Making NTFS drives/folder private

[SamCullen]

In WinXP Pro, I can designate the "My Documents" folder in my main drive as "Private" (i.e. not accessible to other users who login to this same machine).

How can I designate other drives or folders in another drive as "Private"?

All my drives are NTFS formatted. I'd like to use my second drive as backup for my "My Documents" but am concerned that access on the second drive is not restricted to other users logging in to this same machine.

 

[LNCPapa]

You can change security permissions on the container (folder or drive) to only allow your account access - or you can even force explicit denial for all other accounts. Just right click on the folder/drive and goto the security options for that folder/drive.

 

[acneil]

or if youre afraid of playing with permission, you can right click the folder or file and hit encrypt, does a similar thing.

 

[Justin]

Be careful with encrypting. Remember that if you should ever delete the account you encrypted it with or the install becomes damaged and you lose the account, all the encrypted data is gone, forever.

 

[acneil]

not if you recreate the account name and same password, tried it and it works fine. just never ever foget the password.

 

[Phantasm66]

Originally posted by acneil
not if you recreate the account name and same password, tried it and it works fine. just never ever foget the password.

Really? I just tried what you said, and it didn't work.

Remember that when you create an account, it gets a unique security identifier. When you delete that account, and create a new one, even if that new one has the same username and password, it has a different identifier.

I was not able to do what you said. If you were, please could you post exactly what you did, step by step.

 

[Nic]

Looks like setting encryption options can be very dangerous thing to do. I take it that setting security permissions is much safer and does allow access from another account, provided you can remember your username and password? Can someone please confirm this, as I've never used these features before, and may use them in the future.

 

[Phantasm66]

I think you need to add a designated recovery agent.

Recovery agents
A recovery agent is an individual who is authorized to decrypt data that was encrypted by another user. Recovery agents do not need any other permissions to function in this role. Recovery agents are useful, for example, when employees leave the company and their remaining data needs to be decrypted. Before you can add a recovery agent for a domain, you must ensure that each recovery agent has been issued an X.509v3 certificate.

how to restore
http://www.microsoft.com/technet/tr...inxppro/proddocs/encrypt_to_recover_agent.asp

what is a recovery agent
http://www.microsoft.com/technet/tr...nxppro/proddocs/encrypt_recovery_overview.asp

add a recovery agent
http://www.microsoft.com/technet/tr.../winxppro/proddocs/sag_SEprocsAddRecAgent.asp

If I have time, I will look in the Microsoft Certification notes for the full story behind this, but I think that its not possible to just recreate an account with the same name and password, this would be a security risk of some sort.

 

[Rick]

You are setting yourself up for a nasty data-loss situation in the future. I don't know how important your documents are to you, but I would avoid encrypting anything of value on my computer.. Just in case.

Is the data really THAT sensitive?

 

[StormBringer]

If you make backups of important datas like that, you can rest a little easier about the possibility of losing it to some horrible disaster.

Backing up your files takes a lot of the "what if" out of things like this.

 

[SamCullen]

Security option

I've tried right-clicking on a drive/folder/file (on another physical drive) and selecting "Sharing and Security". In the window that comes up, under the "Sharing" tab, the option to "Make this folder private" is grayed out. My understanding is the option to "Make this folder private" is only available to the "My Documents" folder in the main drive but given my limited understanding, I could be wrong. Any way to make the grayed out option become available?

 

[acneil]

Originally posted by Phantasm66
Really? I just tried what you said, and it didn't work.

Remember that when you create an account, it gets a unique security identifier. When you delete that account, and create a new one, even if that new one has the same username and password, it has a different identifier.

I was not able to do what you said. If you were, please could you post exactly what you did, step by step.

Sure, It was during a fresh reinstall of xp, I had backed up encrypted files on another partition. I had used the "administrator" account when i encrypted them.

Then after my fresh install of xp I couldnt access my encrypted files and I realized that I need to use the same password as I had when I encrypted them, I changed it and walla.

 

[psybermagus]

SamCullen, i hear ya!

hey, sam, i am having the same issue. there is no way, it seems, to make folders on a second drive private, because XP does not extend the user profiles from the main drive to the second.

i live in an apartment with a roommate who uses this computer from time to time, and i do have a lot of sensitive, personal information stored that i don't want her to have access to. i also don't want her mucking around in my files and accidentally deleting something...she is rather unschooled with computers, unfortunately.

i'm wondering maybe if i need to install the OS on the second drive, as well? perhaps that will help? i dunno what that would do the computer...any thoughts?

so far no one has provided a useful answer to this question. the encryption thing might work, sure...i could PGP the entire folder...but then what a hassel to access them later! i'm constantly pulling things up from the second drive.

HELP!!!

 

[bazzaoz]

Here is a workaround. Right click the My Documents desktop icon go to properties, move the folder to your second drive (E:\My Documents). Now go to this new folder on your second drive, right click go to Properties > Sharing tab, now you can tick Make this folder private. So every thing you what private put into this folder. You might still want to make you user account private under Documents and Settings.

 

[r1_forever]

An answer at last..

Just use a secondary piece of software like "Folderguard" or "Steganos" and you can lock and or password protect any folder or drive you like. You can then use something like "Starr Commander" to monitor every 'keystroke' entered on your Pc and see exactly whats going on your Pc while you're not there. You can download trial versions of most software somewhere on the net and then purchase later.
Andrew.

 

[monza]

Administrator Privileges

Here is a workaround. Right click the My Documents desktop icon go to properties, move the folder to your second drive (E:\My Documents). Now go to this new folder on your second drive, right click go to Properties > Sharing tab, now you can tick Make this folder private. So every thing you what private put into this folder. You might still want to make you user account private under Documents and Settings.

This does not work if you don't have administrator privileges, although it does "un-grey" the "Make this folder private" checkbox.

 

[monza]

Advanced Security

In WinXP Pro, I can designate the "My Documents" folder in my main drive as "Private" (i.e. not accessible to other users who login to this same machine).

How can I designate other drives or folders in another drive as "Private"?

All my drives are NTFS formatted. I'd like to use my second drive as backup for my "My Documents" but am concerned that access on the second drive is not restricted to other users logging in to this same machine.

I believe this article covers everything to setup advanced folder and drive protection:

http://support.microsoft.com/?kbid=308418