Solved

Hidding Data from other users

Posted on 2004-04-15
24
336 Views
Last Modified: 2011-09-20
Hey all,
I have a problem... lol... dont we all?
There is a Navagation computer on a fishing boat, it is not connected to any network, has only two users on it and is running Windows XP Home.

The problems is this... The two users have very sensitive infomrmation (there fishing marks and catch returns, etc.) that cannot be accessable by the other user. There can be no way that any program can get to this data unless the user for that data is logged on.

In addition to this i cant spend any more money on the project... :s already over budget. lol. Expensive business this computer nav. equipment is....

Is there any viable way of doing this? Using a partition or some sort of special folder???

Any help would be GREATLY appreciated....

Thanx
0
Comment
Question by:xd98
  • 8
  • 5
  • 3
  • +6
24 Comments
 
LVL 7

Expert Comment

by:IceRaven
ID: 10831968
1. Create two user on WinXP
2. Don't make them administrators.
3. Place each users data in there own folder under documents and settings.

Do you need something more complicated / secure than this?

IceRaven.

0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10831983
Oh and make sure each user has a password :)
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10831995
For complete security - have them right-click their folder and choose properties.
Then Advanced and "Encyrpt contents to secure data"
ref: http://support.microsoft.com/?kbid=308989
0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10832019
Sirbounty, that would only work on WinXP Pro, not Home.

IceRaven.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10832044
Doh!  He did say "Home" didn't he.  :$
Sorry about that xd98...

When you say "There can be no way that any program can get to this data unless the user for that data is logged on"
This is only possible by using some sort of data encryption since, as IceRaven has pointed out, they can't be Administrators.  The Administrator would, by default, have full access rights to this information.  Is that a problem for your scenario?
0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10832084
"This is only possible by using some sort of data encryption since"

Incorrect.  The method I origonally outlined will hide the private data from each user.  If the users are unskilled and the data does not need to be encypted then there is no need to encypt it.  If however you need to encypt it, you would need to use a third party tool.  Because the sensitivity of the data is unknown, it is impossible to tell.  However in this particular senario, encyption would be all but useless.  However before I bother with an explanation of that statement, I will wait and see what xd98 thinks.

IceRaven.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10832111
Create only each user on the different "partitions":

Best solution: Microsoft Virtual PC 2004 (extra operation system with xp on an huge encrypted file)
http://www.microsoft.com/windowsxp/virtualpc/

Possible solution: Dualboot (2 XP-systems on one harddisc)
HOW TO: Create a Multiple-Boot System in Windows XP
http://support.microsoft.com/support/kb/articles/q306/5/59.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10832123
Wouldn't you agree that the Administrator would have rights to those folders?
It was my understanding that he needed the data hidden from everyone 'except' the specific user...
0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10832191
Trywaredk,
Is virtual PC Free?  I believe it isn't.  How are you going to encypt the file?
How would dual booting help?  It is massive overkill, the same level of security is provided with two user accounts.

Sirbounty,
"Wouldn't you agree that the Administrator would have rights to those folders?"
Yes, but since each user does not have an administrator account, how is this relevent?

IceRaven.


0
 

Author Comment

by:xd98
ID: 10832307
ok... lol.
Just for clariforcation (its late where i am, hope the spellings right.... lol)...
The data in one users "data area" cannot be accessed by the other user.

As an experiment i tried making two seperate partitions of the hard drive and using various free wares hiding thoes partitions from the other user. However this didnt work at all, as it was hidden in the shell, but the navigation program could still open up the marks files.

I'd rather steer clear of using data encryption,1 because its not connected to a netowrk or the internet and 2 because it would be too hard trying to teach the fisherman how to encrypt the files after every fishing trip.

I tried using the two different types of user logon accounts with Windows XP, but it inhibited some functions that the program that i was using for the navigation with. Under normal circumstances i would simply change the software (to make my life easier....) but this software cannot be changed.

So basically any changes that can be done will have to be done manually, not using any easy windows function (to my knoweledge anwayz....)

I know this is a big pain..... but i hope the situation is clearer now anyway....

Thank you all for responding....
0
 
LVL 1

Expert Comment

by:phatnegLo
ID: 10832432
hello... if i where u and i got a problem on filesharing.... i suggest you to use ftp server just for  you both! so that you can access file immediately! if your not comfortable of using FTP software for uploading and downloading file! u can use ftp://[put.server.ip.here] type that on windows explorer! and you can also use drive map network as well.... just choose on those way! tnx...
0
 
LVL 1

Expert Comment

by:phatnegLo
ID: 10832445
LOL just kidding! hehehehehe...  damn i'm lost!
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 7

Expert Comment

by:IceRaven
ID: 10832491
Try running your program as an administrator.

