Make folders & files only available to application

Posted on 2004-03-23
Last Modified: 2010-05-01

I have also posted this under .NET as it applies to both VB6 and .NET

Does anyone know a way (via code, tool or third-party software) on how to secure a folder, its subfolders and the files contained in them? I want a solution where the files will not be accessible on your lan/wan via Windows Explorer to anyone. I want only my application to be able to access these files.

I'm basically trying to provide a solution where users cannot in anyway access any files unless it is down through our main application. I'm not sure this is possible, but maybe one of you have done something similar in the past.

I don't want to use a concept of using FTP or HTTP and request a file to cache it locally as I it would be to messy for us to handle this issue right now. Also, creation date & time, last modified and last access of files is critical to us and most FTP server do not provide an accurate enough time definition.

A few people have mentioned to me writting a service impersonating a specific user that would be the only one to have access to the specific folder & files, but this still an issue as this would mean all of our activex components that use a path would have to be somehow support this impersonation which is definitely not going to be the case.

I hope I'm somehow clear on this issue.

Many thanks in advance.

Question by:taf
LVL 26

Expert Comment

ID: 10668352

Author Comment

ID: 10672970

Thanks for feedback, but this is not quite what I'm looking for as it would be require to be integrated or at least it would require to allow only our application to access a folder. I will get in touch with them, though as the principle they are offering is what I'm looking for, but I need to indirectly (or direclty) make my application impersonate a user that would be the only one to be allowed to access a folder.

Thanks again.

LVL 76

Expert Comment

by:David Lee
ID: 10701117
The only sure way I know of to prevent unwanted users from getting to the files/folders is to use Windows' built-in security.  That means creating a user and giving only that user the rights to see and access the files and folders for the application.  The application would then need to perform impersonation in order to get to the files/folders.  I looked at the FolderGuard utility and from what it says I'll bet it's a driver or service, my guess is the latter, that controls access.  If I'm right, then shutting the service down would halt the protection that FolderGuard provides.  That'd also be true if someone booted from a second copy of Windows, one that didn't have FolderGuard installed.  FolderGuard also seems to be designed to protect files on the local computer.  I didn't see any mention of protecting files/folders accessed via the network.  In your description of the issue you didn't mention where the data is located.  Is it on the local machine or on a networked drive?  If it's on a networked drive, then another solution might be to create some sort of proxy service.  Instead of accessing the files/folders directly the application(s) would have to be modified to access them indirectly through the proxy program, as in a client/server approach.  The proxy program slone would have the necessary permissions to access the files/folders.  That'd prevent anyone else from getting into them.  The application program would talk to the proxy and get access via it.  It'd probably be a lot simpler to just stick with Windows built-in security and go the impersonation route.

You might try Windows "Run As" command.  It allows a program to be run in a different security context.  Here's a link to an article that might be useful:;EN-US;Q294676& 
And here's a link to a page describing the command's syntax:

To use Run As you'd need to create an account and give that account access to the files/folders.  You'd then need to create a front-end program that'd launch the actual application.  The front-end program would issue the Run As command to start the actual application.  Run As would prompt for a password which'd be the password for the account that has access.  Of course you'd have to keep the account secret otherwise a clever user would have both the username and the password to get in with.  There might also be some way to pipe the password to the challenge, or to have the front-end program "see" the challenge and stuff the password into it.

Hope this is of some use.

Author Comment

ID: 10717734
This won't be a workable solution as I need to be the logged in user and the special account if you can call it that! So the 'Run As' is not going to be suitable.

But thanks for the feedback!


Accepted Solution

modulo earned 0 total points
ID: 11424371
PAQed, with points refunded (500)

Community Support Moderator

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
If you have ever used Microsoft Word then you know that it has a good spell checker and it may have occurred to you that the ability to check spelling might be a nice piece of functionality to add to certain applications of yours. Well the code that…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now