
> Settings
> folder?
>
> 3) If I change the default drive and user Joe starts his laptop up and the
> \joe user folder is within a PGP container and the container isn't opened
> at
> boot time (ie. Joe forgets to enter his passphrase), will XP hang or what
> will XP do?
>

Microsoft has a knowledge base article which seems to suggest that one can
move the documents and settings folder to a different partition by first
copying it there, then modifying every registry entry that references the
path to instead reflect the new path. THIS DOES NOT WORK. Trust me, I have
spent days trying to fight with such a thing, and it simply won't do it. I
always would end up with it recreating the old paths and files or portions
of them and then nothing would work right without having TWO copies of the
stupid thing scattered about. It was a total nightmare.

The only way I have found to do this is to specify the desired path in a
special installation script file, and run an unattended or automated
installation of the oeprating system. Typically I do this with Windows 2000
and haven't tinkered much with Windows XP on the matter. However, I expect
the instructions would be quite similar. You can (on 2000 at least) create a
setup script or "answer" file on a floppy called "winnt.sif". Sometimes this
is called "unattend.txt" but it won't work on a floppy without the winnt.sif
name. I think it can be called using a command line parameter of the setup
program executable though.

Basically this is a file that answers all of the stupid questions that the
windows setup program asks, so you can let the install run on its own while
you walk away and do something else. (It won't hang up on tons of boxes that
require you to push "next" every few minutes for little purpose other than
to waste your time.) There are a lot of settings you can pass to the setup
program which aren't available in the setup gui. For example, I made one
onetime that tells the setup program to simply not ask for a product ID key
in Windows 2000 setup. You can specify the product ID inside the answer
file, but I instead discovered you can omit this and simply instruct the
program to never ask for it at all. So, you can get a perfectly functioning
windows installation without any product ID, valid or invalid. (Not that I
don't have a valid license, it's just that I am annoyed by having to find it
and enter the stupid number.)

To use the answer file in the most easy manner boot from the install CD with
the winnt.sif answer file on a floppy in the diskette drive. It will rumble
the floppy drive briefly at boot time to check if such a script exists. It
may take quite a bit of tinkering to get this to work properly, because if
it doesn't like part of your script it won't bother to tell you. It'll just
go ahead and install Windows, waste an hour or two of your time, and then
dump you with an installation that ignored your slight error and put the
documents and settings folder at the default C:\ location anyway.

I always run my system with the hard drive split into C:\ and D:\ partitions
(or sometimes seperate drives). I put the documents and settings folder on
the D:\ drive. A word of caution to you though... This partition has to be
formatted and accessible prior to running windows setup. The setup program
will allow you to partition the drive and format it from the blue screen
text mode portion at the beginning of setup. However, it will only allow you
to format the partition that windows is going to be installed to. If the
answer file directs it to put the documents and settings folder in a
different partition, it will simply expect that partition to be working
before it starts. It'll probably go through the motions and think that it is
creating a documents and settings folder, only for windows to crash upon its
initial boot time for failure to read any of those files that never got
copied correctly from a drive not being formatted.

You bring up an interesting question -- I highly doubt that the PGP
encription of the disk volume would work with the documents and settings
folder. If so, you would either need to have the encryption software loaded
into memory prior to running windows setup, or install windows in an
unencrypted form and later encrypt the disk afterwards. You would have to
encrypt it while windows is not running, and have software to enable access
to those files prior to the windows GUI booting up. I have no idea if you
could get that to work or not.

Another problem you have to look out for is that basically in order for
windows to function it needs to have open access to these files constantly
at any time the machine is running. So you're encrypting these files and
decrypting them anytime they attempt to be used for any purpose--good or
bad. If the machine gets infected with spyware, a hijacker, or virus, it'll
have access to those files as easily as windows does. I think the only thing
you would be protecting it from is access to the files while the machine is
not booted up--when windows isn't running. If you rig it so that you have to
enter the pass phrase prior to booting the operating system somehow, then I
suppose this would provide good security to protect against the laptop
physically being stolen. But, you would need a lot more efforts in software
to maintain security while the authorized user is actually using the
machine--especially if it is connected to the internet.

