Protecting files/folders

xyz · Jul 24, 2003

Is it possible to password protect your files/folders in Windows XP without creating multiple user accounts?
___________________________________________________________
Mubashar

"All delays are dangerous in war."

Toejam31 · Jul 24, 2003

You could use a third-party tool like <A HREF="http://www.folder-guard.com/password-protected-folders.htm" target="_new">Folder Guard</A> or <A HREF="http://www.pc-magic.com/dl2.htm#mf2K" target="_new">Magic Folders/Encrypted Magic Folders</A>, or just make <A HREF="http://support.microsoft.com/?kbid=306531" target="_new">compressed folders</A> with the addition of a password.

Is this secure enough, or are you looking for something more powerful? Or have I misinterpreted the question? In that case, you might find this link useful:

<A HREF="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307874&sd=tech" target="_new">HOW TO: Disable Simplified Sharing and Password-Protect a Shared Folder in Windows XP</A>

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=328&s=91c282f2e5207e99b7a652ee13b3512a" target="_new">My System Rigs</A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new">BTVILLARIN.com</A> - Your Computer Questions Answered

xyz · Jul 25, 2003

Here is the case:
If I create two user accounts with Administrative privilages and then change the permissions of a particular folder so that one user has its ownership and the other user is not allowed to access this folder, then simply speaking this doesn't work. Because second user, who was restricted to access that folder (having the administrative privilages) can change the permissions so that he has complete access to that folder.(Simplified sharing is already disabled.)

How can I get more tight security in Windows XP? Are the third party tools like Folder Guard satisfactory means for protecting your sensitive data?
___________________________________________________________
Mubashar

"All delays are dangerous in war."

khha4113 · Jul 25, 2003

You can make your account Private which can deny access from other users even if they have admin privilege, or you can encrypt your confidential files with Windows XP encryption system (EFS).

Good or Bad have no meaning at all, depends on what your point of view is.

Toejam31 · Jul 25, 2003

I think if you must have more than one Administrative account in a system, using some sort of third-party tool for password protection is essential, whether it be Folder Guard or another third-party application.

(Note: How well this app works ... your guess is as good as mine. You could try the "Lite" version for free, and see if it suits you.)

However, I just don't see any valid reason for having more than one Administrator per computer. Personally, I'd rather create a new user group with a custom security template, and use this for all other Power Users. In fact, it's a good idea for the actual owner of a system to log on as an Administrator only when necessary, as this is a known security risk! Check out this article:

<A HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/windows_security_whynot_admin.asp" target="_new">Why you should not run your computer as an administrator</A>

Take a look this .PDF file on how to use the Group Policy Editor to set User Rights Assignments. You can take a predefined template and alter it for a particular group, or create an entirely new group with predefined assignments of your choosing.

<A HREF="http://helpdesk.bradley.edu/docs/SecureXP2k.pdf" target="_new">Securing Windows XP and 2000</A>.

You might also find this link useful:

<A HREF="http://www.mips2000.com/windows_2000.htm" target="_new">Elenco Argomenti Windows 2000</A>

Let's face it, with these kinds of tools at your disposal, having more than one member of the Admin group on a single system just isn't necessary, and should be avoided. Anything one Administrator can lock, another can unlock, given enough time, unless you create a security template for the second user, or invest in a third-party tool.

And ... by the way, with something like Folder Guard, the other Admin could lock you out of specific areas. That's an unsettling thought, huh?

Someone has to be in charge. Having more than one Admin defeats the purpose of the Administrator's privileges in the first place, IMHO. But it's your choice, big guy.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=328&s=91c282f2e5207e99b7a652ee13b3512a" target="_new">My System Rigs</A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new">BTVILLARIN.com</A> - Your Computer Questions Answered

Toejam31 · Jul 25, 2003

You might want to take a look at this article before replying on EFS private keys for Administrative account security.

<A HREF="http://https://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/reskit/prnb_efs_kcef.asp" target="_new">Tips for Implementing EFS</A>

And, of course, on computers still using file systems other than NTFS, EFS is not available, and the whole point is moot. Which takes us back to customized security templates, and a single Admin per computer, which allows a higher level of control, without the risk of losing EFS certificates and private keys ... especially if the computer becomes unbootable for some reason in the future, and a reinstall of the operating system is necessary ... or if the media that contains the exported information is lost, damaged or hasn't been updated.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=328&s=91c282f2e5207e99b7a652ee13b3512a" target="_new">My System Rigs</A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new">BTVILLARIN.com</A> - Your Computer Questions Answered

