Sign in with
Sign up | Sign in
Your question

Protecting files/folders

Last response: in Windows XP
Share
July 24, 2003 6:29:17 PM

Is it possible to password protect your files/folders in Windows XP without creating multiple user accounts?
___________________________________________________________
<font color=blue>Mubashar</font color=blue>

<b><font color=red><i>"All delays are dangerous in war."</b></font color=red></i>
July 24, 2003 8:13:54 PM

You could use a third-party tool like <A HREF="http://www.folder-guard.com/password-protected-folders...." target="_new">Folder Guard</A> or <A HREF="http://www.pc-magic.com/dl2.htm#mf2K" target="_new">Magic Folders/Encrypted Magic Folders</A>, or just make <A HREF="http://support.microsoft.com/?kbid=306531" target="_new">compressed folders</A> with the addition of a password.

Is this secure enough, or are you looking for something more powerful? Or have I misinterpreted the question? In that case, you might find this link useful:

<A HREF="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307874&sd=tech" target="_new">HOW TO: Disable Simplified Sharing and Password-Protect a Shared Folder in Windows XP</A>

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=32..." target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>
July 25, 2003 12:50:37 AM

Here is the case:
If I create two user accounts with Administrative privilages and then change the permissions of a particular folder so that one user has its ownership and the other user is not allowed to access this folder, then simply speaking this doesn't work. Because second user, who was restricted to access that folder (having the administrative privilages) can change the permissions so that he has complete access to that folder.(Simplified sharing is already disabled.)

How can I get more tight security in Windows XP? Are the third party tools like Folder Guard satisfactory means for protecting your sensitive data?
___________________________________________________________
<font color=blue>Mubashar</font color=blue>

<b><font color=red><i>"All delays are dangerous in war."</b></font color=red></i>
Related resources
July 25, 2003 3:38:12 AM

You can make your account <b>Private</b> which can deny access from other users even if they have admin privilege, or you can encrypt your confidential files with Windows XP encryption system (EFS).

:smile: Good or Bad have no meaning at all, depends on what your point of view is.
July 25, 2003 3:50:06 AM

I think if you <i>must</i> have more than one Administrative account in a system, using some sort of third-party tool for password protection is essential, whether it be Folder Guard or another third-party application.

(Note: How well this app works ... your guess is as good as mine. You could try the "Lite" version for free, and see if it suits you.)

However, I just don't see any valid reason for having more than one Administrator per computer. Personally, I'd rather create a new user group with a custom security template, and use this for all other Power Users. In fact, it's a good idea for the actual owner of a system to log on as an Administrator only when necessary, as this is a known security risk! Check out this article:

<A HREF="http://www.microsoft.com/technet/treeview/default.asp?u..." target="_new">Why you should not run your computer as an administrator</A>

Take a look this .PDF file on how to use the Group Policy Editor to set User Rights Assignments. You can take a predefined template and alter it for a particular group, or create an entirely new group with predefined assignments of your choosing.

<A HREF="http://helpdesk.bradley.edu/docs/SecureXP2k.pdf" target="_new">Securing Windows XP and 2000</A>.

You might also find this link useful:

<A HREF="http://www.mips2000.com/windows_2000.htm" target="_new">Elenco Argomenti Windows 2000</A>

Let's face it, with these kinds of tools at your disposal, having more than one member of the Admin group on a single system just isn't necessary, and should be avoided. Anything one Administrator can lock, another can unlock, given enough time, unless you create a security template for the second user, or invest in a third-party tool.

And ... by the way, with something like Folder Guard, the other Admin could lock <i>you</i> out of specific areas. That's an unsettling thought, huh?

Someone has to be in charge. Having more than one Admin defeats the purpose of the Administrator's privileges in the first place, IMHO. But it's your choice, big guy.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=32..." target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>
July 25, 2003 4:02:41 AM

You might want to take a look at this article before replying on EFS private keys for Administrative account security.

<A HREF="http://https://www.microsoft.com/technet/treeview/default.asp?..." target="_new">Tips for Implementing EFS</A>

And, of course, on computers still using file systems other than NTFS, EFS is not available, and the whole point is moot. Which takes us back to customized security templates, and a single Admin per computer, which allows a higher level of control, without the risk of losing EFS certificates and private keys ... especially if the computer becomes unbootable for some reason in the future, and a reinstall of the operating system is necessary ... or if the media that contains the exported information is lost, damaged or hasn't been updated.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=32..." target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>
July 25, 2003 11:04:32 PM

Not possible without using 3rd party software. Here's why, (WIN XP new user accounts default to the administrators group, which allows full control over system files as well as take ownership on all other files) and a SACL (Security Access Control List)When you create a user account with default settings and assign a password to it you have just password protected all the files associated with that account except for files that all users need access to(the SACL keeps track of who is allowed to see what on the local machine). If you don't create a password or let someone log on to the computer with your password then they have full access to all the files on your machine, No password = Open Book, Someone else using your password,= Computer thinks it's you and gives them full access to all your files (SACL). Creating another account with admin privs, = gives that account the ability to take ownership of any file or folder on the machine. So if you don't want to create another account use 3rd party software. It would be easier to just create a different account with restricted permissions and only use the admin for your own personal secret stuff. By the way all this only works on NTFS Partitions
July 26, 2003 2:48:39 AM

First of all, I can't create compressed folders because when I right click, goto new, there is no option called compressed folders. Don't know why.