-Jeff
Related resources
Anonymous
June 21, 2005 5:01:22 PM

Archived from groups: alt.security.pgp,microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

Jeff P wrote:
> "John Smith" <a@nonymous.com> wrote in message
> news:42b5f102$1_1@spool9-west.superfeed.net...
> > On laptops I want to place user folders inside a PGP encrypted container
> > in
> > case the laptop is lost/stolen. That way customer data, reports, e-mail,
> > etc...won't be compromised. One way is to change where Windows stores
> > user
> > information.
> >
> > 1) Is there a way to change the default drive on which the \Documents and
> > Settings folder resides?
> >
> > 2) Can I change the default drive of a single user's \Document and
> > Settings
> > folder?
> >
> > 3) If I change the default drive and user Joe starts his laptop up and the
> > \joe user folder is within a PGP container and the container isn't opened
> > at
> > boot time (ie. Joe forgets to enter his passphrase), will XP hang or what
> > will XP do?
> >
>
> Microsoft has a knowledge base article which seems to suggest that one can
> move the documents and settings folder to a different partition by first
> copying it there, then modifying every registry entry that references the
> path to instead reflect the new path. THIS DOES NOT WORK. Trust me, I have
> spent days trying to fight with such a thing, and it simply won't do it. I
> always would end up with it recreating the old paths and files or portions
> of them and then nothing would work right without having TWO copies of the
> stupid thing scattered about. It was a total nightmare.

For the Original poster, the solution might be to simply not use the
standard \Documents and Settings\, but instead create a folder like
%WHATEVER_DRIVE%:\Jeff's Docs\ and encrypt that if you wish. Then you
wouldn't have to worry about Windows requiring constant access,
duplicate locations, or a few other security issues while logged in.
For this you could probably use TrueCrypt or PGPDisk although I have
not used either myself.
Anonymous
June 21, 2005 9:26:01 PM

Archived from groups: alt.security.pgp,microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

"scc4fun" <seanccraig@gmail.com> wrote in message
news:1119383695.831356.248140@g47g2000cwa.googlegroups.com...
>
> For the Original poster, the solution might be to simply not use the
> standard \Documents and Settings\, but instead create a folder like
> %WHATEVER_DRIVE%:\Jeff's Docs\ and encrypt that if you wish. Then you
> wouldn't have to worry about Windows requiring constant access,
> duplicate locations, or a few other security issues while logged in.
> For this you could probably use TrueCrypt or PGPDisk although I have
> not used either myself.
>

This would work if you specifically save all your important files to that
folder. But, Windows likes to sneak away all kinds of personalized
information in the Documents and Settings folder. Examples are your browser
cache files and outlook emails. Pretty much whenever you install a bloatware
program, it is going to probably put some stuff in documents and settings
just for kicks. If you're worried about security, securing that isn't a bad
idea. It's just a question of how to do it.

-Jeff
Anonymous
July 17, 2005 6:03:02 AM

Archived from groups: microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

OK. What about this theoretical solution;
1. Create a partition to only store all folders and files that would
normally be put
in the /Documents and Settings/ folder.
2. Copy everything from /Documents and Settings/ to the new partition.
3. Mount the new partition to C: using the C:/Documents and Settings/ as the
mount point (may need to rename or delete the old /Document and Settings/
folder to do this).

P-chu



"Jeff P" wrote:

