G
Guest
How Do I lock a folder and reqire a password to view that folder's contents??
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
Right-click a folder and select the "security" tab, then Permissions.
Remove "everyone" and add the users that need access. Make sure you include
Adminsitrator as a full user, otherwise there will be problems removing the
folder if the other accounts are subsequently removed.
The passwords required are those of the computer-users added, XP does not
allow shares to have their own passwords, as 9x did.
Remove "everyone" and add the users that need access. Make sure you include
Adminsitrator as a full user, otherwise there will be problems removing the
folder if the other accounts are subsequently removed.
The passwords required are those of the computer-users added, XP does not
allow shares to have their own passwords, as 9x did.
V
Vanguard
Brian said:How Do I lock a folder and reqire a password to view that folder's
contents??
Use the permissions security model incorporate to Windows XP. That is why
it is there. Stop sharing your login with other users. If they must use
their own account to login, you get to control access using permissions.
Administrators can take ownership of any file, so even if you don't add an
administrator account or the Administrators group, they can still grab
ownership of the file/folder. So decide who will be an admin on your host.
You can also use EFS (encryption file system) to encrypt a file or folder.
Who can read the file/folder depends entirely on which accounts or groups
you add to your EFS certificate. Be sure to export the EFS certificate if
you decide to use EFS.
Get TrueCrypt if you want to password-protect a file or folder or create a
container that is encrypted. It doesn't rely on permissions but encrypts
based on the password. However, you can still use both the password
protection of TrueCrypt and also use permissions in Windows XP.
B
Bruce Chambers
Brian said:How Do I lock a folder and reqire a password to view that folder's contents??
Like Win2K, WinXP's file security paradigm doesn't rely on, or
allow, the cumbersome method of password protection for individual
applications, files, or folders. Instead, it uses the superior method
of explicitly assigning file/folder permissions to individual users
and/or groups.
HOW TO Create and Configure User Accounts in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;279783
HOW TO Set, View, Change, or Remove File and Folder Permissions
http://support.microsoft.com/default.aspx?scid=kb;en-us;q308418
HOW TO Set, View, Change, or Remove Special Permissions for Files and
Folders
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q308419
HOW TO Set the My Documents Folder as Private in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;298399
Of course, if you have WinXP Pro, you can encrypt the desired
files/folders.
Best Practices for Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316
As a crude work-around, if you actually prefer Win9x's way, you can
place the file in a compressed folder, and set a password to uncompress
the folder to view/access its contents. Also, some applications allow
the user to password-protect their specific data files. Read the
specific application's Help files for further information on this
capability.
--
Bruce Chambers
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
V
Vanguard
Bruce Chambers said:Like Win2K, WinXP's file security paradigm doesn't rely on, or
allow, the cumbersome method of password protection for individual
applications, files, or folders. Instead, it uses the superior method
of explicitly assigning file/folder permissions to individual users
and/or groups.
Unfortunately there are failings with Windows security. Using permissions
can be obviated by moving the drive to another host where the SIDs for the
accounts for the permissions are unknown under the other instance of
Windows, so none of the permissions are enforced (except for Administrator
which gets the same SID under each instance of Windows). The Administrator
in the other Windows box can take ownership of any file, especially for
those with unknown SIDs, which would then allow the user of that other
Windows box to manipulate all your files.
You could use EFS but it is susceptible to password cracking (the passwords
are more easily cracked than the encryption by EFS). If the password is
known, hacked, spied, or cracked then anyone can logon as you and the EFS
certificate gets applied so all those EFS-protected files become accessible
to that hacker. Granted that password aren't that easy to crack but so many
users use weak and stupid passwords that often it isn't that difficult. You
cannot wipe the password to "reset" the account because, as I recall, that
results in blocking access to the EFS-protected files. I remember reading
somewhere that passwords longer than 14 characters (which are saved as two
7-character strings rather than one long 14-character string) only need to
be cracked up to the 14 characters.
If you use an encrypted container (for a drive, a partition, or a file-based
container), the encryption is based on the password. So obviously the
longer the password the more secure is the contents of the encrypted
container. Also, with TrueCrypt, for example, you can select some
super-high encryption methods but with the incumbent performance penalty to
add or read files due to the longer time needed for the higher encryption
method.
You can double up on the protections, too. There would be no point in using
EFS to encrypt a TrueCrypt container (and I'm not sure it is allowed) but
you could put permissions on the container. That would allow only certain
accounts to have access to that encrypted container provided they knew the
password to open it. Even if an admin tried to take ownership, he can't
look inside the container (and the same for EFS if you ensure no admins or
admin groups are included in the EFS certificate). So even if the drive
"wandered" to another box where the SID recorded on that file regarding its
permissions was an unknown SID and a user opened it or an administrator took
ownership, they still cannot look inside of it.
For the functions already included in Windows XP Pro (EFS only comes in the
Pro version), you could use permissions on an EFS-protected file or folder.
If you are wary of EFS getting hack because someone managed to login using
your credentials then use TrueCrypt, DriveCrypt, or some other encryption
tool that uses an independent password (i.e., the password is different than
your login password). Advantages of TrueCrypt (or the others) over EFS is
that its encryption has nothing to do with your login credentials, you don't
need to export certificates and reimport them to have access to your files
(but you will have to remember the password), and usually offer higher
encryption schemes than EFS.
From what I've read and seen regarding data security for business hosts to
prevent someone stealing a laptop or hard drive to yank out the data, I
really haven't seen a huge push to use EFS, and permissions are easily
circumvented. That's why there are products like TrueCrypt (free and open
source), DriveCrypt, BestCrypt, and SafeBoot (which, I believe, is no longer
available in a personal version). If permissions and EFS were the ultimate
security model, there would be no demand for these other products.