Specify password set password for notebook PC? How to create Admin ID?

[Peter Sale]

I have a newly acquired notebook PC running windows XP Pro SP2 with two
"users" specified, Peter and Debbie. Debbie is my book keeper. Right now
anyone can sign on to either ID by simply powering on this Notebook,
clicking on the desired ID, gaining access to all my files. So I have
three concerns.
1. How to password protect these two Ids so that, heaven forbid, if my
notebook is lost or stolen only the hardware and none of my sensitive files
are in the hands of the thief.

2. How to password protect these two IDs so that Debbie only has access to
the files on her ID that I want her to have access too, while I have access
to all files everywhere on this notebook. Put differently, Debbie really
only needs access to my accounting files, and perhaps her own files (email,
etc.).

3. What's this "Admin ID" I keep reading about? I only set up two IDs,
Peter and Debbie, not an ID called Admin. Should I have set up a 3rd ID
called "Admin?"

--
Regards,

Peter Sale
Santa Monica, CA USA
To email me, just pull 'my-leg.'

 

[Torgeir Bakken \(MVP\)]

I have a newly acquired notebook PC running windows XP Pro SP2 with two
"users" specified, Peter and Debbie. Debbie is my book keeper. Right
now anyone can sign on to either ID by simply powering on this Notebook,
clicking on the desired ID, gaining access to all my files. So I have
three concerns.
1. How to password protect these two Ids so that, heaven forbid, if my
notebook is lost or stolen only the hardware and none of my sensitive
files are in the hands of the thief.

Unless you disable booting on CD/floppy (before the hard disk) and
password protect the BIOS setup (and hope that the BIOS isn't easy
"cracked"), user accout password is just a joke. There are several
free tools available that can reset account passwords by booting on
a CD/floppy where the program resides.

See here for more about this:

http://home.eunet.no/~pnordahl/ntpasswd/editor.html
http://www.petri.co.il/forgot_administrator_password.htm

After following the procedure in the links above, then there is just
to log on with the now password free builtin Administrator user and
take ownership of the files (if you have marked your folders/files
as "Private")

And of course, if the hard disk is lifted over to another computer,
passwords on the user accounts is no obstacle.

If the data is highly sensitive, you should encrypt the data, but I
would not have used Microsoft's builtin EFS (if you have WinXP Pro),
EFS is usually a disaster just waiting to happen. Some calls EFS
the "delayed Recycle Bin" ;-)

If you really want encryption:

SafeGuard PrivateCrypto might help you out (free for
private use only):

http://www.utimaco.com/indexmain.html

or maybe their SafeGuard Easy product (at work, we use it for local
hard disk encryption on all laptops, and we are very satisfied with
the product).

The BestCrypt product found at http://www.jetico.com/ also looks
interesting.

Just be sure to export any encryption keys and safe them on a safe
place (outside your computer).

2. How to password protect these two IDs so that Debbie only has access
to the files on her ID that I want her to have access too, while I have
access to all files everywhere on this notebook. Put differently,
Debbie really only needs access to my accounting files, and perhaps her
own files (email, etc.).

How to set account passwords is covered here:

HOW TO: Create and Configure User Accounts in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;279783

To configure file/folder access:

HOW TO: Set the My Documents Folder as "Private" in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;298399

HOW TO: Set, View, Change, or Remove File and Folder Permissions in
Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308418

HOW TO: Set, View, Change, or Remove Special Permissions for Files
and Folders in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308419

3. What's this "Admin ID" I keep reading about? I only set up two IDs,
Peter and Debbie, not an ID called Admin.

The builtin "Administrator" user account is somewhat hidden, but it is
there (it is actually not possible to delete it).

How to log on as the builtin Administrator is covered here (note that
for WinXP Home this is only possible in Safe mode):

How to Log On to Windows XP If You Forget Your Password or Your
Password Expires
http://support.microsoft.com/default.aspx?scid=kb;EN-US;321305

Most likely the Administrator user account have no password assigned
to it (you should set one, and write the password up and put it in a
safe place outside the computer).

Should I have set up a 3rd ID called "Admin?"

Not really necessary as you always will have the builtin Administrator
user available.

 

[Peter Sale]

Hi Torgeir,
Many thanks for you thorough reply.
--
Regards,

Peter Sale
Santa Monica, CA USA
To email me, just pull 'my-leg.'

 

[Alex Nichol]

If the data is highly sensitive, you should encrypt the data, but I
would not have used Microsoft's builtin EFS (if you have WinXP Pro),
EFS is usually a disaster just waiting to happen. Some calls EFS
the "delayed Recycle Bin" ;-)

Especially as the encrypted files are transparent to the user, so the
system is no more secure in practice than his password. Unless of
course he loses the certificates, in which case they are irretrievable