>
> "John Smith" <a@nonymous.com> wrote in message
> news:42b5f102$1_1@spool9-west.superfeed.net...
> >
> > On laptops I want to place user folders inside a PGP encrypted container
> > in
> > case the laptop is lost/stolen. That way customer data, reports, e-mail,
> > etc...won't be compromised. One way is to change where Windows stores
> > user
> > information.
> >
> > 1) Is there a way to change the default drive on which the \Documents and
> > Settings folder resides?
> >
> > 2) Can I change the default drive of a single user's \Document and
> > Settings
> > folder?
> >
> > 3) If I change the default drive and user Joe starts his laptop up and the
> > \joe user folder is within a PGP container and the container isn't opened
> > at
> > boot time (ie. Joe forgets to enter his passphrase), will XP hang or what
> > will XP do?
> >
>
> Microsoft has a knowledge base article which seems to suggest that one can
> move the documents and settings folder to a different partition by first
> copying it there, then modifying every registry entry that references the
> path to instead reflect the new path. THIS DOES NOT WORK. Trust me, I have
> spent days trying to fight with such a thing, and it simply won't do it. I
> always would end up with it recreating the old paths and files or portions
> of them and then nothing would work right without having TWO copies of the
> stupid thing scattered about. It was a total nightmare.
>
> The only way I have found to do this is to specify the desired path in a
> special installation script file, and run an unattended or automated
> installation of the oeprating system. Typically I do this with Windows 2000
> and haven't tinkered much with Windows XP on the matter. However, I expect
> the instructions would be quite similar. You can (on 2000 at least) create a
> setup script or "answer" file on a floppy called "winnt.sif". Sometimes this
> is called "unattend.txt" but it won't work on a floppy without the winnt.sif
> name. I think it can be called using a command line parameter of the setup
> program executable though.
>
> Basically this is a file that answers all of the stupid questions that the
> windows setup program asks, so you can let the install run on its own while
> you walk away and do something else. (It won't hang up on tons of boxes that
> require you to push "next" every few minutes for little purpose other than
> to waste your time.) There are a lot of settings you can pass to the setup
> program which aren't available in the setup gui. For example, I made one
> onetime that tells the setup program to simply not ask for a product ID key
> in Windows 2000 setup. You can specify the product ID inside the answer
> file, but I instead discovered you can omit this and simply instruct the
> program to never ask for it at all. So, you can get a perfectly functioning
> windows installation without any product ID, valid or invalid. (Not that I
> don't have a valid license, it's just that I am annoyed by having to find it
> and enter the stupid number.)
>
> To use the answer file in the most easy manner boot from the install CD with
> the winnt.sif answer file on a floppy in the diskette drive. It will rumble
> the floppy drive briefly at boot time to check if such a script exists. It
> may take quite a bit of tinkering to get this to work properly, because if
> it doesn't like part of your script it won't bother to tell you. It'll just
> go ahead and install Windows, waste an hour or two of your time, and then
> dump you with an installation that ignored your slight error and put the
> documents and settings folder at the default C:\ location anyway.
>
> I always run my system with the hard drive split into C:\ and D:\ partitions
> (or sometimes seperate drives). I put the documents and settings folder on
> the D:\ drive. A word of caution to you though... This partition has to be
> formatted and accessible prior to running windows setup. The setup program
> will allow you to partition the drive and format it from the blue screen
> text mode portion at the beginning of setup. However, it will only allow you
> to format the partition that windows is going to be installed to. If the
> answer file directs it to put the documents and settings folder in a
> different partition, it will simply expect that partition to be working
> before it starts. It'll probably go through the motions and think that it is
> creating a documents and settings folder, only for windows to crash upon its
> initial boot time for failure to read any of those files that never got
> copied correctly from a drive not being formatted.
>
> You bring up an interesting question -- I highly doubt that the PGP
> encription of the disk volume would work with the documents and settings
> folder. If so, you would either need to have the encryption software loaded
> into memory prior to running windows setup, or install windows in an
> unencrypted form and later encrypt the disk afterwards. You would have to
> encrypt it while windows is not running, and have software to enable access
> to those files prior to the windows GUI booting up. I have no idea if you
> could get that to work or not.
>
> Another problem you have to look out for is that basically in order for
> windows to function it needs to have open access to these files constantly
> at any time the machine is running. So you're encrypting these files and
> decrypting them anytime they attempt to be used for any purpose--good or
> bad. If the machine gets infected with spyware, a hijacker, or virus, it'll
> have access to those files as easily as windows does. I think the only thing
> you would be protecting it from is access to the files while the machine is
> not booted up--when windows isn't running. If you rig it so that you have to
> enter the pass phrase prior to booting the operating system somehow, then I
> suppose this would provide good security to protect against the laptop
> physically being stolen. But, you would need a lot more efforts in software
> to maintain security while the authorized user is actually using the
> machine--especially if it is connected to the internet.
>
> -Jeff
>
>
>
Anonymous
July 17, 2005 6:12:06 AM

Archived from groups: microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

Never mind. I just realized that it would be hard to mount to an existing
point/folder while logged into Windows. (i.e. /Documents and Settings/ would
be in use.) :-(


"P-chu" wrote:

>[...]
> 3. Mount the new partition to C: using the C:/Documents and Settings/ as the
> mount point (may need to rename or delete the old /Document and Settings/
> folder to do this).
Anonymous
August 20, 2005 12:34:28 AM

Archived from groups: microsoft.public.windowsxp.customize,microsoft.public.windowsxp.help_and_support (More info?)

Jeff

I would like to know more about what you said:

You can (on 2000 at least) create a setup script or "answer" file on a
floppy called "winnt.sif". Sometimes this is called "unattend.txt" but it
won't work on a floppy without the winnt.sif name. I think it can be called
using a command line parameter of the setup program executable though.

This sounds like the solution to my problem with moving the Documents and
Settings folder from drive C: to D: on Windows XP Home Edition SP1. I tried
using the unattend function, but I don't think that I did it right. What set
of commands would I put in the winnt.sif file to make the installation CD
install D&S on a different drive? Microsoft Help and Support Documents
haven't been much help on this.

