Password protect windows folder locally and over the network.

Posted on 2005-05-12
Last Modified: 2013-12-04
i need to increase security on windows 2003 server for certain folders.
here is the situation.

i need to secure a folder with a password on windows 2003 server. the problem is that administrator cannot have access to it, hence playing around with windows account seems out of the question. So the only choice left is third party software. the problem with third party software is does not support password protection if folder is being accessed over the network for example a folder mapped on the local user machine as a drive letter.
meaning if as admin i will try to access the folder locally at the server i will get a password window to give access to that folder. which is great its exactly what i want. BUT if i then map that folder on some network pc i do not get that password window, only access denied popup.

why this situation , well because certrain users in the company want to have secure network folder which can only be accessed with the password whether locally or over the network. Problem is that server is easy being managed by administrator who is not suppose to have access to that folder b/c of sensitive information.

so how do i go about solving this issue other then watching admin over the shoulder every time he does something on the server. is there a good third party software that supports features that i need?
Question by:rejus
    LVL 13

    Expert Comment

    Hi rejus,
    > the problem is that administrator cannot have access to it, hence
    > playing around with windows account seems out of the question
    No - you can do this. Create a user group with just the users you want to allow access to and don't add the adminsitrator. Remove the adminstrators rights to the folder. It's not very nice and the admins won't really be able to help you restore / check files should anything go wrong, but it will work. (regarding restores: of course the backup-software will need access + the admin has access to the backup sw...).
    Does that make sense? Try it out, it's not that tough -- just make sure you add yourself to the user group your testing and give the group rights before your remove the other rights ;) (yes, been there, done that... got rid of that folder last year through a complete system swap)
    LVL 32

    Expert Comment

    Have you considered encryption?
    LVL 32

    Expert Comment

    "Remove the adminstrators rights to the folder"

    Would that really work? What is to stop the Administrator from adding themselves back to that group?
    LVL 13

    Expert Comment

    Hmm, we've implemented it that way for a client at least.. You could also leave a group of "über-admins" and "downgrade" the existing, normal admins to a "lower" group. That way the über-admins could at least access the folders in case there's anything that needs to be done there. Try it, it's quick to implement for a test folder :)

    Author Comment

    Hi guys
    can you elaborate on encryption? which software to use? will it work accessing over network as well as locally?

    also softplus
    what do you mean downgrade normal admins to what a power user? then how will they change passwords if needed for users they manage? Please explain the meaning of "über-admins"

    LVL 32

    Accepted Solution

    There is built-in encryption software in Windows XP (and I believe 2003) which you might be able to use. Please keep in mind that if you decide to do this be sure to test it on a small sample first, and you must backup your key or you may not be able to decrypt files later on. In other words read about it carefully before implementing.

    Here are a few links to get started:

    For sharing encrypted files over the network, see:

    There are also third-party encryption programs you can use. I haven't used any myself so maybe someone else can comment about which are better (or you can post that as separate question perhaps). Here's a list of some that are free:

    You can find a large number of links if you Google something like: "windows file encryption" or something like that.

    Good luck.
    LVL 18

    Expert Comment

    A windows admin will always be able to gain access to a file unless you use some form of encryption. Removing admin rights won't work since an admin can always take ownership of a file to gain access to it.

    So yes, r-k is on the right need to use encryption. There are some programs out there that password protect folders, but I would go for encryption as it is much more secure.

    Expert Comment


    I like two different third-party products:

    Folder Crypt -
    Safe Guard -


    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video discusses moving either the default database or any database to a new volume.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now