?
Solved

Password protect windows folder locally and over the network.

Posted on 2005-05-12
8
Medium Priority
?
2,426 Views
Last Modified: 2013-12-04
Hi
i need to increase security on windows 2003 server for certain folders.
here is the situation.

i need to secure a folder with a password on windows 2003 server. the problem is that administrator cannot have access to it, hence playing around with windows account seems out of the question. So the only choice left is third party software. the problem with third party software is does not support password protection if folder is being accessed over the network for example a folder mapped on the local user machine as a drive letter.
meaning if as admin i will try to access the folder locally at the server i will get a password window to give access to that folder. which is great its exactly what i want. BUT if i then map that folder on some network pc i do not get that password window, only access denied popup.

why this situation , well because certrain users in the company want to have secure network folder which can only be accessed with the password whether locally or over the network. Problem is that server is easy being managed by administrator who is not suppose to have access to that folder b/c of sensitive information.

so how do i go about solving this issue other then watching admin over the shoulder every time he does something on the server. is there a good third party software that supports features that i need?
thanks
0
Comment
Question by:rejus
8 Comments
 
LVL 13

Expert Comment

by:softplus
ID: 13991636
Hi rejus,
> the problem is that administrator cannot have access to it, hence
> playing around with windows account seems out of the question
No - you can do this. Create a user group with just the users you want to allow access to and don't add the adminsitrator. Remove the adminstrators rights to the folder. It's not very nice and the admins won't really be able to help you restore / check files should anything go wrong, but it will work. (regarding restores: of course the backup-software will need access + the admin has access to the backup sw...).
Does that make sense? Try it out, it's not that tough -- just make sure you add yourself to the user group your testing and give the group rights before your remove the other rights ;) (yes, been there, done that... got rid of that folder last year through a complete system swap)
0
 
LVL 32

Expert Comment

by:r-k
ID: 13991641
Have you considered encryption?
0
 
LVL 32

Expert Comment

by:r-k
ID: 13991658
"Remove the adminstrators rights to the folder"

Would that really work? What is to stop the Administrator from adding themselves back to that group?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 13

Expert Comment

by:softplus
ID: 13991790
Hmm, we've implemented it that way for a client at least.. You could also leave a group of "über-admins" and "downgrade" the existing, normal admins to a "lower" group. That way the über-admins could at least access the folders in case there's anything that needs to be done there. Try it, it's quick to implement for a test folder :)
0
 

Author Comment

by:rejus
ID: 13993374
Hi guys
can you elaborate on encryption? which software to use? will it work accessing over network as well as locally?

also softplus
what do you mean downgrade normal admins to what a power user? then how will they change passwords if needed for users they manage? Please explain the meaning of "über-admins"

thanks
0
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 13993443
There is built-in encryption software in Windows XP (and I believe 2003) which you might be able to use. Please keep in mind that if you decide to do this be sure to test it on a small sample first, and you must backup your key or you may not be able to decrypt files later on. In other words read about it carefully before implementing.

Here are a few links to get started:

http://tinyurl.com/dvgeu
http://www.practicalpc.co.uk/computing/windows/xpencrypt1.htm
http://www.surasoft.com/articles/xpefs.php
http://www.iopus.com/guides/efs.htm
etc.

For sharing encrypted files over the network, see:

http://tinyurl.com/c5mlc

There are also third-party encryption programs you can use. I haven't used any myself so maybe someone else can comment about which are better (or you can post that as separate question perhaps). Here's a list of some that are free:

 http://freeware.intrastar.net/encryption.htm

You can find a large number of links if you Google something like: "windows file encryption" or something like that.

Good luck.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 13995598
A windows admin will always be able to gain access to a file unless you use some form of encryption. Removing admin rights won't work since an admin can always take ownership of a file to gain access to it.

So yes, r-k is on the right track.....you need to use encryption. There are some programs out there that password protect folders, but I would go for encryption as it is much more secure.
0
 

Expert Comment

by:axsaxs
ID: 15100218

I like two different third-party products:

Folder Crypt - http://www.littlelite.net/foldercrypt/mainframe.html
Safe Guard - http://www.utimaco.com/index2main.html


0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question