Re: Protecting Directories
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/21/03
- Next message: Roger Abell: "Re: limited user account permissions"
- Previous message: qinzeng: "sub-folders in 'My Documents' are Gone!!!"
- In reply to: Jose: "Protecting Directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Dec 2003 15:45:20 -0700
Hi Jose,
In XP you may choose to use NTFS filesystem permissions
to control access to folders and files.
This is a good basic access control method.
For sensitive data, as you mention on your laptop, with the
Pro edition of XP one may choose to use the EFS encryption
option. If you do, then only your account, and an optionally
configured data recovery agent account, will be able to get
into the files in an unencrypted form (actually, an account
able to decrypt is allowed to grant decrypted access to
other accounts on a file by file basis).
If you select to use EFS, then you should be certain that you
have reviewed EFS usage information and exported and
saved on secure external media the EFS certificate/key pair
that is generated on your account's first use of EFS.
Your business administrative group ought to be able to
provide you with some guidance on these matters.
You can log in with a certificate, though we call it a
smart card. For this your machine needs a smart card
reader and some configuration, and you need access to
an issueing authority for the certificate on the card. This
is most often supported as a part of a domain infrastructure.
Here are some links
for NTFS filesystem permission control
http://support.microsoft.com/?ID=308418
http://support.microsoft.com/?ID=307874
http://support.microsoft.com/?ID=308419
for EFS
Data Protection and Recovery in Windows XP
http://microsoft.com/WINDOWSXP/pro/techinfo/administration/recovery
Best Practices for Encrypting File System
http://support.microsoft.com/?id=223316
Export a certificate with the private key
http://microsoft.com/windowsxp/home/using/productdoc/en/sag_CMprocsExportPriv.asp
Importing and exporting certificates
http://microsoft.com/windowsxp/home/using/productdoc/en/sag_CMimportExport.asp
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Jose" <anonymous@discussions.microsoft.com> wrote in message news:010b01c3c807$3de797e0$a401280a@phx.gbl... > Hi, > > I am wondering how to make certain directories off limits > to other users of my PC, which is running Windows XP Pro - > - but is not part of a network. My concern is that I am > soon getting a laptop that will have sensitive > confidential documents on it. So how do I set XP Pro so > that only I can get into files in those sensitive > directories. If I were to misplace the laptop and the > confidential files were vulnerable to access I could > easily lose my job -- as in get fired. Ideally, someone > would be locked out of the entire computer unless they > knew at least one password. > > What I am doing now is password protecting each > individual file, but I am concerned because WORD > passwords are not difficult to get around and because it > is a hassle to have to individually protect each file. > > I have noticed that when I log in I am able to view the > documents and directories of everyone else who uses my > computer, although they all have their own accounts, > usernames and passwords. Any way to "fix" that? We all > like having administrative accounts. > > Any ideas/suggestions? Also, ideas on how to use a > digital certificate instead of a password to protect > against someone breaking into my account? Yet another > question is whether someone knows of a simple, relatively > inexpensive program I could use to encrypt certain > directories on my hard-drive -- I assume I would need a > smart card or somethig to store the digital ID in. Of > course, if I lost the card I would also be fried. Thanks > for any ideas. > > Jose Mata > jrmata100@hotmail.com >
- Next message: Roger Abell: "Re: limited user account permissions"
- Previous message: qinzeng: "sub-folders in 'My Documents' are Gone!!!"
- In reply to: Jose: "Protecting Directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