Don Chase
--
- Birds are God''''s gift of beauty to the world -



"Jeff P" wrote:

>
> "John Smith" <a@nonymous.com> wrote in message
> news:42b5f102$1_1@spool9-west.superfeed.net...
> >
> > On laptops I want to place user folders inside a PGP encrypted container
> > in
> > case the laptop is lost/stolen. That way customer data, reports, e-mail,
> > etc...won't be compromised. One way is to change where Windows stores
> > user
> > information.
> >
> > 1) Is there a way to change the default drive on which the \Documents and
> > Settings folder resides?
> >
> > 2) Can I change the default drive of a single user's \Document and
> > Settings
> > folder?
> >
> > 3) If I change the default drive and user Joe starts his laptop up and the
> > \joe user folder is within a PGP container and the container isn't opened
> > at
> > boot time (ie. Joe forgets to enter his passphrase), will XP hang or what
> > will XP do?
> >
>
> Microsoft has a knowledge base article which seems to suggest that one can
> move the documents and settings folder to a different partition by first
> copying it there, then modifying every registry entry that references the
> path to instead reflect the new path. THIS DOES NOT WORK. Trust me, I have
> spent days trying to fight with such a thing, and it simply won't do it. I
> always would end up with it recreating the old paths and files or portions
> of them and then nothing would work right without having TWO copies of the
> stupid thing scattered about. It was a total nightmare.
>
> The only way I have found to do this is to specify the desired path in a
> special installation script file, and run an unattended or automated
> installation of the oeprating system. Typically I do this with Windows 2000
> and haven't tinkered much with Windows XP on the matter. However, I expect
> the instructions would be quite similar. You can (on 2000 at least) create a
> setup script or "answer" file on a floppy called "winnt.sif". Sometimes this
> is called "unattend.txt" but it won't work on a floppy without the winnt.sif
> name. I think it can be called using a command line parameter of the setup
> program executable though.
>
> Basically this is a file that answers all of the stupid questions that the
> windows setup program asks, so you can let the install run on its own while
> you walk away and do something else. (It won't hang up on tons of boxes that
> require you to push "next" every few minutes for little purpose other than
> to waste your time.) There are a lot of settings you can pass to the setup
> program which aren't available in the setup gui. For example, I made one
> onetime that tells the setup program to simply not ask for a product ID key
> in Windows 2000 setup. You can specify the product ID inside the answer
> file, but I instead discovered you can omit this and simply instruct the
> program to never ask for it at all. So, you can get a perfectly functioning
> windows installation without any product ID, valid or invalid. (Not that I
> don't have a valid license, it's just that I am annoyed by having to find it
> and enter the stupid number.)
>
> To use the answer file in the most easy manner boot from the install CD with
> the winnt.sif answer file on a floppy in the diskette drive. It will rumble
> the floppy drive briefly at boot time to check if such a script exists. It
> may take quite a bit of tinkering to get this to work properly, because if
> it doesn't like part of your script it won't bother to tell you. It'll just
> go ahead and install Windows, waste an hour or two of your time, and then
> dump you with an installation that ignored your slight error and put the
> documents and settings folder at the default C:\ location anyway.
>
> I always run my system with the hard drive split into C:\ and D:\ partitions
> (or sometimes seperate drives). I put the documents and settings folder on
> the D:\ drive. A word of caution to you though... This partition has to be
> formatted and accessible prior to running windows setup. The setup program
> will allow you to partition the drive and format it from the blue screen
> text mode portion at the beginning of setup. However, it will only allow you
> to format the partition that windows is going to be installed to. If the
> answer file directs it to put the documents and settings folder in a
> different partition, it will simply expect that partition to be working
> before it starts. It'll probably go through the motions and think that it is
> creating a documents and settings folder, only for windows to crash upon its
> initial boot time for failure to read any of those files that never got
> copied correctly from a drive not being formatted.
>
> You bring up an interesting question -- I highly doubt that the PGP
> encription of the disk volume would work with the documents and settings
> folder. If so, you would either need to have the encryption software loaded
> into memory prior to running windows setup, or install windows in an
> unencrypted form and later encrypt the disk afterwards. You would have to
> encrypt it while windows is not running, and have software to enable access
> to those files prior to the windows GUI booting up. I have no idea if you
> could get that to work or not.
>
> Another problem you have to look out for is that basically in order for
> windows to function it needs to have open access to these files constantly
> at any time the machine is running. So you're encrypting these files and
> decrypting them anytime they attempt to be used for any purpose--good or
> bad. If the machine gets infected with spyware, a hijacker, or virus, it'll
> have access to those files as easily as windows does. I think the only thing
> you would be protecting it from is access to the files while the machine is
> not booted up--when windows isn't running. If you rig it so that you have to
> enter the pass phrase prior to booting the operating system somehow, then I
> suppose this would provide good security to protect against the laptop
> physically being stolen. But, you would need a lot more efforts in software
> to maintain security while the authorized user is actually using the
> machine--especially if it is connected to the internet.
>
> -Jeff
>
>
>
!