limit drive access to certain users

I own a small mortgage company.  Because I deal with a lot of sensitive information (mothers maiden name, social security, place of birth, etc.), it would be very easy for someone to steal someone's entire identity with the information on my computer.

My underwriter has two hard drives on her computer.  The C drive (which contains the operating system- XP) and an addition D drive, which is just a 120MB storage drive.  The D: drive contains the sensitive info.

Our computers are all networked in the office.  The D drive on the underwriters computer is not "shared" on the network.

However, if someone logs onto the underwriter's computer itself, they can certainly "see" the D drive, and access the files.

How can I make the D drive invisible to everyone but one certain user.

I have a small company, a dozen employees, so we are just networked together by "sharing" through XP.  We don't have the typical office network.  A child could have set this up.

Thank you in advance!
Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
also to help stormUK, a good 9 step guide to how to use file sharing, it explains NTFS permissions and Share permissions (the two work in concert to lock down folders that are shared). EFS in addition would keep things nice and secure. It turns out that EMF doesn't work as well remotely as I'd hoped, it is good on the PC itself, or if you TerminalService (Xp calls it RemoteDesktop... start>programs,accessories,communications) into the PC. TS/RD works for XP-Pro and server 2000 and 2003. Otherwise VNC is a good remote control program.
EFS best practices...;EN-US;223316
I actually prefer winzip or winrar for ease of use and setup, that is Zip up the files into one archive, or multiples, and assign a password over 10 char's and it'll take 2-5 years to crack it with todays speeds. NTFS and share premissions are your first step, then encryption.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Basically, right-click the folder, choose properties, advanced
Encrypt contents to secure data...file system must be NTFS.
>>The D drive on the underwriters computer is not "shared" on the network.<<
Don't be too sure...  The root of each drive is shared 'administratively' by default.
Read more here:
An example procedure as follows:

Setup 2 users on the PC that data needs protecting: (User1) and (User2)

Do share the D: drive but only allow full access to User1

Deny access to all other users and that means only User1 will be able to access the data on D:
mcgeorge40Author Commented:
5t0rmUK--  I know that!  How do I do it?  Specifically...
Rich RumbleSecurity SamuraiCommented:
While the steps mentioned above will Encrypt the data, you asked how to hide the drive. A 3rd party tool is necessary for this.
I recomend Encrypted Magic Folders:
While EFS from M$ is a good product, it is a PAIN to the average user to LockDown correctly. Who knows, one of the people you work for may have asked, or will ask on this forum how to get access, and they'll be told how to get access...

MagicFolders is much simpler, and it not only accomplishes the goal of hidding, but adds the encryption on top of that.
The only problem with that is it doesn't close the Admin and drive shares hidden using the dollar sign ($)

Add the following to the registry to turn off hidden shares:

On Windows 2000/2003 Server add the following key AutoShareServer with the REG_DWORD value of 0.
On Windows 2000/XP Workstation add the following key AutoShareWks with the REG_DWORD value of 0.

Connecting to hidden shares is done by going to the run line and typing \\PC_name\c$ or \\PC_Name\d$  where pc name is the name of the pc your trying to connect to. Magic folders also allows you to hide folders as well as entire drives.

I am testing to see if you can use multiple person's to get into hidden folders from other PC's... if not EFS would be the way to go, if best practices are followed.
mcgeorge40, sorry I thought that you wanted to know the process that you need to secure your data on the local PC / network.

tbh if you have a small business with sensitive data and cannot actually perform the simple steps of creating a share drive and setting up user permissions, my advice would be to obtain the sevices of an I.T. specialist.

There is only so much information that you can be supplied with.  If you do not want to pay the £60 for an engineer to setup a share drive / permissions perhaps you should invest in a book.  I do not think you could be taught how to perform this process in only a paragraph of text.

I am not trying to be insulting or rude towards you, it's just that if the data is as sensitive as you say, do not try to penny pinch on setting up adequate security on your PC's & LAN.


mcgeorge40Author Commented:
5t0rmUK -- I don't take it as rude.  You are right... If the data is ultra-sensitive, then I should invest in an IT person.

However, truth be told, I probably don't need any major security measures.  The liklihood that one of my long-time, very well-paid employees would commit a felony (stealing identity) is highly, highly unlikely.

I wasn't looking for major security.  I just want to make it slightly difficult for someone to see the D drive.  Nobody in my office is a thief and nobody in my office is particularly good with computers.

I will try following some of the links that everyone has posted.  However, I am afraid this will all be "greek" to me.  I followed one link and was lost after a couple of sentences.  

I am really surprised that my operating system doesn't have something very simple built in.  Like something in the "users" control panel!  This seems like it would be a very common thing.  Just like something you would find in the control panel.  Maybe I'm the crazy one...
mcgeorge40Author Commented:
sirbounty-- following your instructions...  When I right click and bring up properties for the drive, there is no "advanced" tab.
Well, first thing - if you don't want anyone to get at the D drive remotely - you can disable administrative shares (Which D$ would be) via a registry hack (see below).
OR, if you don't have any need for this system to be 'sharing' on the network at all, simply click Start->Run->Services.msc and scroll down to find the server service.  Stop it and set it to disabled (double-click it) and no one will be able to get to it remotely...

To lock the files from other's access - this should be by default.  The user and the local administrators would have access.  However, to prevent this - let's say you want to protect Susan's My Documents folder.
Log in as Susan
Click Start->Run->%userprofile%
Right-click My Documents and choose properties
Click the Security tab
Now make sure in Group or User names that Susan's name is listed.  Highlight it and make sure that Full Control is enabled.
SYSTEM can also remain in this listing - but remove access for any other account that you don't want to be able to see her My Documents folder.
Click OK

To disable the administrative shares:
Click Start->Run->Regedit
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
In the right-side panel, right-click and click New/Dword Value
Change the highlighted "New Value #1" to read (without quotes) "AutoShareWks"
Press Enter to save the name and then double-click it to assign it a decimal value of 0.  Reboot
Are you running XP Home edition?  I don't believe encryption is available except in Pro...
mcgeorge40 - what ended up working for you here?
mcgeorge40Author Commented:
Thanks to everyone.  I think you all gave me too much credit for understanding computers... I just ain't that bright.

However richrumble's answer solved my problem in five minutes (literally) and it is software that a child could use.

That was all I wanted.  To hide the drive.  The utility he recommended did just that, quickly and easily.

Thanks again to everyone.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.