Protecting Directories

J

Jose

Hi,

I am wondering how to make certain directories off limits
to other users of my PC, which is running Windows XP Pro -
- but is not part of a network. My concern is that I am
soon getting a laptop that will have sensitive
confidential documents on it. So how do I set XP Pro so
that only I can get into files in those sensitive
directories. If I were to misplace the laptop and the
confidential files were vulnerable to access I could
easily lose my job -- as in get fired. Ideally, someone
would be locked out of the entire computer unless they
knew at least one password.

What I am doing now is password protecting each
individual file, but I am concerned because WORD
passwords are not difficult to get around and because it
is a hassle to have to individually protect each file.

I have noticed that when I log in I am able to view the
documents and directories of everyone else who uses my
computer, although they all have their own accounts,
usernames and passwords. Any way to "fix" that? We all
like having administrative accounts.

Any ideas/suggestions? Also, ideas on how to use a
digital certificate instead of a password to protect
against someone breaking into my account? Yet another
question is whether someone knows of a simple, relatively
inexpensive program I could use to encrypt certain
directories on my hard-drive -- I assume I would need a
smart card or somethig to store the digital ID in. Of
course, if I lost the card I would also be fried. Thanks
for any ideas.

Jose Mata
(e-mail address removed)
 
R

Roger Abell

Hi Jose,

In XP you may choose to use NTFS filesystem permissions
to control access to folders and files.
This is a good basic access control method.

For sensitive data, as you mention on your laptop, with the
Pro edition of XP one may choose to use the EFS encryption
option. If you do, then only your account, and an optionally
configured data recovery agent account, will be able to get
into the files in an unencrypted form (actually, an account
able to decrypt is allowed to grant decrypted access to
other accounts on a file by file basis).

If you select to use EFS, then you should be certain that you
have reviewed EFS usage information and exported and
saved on secure external media the EFS certificate/key pair
that is generated on your account's first use of EFS.
Your business administrative group ought to be able to
provide you with some guidance on these matters.

You can log in with a certificate, though we call it a
smart card. For this your machine needs a smart card
reader and some configuration, and you need access to
an issueing authority for the certificate on the card. This
is most often supported as a part of a domain infrastructure.

Here are some links
for NTFS filesystem permission control
http://support.microsoft.com/?ID=308418
http://support.microsoft.com/?ID=307874
http://support.microsoft.com/?ID=308419

for EFS
Data Protection and Recovery in Windows XP
http://microsoft.com/WINDOWSXP/pro/techinfo/administration/recovery

Best Practices for Encrypting File System
http://support.microsoft.com/?id=223316

Export a certificate with the private key
http://microsoft.com/windowsxp/home/using/productdoc/en/sag_CMprocsExportPriv.asp

Importing and exporting certificates
http://microsoft.com/windowsxp/home/using/productdoc/en/sag_CMimportExport.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top