Boink · Jul 26, 2003

Not possible without using 3rd party software. Here's why, (WIN XP new user accounts default to the administrators group, which allows full control over system files as well as take ownership on all other files) and a SACL (Security Access Control List)When you create a user account with default settings and assign a password to it you have just password protected all the files associated with that account except for files that all users need access to(the SACL keeps track of who is allowed to see what on the local machine). If you don't create a password or let someone log on to the computer with your password then they have full access to all the files on your machine, No password = Open Book, Someone else using your password,= Computer thinks it's you and gives them full access to all your files (SACL). Creating another account with admin privs, = gives that account the ability to take ownership of any file or folder on the machine. So if you don't want to create another account use 3rd party software. It would be easier to just create a different account with restricted permissions and only use the admin for your own personal secret stuff. By the way all this only works on NTFS Partitions

xyz · Jul 26, 2003

First of all, I can't create compressed folders because when I right click, goto new, there is no option called compressed folders. Don't know why.

Second, if you prefer not to use your own computer as Administrator, then which account would you like to use. Windows builtin "Power User" account or you would like to create a custom account?

Third, I have discovered that in Windows XP, by default all users from Administartor group can take the ownership of any file or folder. But you can you can edit User Right Assignments to change this behaviour. So that only the owner of a file/folder can have access to that file/folder and no other user (even if he has Admin privilages) can't have access to that file/folder?

Also since the time I have turned to NTFS, chkdsk.exe don't run automatically after improper shutdowns. Is this a feature of NTFS or I am having some sort of problem???
___________________________________________________________
Mubashar

"All delays are dangerous in war."Edited by xyz on 07/26/03 09:25 AM.

xyz · Jul 26, 2003

You can make your account Private which can deny access from other users even if they have admin privilege.

How???
___________________________________________________________
Mubashar

"All delays are dangerous in war."

khha4113 · Jul 26, 2003

If you use Simple File Sharing, right-click your User Profile folder (Docements and Settings\User name) and select Make this folder Private check box.
On the other, you can deny access to everyone else but you only by setting permission (in Security tab).

Good or Bad have no meaning at all, depends on what your point of view is.

khha4113 · Jul 26, 2003

First of all, I can't create compressed folders because when I right click, goto new, there is no option called compressed folders. Don't know why.

After creating your folder, go to its Properties. Click on Advanced button, and choose compressing the folder there (This option is only in NTFS drive).

Second, if you prefer not to use your own computer as Administrator, then which account would you like to use. Windows builtin "Power User" account or you would like to create a custom account?

Type control userpasswords2 at Run command. Select account you want to set and choose its properties. You can set its access level there.

Also since the time I have turned to NTFS, chkdsk.exe don't run automatically after improper shutdowns. Is this a feature of NTFS or I am having some sort of problem???

By its design, NTFS volume uses log files to keep track all of disk activities. In event of crash or sudden shutdown, Windows XP uses this journal to repair file system errors automatically when system is started. On other word, NTFS is more secure and less vulnerable to disk errors than FAT.

Good or Bad have no meaning at all, depends on what your point of view is.

xyz · Jul 27, 2003

After creating your folder, go to its Properties. Click on Advanced button, and choose compressing the folder there (This option is only in NTFS drive).

Okay...then how would I assign a password to these compressed folder?

By its design, NTFS volume uses log files to keep track all of disk activities. In event of crash or sudden shutdown, Windows XP uses this journal to repair file system errors automatically when system is started. On other word, NTFS is more secure and less vulnerable to disk errors than FAT.

You mean my system is doing normal. i.e chkdsk doesn't run automatically on NTFS volumes???

Thanks for your time!
___________________________________________________________
Mubashar

"All delays are dangerous in war."

khha4113 · Jul 27, 2003

then how would I assign a password to these compressed folder?

You don't. I think you meant to create compressed file (.zip extension) when my tip is compressing folder to save disk space (similar with diskspace in Win98).
If you want to create Zip file (or compressed folder), right-click on the file (or folder) and choose Sendto\Compressed (Zipped) folder. It'd create a zip file. You can add password by double-click on it, at File menu, choose add a password.

You mean my system is doing normal.

Yes.

Good or Bad have no meaning at all, depends on what your point of view is.Edited by khha4113 on 07/27/03 01:21 PM.

xyz · Jul 28, 2003

Thanks!
____________________________________________________________
Mubashar

"All delays are dangerous in war."

Search

Protecting files/folders

xyz

Distinguished

Toejam31

Distinguished

xyz

Distinguished

khha4113

Distinguished

Toejam31

Distinguished

Toejam31

Distinguished

Boink

Distinguished

xyz

Distinguished

xyz

Distinguished

khha4113

Distinguished

khha4113

Distinguished

xyz

Distinguished

khha4113

Distinguished

xyz

Distinguished

TRENDING THREADS

Latest posts

Share this page