Right click your programs shortcut and click run as.
use the administrator account.

Does your program work now under a users account?

IceRaven.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 450 total points
ID: 10832545
Probably the program runs under Admin credentials...
I would say, remove the link to the program or replace it with a link to a batch file that would request their password when running it:

----catchLog.bat-----
@runas /user:%username% "C:\Program Files\Fish Logger\program.exe"
---------------------

Now, when they double-click this link, they're asked to 'log in' to the program using their own specific log-in credentials...
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10836819
How about just zipping the data and adding a password protection? Not elegant but it should work.
0
 
LVL 9

Expert Comment

by:cdesigner
ID: 10837417
I think something like a secured note holder will help you.
Maybe this is not a best example, http://www.cezeo.com/products/secureword/
this is secure password manager, that can hold any information inside.

the better value:
http://www.tgslabs.com/en/winorganizer/

All information can be hold there, and it's protected by the password that not depend from an windows.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10838558
Hello!?! NTFS permissions much?  I re-read the entire thread to make sure that I'm not smoking anything... no one suggested this... and there were no objections to it so far...

NTFS was made for this purpose... I've got to be smoking...
Store the data in MyDOC's or whatever, and set permissions on c:\documents and settings\user1  and \user2. Right? What did I miss?

Here is a nice outline of NTFS permissions (XP home has NTFS) and if you don't have ntfs formatted drive(s) you can use "convert"
http://support.microsoft.com/default.aspx?scid=kb;en-us;307881 (convert)

Here is the ntfs guide:
http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iidfpsc.htm

Remember the Advanced button has the "inherit permissions" function...
Good Luck...
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10838585
Sorry to post again so quickly, I understand that it's not "Hidden" in the normal sense, but if the permissions stop at ...and setting\user1 and user2... they can't browse any further in the folder tree, so it is hidden. And you don't need to block each and every account, leave system and backup users, admin of course..
As long as the fishing program thingy run's as them, or a user like system that is allowed permissions to those folders... there should be no problem.
-rich
0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10838603
Yeah you were smoking. :)

1) You missed it because unless he stops using administrator accounts they can simply take ownership and give themselves permissions.  He needs to use user accounts. His application may need to be an admin account, we are waiting to hear back.

2) Permissions on c:\documents and settings\user1 do not need to be changed!  those directories are private to the user anyway! NTFS permissions have already been applied.

IceRaven.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10838613
I wasn't going to say you were smoking - I just took it that somehow this app was running with admin credentials... :D
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 10838920
as others have said...non admin users with rights only to specific folders is the way to go....and ...

depending on the app...you might be able to get around the "can run only as admin" by set permissions for each non admin user using regedt32 ...find your app(s) in the registry... give each user full permissions on the registry key(s) of your app..(right click on key...permissions)..as well make sure they've got full folder permissions on the app folder...this way you users will have perms to run the prog but not perms to view each others folders...
0
 

Author Comment

by:xd98
ID: 10839338
Ok....
I think that changing the permission of the applications that i am using for the navigation will do the trick; and resetting all of the user accounts back to normal user status will keep them from gettng to each others files....

But am i correct in assuming that i can use an administrator account to access the data of both the "Normal" User accound my document files?
If not, is there a way to get to these files through another method?

lol....

Thank you all for answering to my problems as well ;)

Much appreciated
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10839366
It doesn't sound like this app will need admin priv's to RUN, to install it sure, but not to run.  I was using the documents and settings as an example...
 hopefully the app will recogonize profiles, and or be able to save it's data in seperate places. If the App isn't able to do that, then it's a different problem. There are a few variable up in the air I suppose. I assumed that Admin accounts were not being used, as the app is clearly installed already. Updates for most programs can be run as a user in the "users" group for most 3rd party app's, some do require more priv's, "power user" tops. If this computer were networked or connected to the internet in any way I'm sure we'd have more to add. It should be pretty simple, still no one suggested ntfs Out-Right. You can lock out even administrators in the admin group with ntfs, taking ownership will not get around that, if configured correctly. If ownership is already taken by one, it's not that easy to take it back...
-rich

0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10839654
xd98,

You are right. You can use an Administrator account.

IceRaven.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now