Make folders & files only available to application

Posted on 2004-03-23
Medium Priority
Last Modified: 2010-05-01

I have also posted this under .NET as it applies to both VB6 and .NET

Does anyone know a way (via code, tool or third-party software) on how to secure a folder, its subfolders and the files contained in them? I want a solution where the files will not be accessible on your lan/wan via Windows Explorer to anyone. I want only my application to be able to access these files.

I'm basically trying to provide a solution where users cannot in anyway access any files unless it is down through our main application. I'm not sure this is possible, but maybe one of you have done something similar in the past.

I don't want to use a concept of using FTP or HTTP and request a file to cache it locally as I it would be to messy for us to handle this issue right now. Also, creation date & time, last modified and last access of files is critical to us and most FTP server do not provide an accurate enough time definition.

A few people have mentioned to me writting a service impersonating a specific user that would be the only one to have access to the specific folder & files, but this still an issue as this would mean all of our activex components that use a path would have to be somehow support this impersonation which is definitely not going to be the case.

I hope I'm somehow clear on this issue.

Many thanks in advance.

Question by:taf
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 26

Expert Comment

ID: 10668352

Author Comment

ID: 10672970

Thanks for feedback, but this is not quite what I'm looking for as it would be require to be integrated or at least it would require to allow only our application to access a folder. I will get in touch with them, though as the principle they are offering is what I'm looking for, but I need to indirectly (or direclty) make my application impersonate a user that would be the only one to be allowed to access a folder.

Thanks again.

LVL 76

Expert Comment

by:David Lee
ID: 10701117
The only sure way I know of to prevent unwanted users from getting to the files/folders is to use Windows' built-in security.  That means creating a user and giving only that user the rights to see and access the files and folders for the application.  The application would then need to perform impersonation in order to get to the files/folders.  I looked at the FolderGuard utility and from what it says I'll bet it's a driver or service, my guess is the latter, that controls access.  If I'm right, then shutting the service down would halt the protection that FolderGuard provides.  That'd also be true if someone booted from a second copy of Windows, one that didn't have FolderGuard installed.  FolderGuard also seems to be designed to protect files on the local computer.  I didn't see any mention of protecting files/folders accessed via the network.  In your description of the issue you didn't mention where the data is located.  Is it on the local machine or on a networked drive?  If it's on a networked drive, then another solution might be to create some sort of proxy service.  Instead of accessing the files/folders directly the application(s) would have to be modified to access them indirectly through the proxy program, as in a client/server approach.  The proxy program slone would have the necessary permissions to access the files/folders.  That'd prevent anyone else from getting into them.  The application program would talk to the proxy and get access via it.  It'd probably be a lot simpler to just stick with Windows built-in security and go the impersonation route.

You might try Windows "Run As" command.  It allows a program to be run in a different security context.  Here's a link to an article that might be useful: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q294676& 
And here's a link to a page describing the command's syntax: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds.mspx

To use Run As you'd need to create an account and give that account access to the files/folders.  You'd then need to create a front-end program that'd launch the actual application.  The front-end program would issue the Run As command to start the actual application.  Run As would prompt for a password which'd be the password for the account that has access.  Of course you'd have to keep the account secret otherwise a clever user would have both the username and the password to get in with.  There might also be some way to pipe the password to the challenge, or to have the front-end program "see" the challenge and stuff the password into it.

Hope this is of some use.

Author Comment

ID: 10717734
This won't be a workable solution as I need to be the logged in user and the special account if you can call it that! So the 'Run As' is not going to be suitable.

But thanks for the feedback!


Accepted Solution

modulo earned 0 total points
ID: 11424371
PAQed, with points refunded (500)

Community Support Moderator

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction While answering a recent question about filtering a custom class collection, I realized that this could be accomplished with very little code by using the ScriptControl (SC) library.  This article will introduce you to the SC library a…
Enums (shorthand for ‘enumerations’) are not often used by programmers but they can be quite valuable when they are.  What are they? An Enum is just a type of variable like a string or an Integer, but in this case one that you create that contains…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question