Second, if you prefer not to use your own computer as Administrator, then which account would you like to use. Windows builtin "Power User" account or you would like to create a custom account?

Third, I have discovered that in Windows XP, by default all users from Administartor group can take the ownership of any file or folder. But you can you can edit User Right Assignments to change this behaviour. So that only the owner of a file/folder can have access to that file/folder and no other user (even if he has Admin privilages) can't have access to that file/folder?

Also since the time I have turned to NTFS, chkdsk.exe don't run automatically after improper shutdowns. Is this a feature of NTFS or I am having some sort of problem???
___________________________________________________________
<font color=blue>Mubashar</font color=blue>

<b><font color=red><i>"All delays are dangerous in war."</b></font color=red></i><P ID="edit"><FONT SIZE=-1><EM>Edited by xyz on 07/26/03 09:25 AM.</EM></FONT></P>
July 26, 2003 9:13:57 AM

Quote:
You can make your account Private which can deny access from other users even if they have admin privilege.


How???
___________________________________________________________
<font color=blue>Mubashar</font color=blue>

<b><font color=red><i>"All delays are dangerous in war."</b></font color=red></i>
July 26, 2003 2:38:04 PM

If you use <b>Simple File Sharing</b>, right-click your User Profile folder (<b>Docements and Settings\User name</b>) and select <b><font color=red>Make this folder Private</b></font color=red> check box.
On the other, you can deny access to everyone else <b>but</b> you only by setting permission (in Security tab).

:smile: Good or Bad have no meaning at all, depends on what your point of view is.
July 26, 2003 2:57:44 PM

Quote:
First of all, I can't create compressed folders because when I right click, goto new, there is no option called compressed folders. Don't know why.

After creating your folder, go to its Properties. Click on <b>Advanced</b> button, and choose compressing the folder there (This option is only in NTFS drive).
Quote:
Second, if you prefer not to use your own computer as Administrator, then which account would you like to use. Windows builtin "Power User" account or you would like to create a custom account?

Type <b>control userpasswords2</b> at <b>Run</b> command. Select account you want to set and choose its properties. You can set its access level there.
Quote:
Also since the time I have turned to NTFS, chkdsk.exe don't run automatically after improper shutdowns. Is this a feature of NTFS or I am having some sort of problem???

By its design, NTFS volume uses log files to keep track all of disk activities. In event of crash or sudden shutdown, Windows XP uses this journal to repair file system errors automatically when system is started. On other word, NTFS is more secure and less vulnerable to disk errors than FAT.

:smile: Good or Bad have no meaning at all, depends on what your point of view is.
July 27, 2003 5:44:04 PM

Quote:
After creating your folder, go to its Properties. Click on Advanced button, and choose compressing the folder there (This option is only in NTFS drive).

Okay...then how would I assign a password to these compressed folder?

Quote:
By its design, NTFS volume uses log files to keep track all of disk activities. In event of crash or sudden shutdown, Windows XP uses this journal to repair file system errors automatically when system is started. On other word, NTFS is more secure and less vulnerable to disk errors than FAT.

You mean my system is doing normal. i.e chkdsk doesn't run automatically on NTFS volumes???

Thanks for your time!
___________________________________________________________
<font color=blue>Mubashar</font color=blue>



<b><font color=red><i>"All delays are dangerous in war."</b></font color=red></i>
July 27, 2003 7:45:25 PM

Quote:
then how would I assign a password to these compressed folder?

You don't. I think you meant to create compressed file (<b><font color=red>.zip</b></font color=red> extension) when my tip is compressing folder to save disk space (similar with diskspace in Win98).
If you want to create <b>Zip</b> file (or compressed folder), right-click on the file (or folder) and choose Sendto\Compressed (Zipped) folder. It'd create a zip file. You can add password by double-click on it, at <b>File</b> menu, choose add a password.
Quote:
You mean my system is doing normal.

Yes.

:smile: Good or Bad have no meaning at all, depends on what your point of view is.<P ID="edit"><FONT SIZE=-1><EM>Edited by khha4113 on 07/27/03 01:21 PM.</EM></FONT></P>
July 28, 2003 2:27:08 AM

Thanks!
____________________________________________________________
<font color=blue>Mubashar</font color=blue>

<b><font color=red><i>"All delays are dangerous in war."</b></font color=red></i>
!