Solved

Name that app - what app will keep a folder private and lock it after lack of use?

Posted on 2014-01-28
26
538 Views
Last Modified: 2014-01-30
Can you help me figure out what app will do this:

On a windows 7 pro desktop, in a workgroup, not a domain.

several people use the machine.  the boss wants to have a folder that others can't get into.  I'm envisioning, a folder on desktop.  Click on the folder / shortcut / link and it prompts for a password.

Enter the correct password and you have access to all the files in that folder to add / change / delete / whatever you want to do.

After some amount of inactivity - say 10 minutes, the folder is locked / you can't open the files without being prompted for and entering the password.

But what about if the file is open in word or excel?  it'll still be viewable by others.  They have to make sure to close excel / other app with those files, right?  Can't protect people from themselves completely?  

If someone goes into recent in excel or other app, the file will be there but won't open without the password for the folder.

Doesn't excel and word keep temp copies of the spreadsheets / docs?  in the same folder so they'd be encrypted also?

And then for backing up - can the folder be backed up without the password?  Just an encrypted file in the backup, but can be re-opened on another machine if they have the right password.

Any recommendations on the app for this?  Freeware / cheap if possible?  Simple to use.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 4
  • +2
26 Comments
 
LVL 32

Expert Comment

by:_
ID: 39816576
I haven't used it in years, but as I remember, Truecrypt should cover most of what you want. It should do anything from individual files, to whole disks.

http://www.truecrypt.org/docs/
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39816641
That's the name I've heard over the years, but in trying it out, it's not as simple as I was hoping.

hopefully someone can answer if this is doable - a simple way to mount that encrypted drive (or at least be prompted for a password) when he clicks on the shortcut to the drive, or clicks on a file in a recent list in word or excel that is on the encrypted drive?

I set the timeout (unmount) and saw that it works - it locks the drive / or really the drive just goes away.  I'd like to get prompted for the password....
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 39816682
the way truecrypt works is that you have to know that the 'file' is an encrypted folder and also know the password.. it is another form of hiding encrypted data
0
RoboForm Secure Password Management System

RoboForm Everywhere - Superb Browser Support
Windows / Apple / IOS / Android / Linux / Chrome OS
Use different complex passwords everywhere
Best Secure Password Management by far
Synchronize all of your devices instantly
Safe, Secure & Highly Recommended!

 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39816689
I'm not loyal the truecrypt.  I don't want to hide the folder.  Here it is - but if you don't know the password, you are SOL.
0
 
LVL 32

Expert Comment

by:_
ID: 39816799
I don't recall Hidden being a requirement, and the docs show Standard and Hidden Options, when creating the encrypted volume.
And it talks about treating them as any other file, as far as moving, copying, etc. So it sounds to me like you have to be able to see them.
http://www.truecrypt.org/docs/tutorial#Y0

I will try to remember to dig into it a little better, tomorrow, when I get a few minutes.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 39816823
you can see the file but you cannot see the contents.. you can have a truecrypt volume within another truecryipt volume that CAN be hidden.. i.e. if forced to unencrypt a file you can give 1 password but not the second password..
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39816848
not sure where this is going. can I have an icon / shortcut or something that when I click on it to access the encrypted folder / files, I get prompted for a password to unlock the folder?

rather than going to the truecrypt GUI, mount the volume then enter the password then close the gui.  a more transparent way to be prompted for the password / make it more user friendly?  maybe that icon is a batch file of the command line version of using the gui?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816880
I don't know if a single app will do all that you are asking, but certainly you can combine something like Hide Folders with a couple Windows features to accomplish what you want.

To protect against someone leaving a document open, why not just lock the computer after inactivity?  

As for backup, if you use the built-in Windows Backup it creates a full disk image, so anything on the disk is retrievable.

Jeff
TechSoEasy
0
 
LVL 32

Expert Comment

by:_
ID: 39816906
>> ...can I have an icon / shortcut or something that when I click on it to access the encrypted folder / files, I get prompted for a password to unlock the folder?

This is possible. If it doesn't want to Auto Mount when you click the "container letter", use one of these:

Can a volume be automatically mounted whenever I log on to Windows?

Yes. To do so, follow these steps:

    Mount the volume (to the drive letter to which you want it to be mounted every time).
    Right-click the mounted volume in the drive list in the main TrueCrypt window and select 'Add to Favorites'.
    The Favorites Organizer window should appear now. In this window, enable the option 'Mount selected volume upon logon' and click OK.

Then, when you log on to Windows, you will be asked for the volume password (and/or keyfiles) and if it is correct, the volume will be mounted.

Alternatively, if the volumes are partition/device-hosted and if you do not need to mount them to particular drive letters every time, you can follow these steps:

    Select Settings > Preferences. The Preferences window should appear now.
    In the section 'Actions to perform upon logon to Windows', enable the option 'Mount all devices-hosted TrueCrypt volumes' and click OK.

Note: TrueCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volumes use the same password as the system partition/drive.


Can a volume be automatically mounted whenever its host device gets connected to the computer?

Yes. For example, if you have a TrueCrypt container on a USB flash drive and you want TrueCrypt to mount it automatically when you insert the USB flash drive into the USB port, follow these steps:

    Mount the volume (to the drive letter to which you want it to be mounted every time).
    Right-click the mounted volume in the drive list in the main TrueCrypt window and select 'Add to Favorites'.
    The Favorites Organizer window should appear now. In this window, enable the option 'Mount selected volume when its host device gets connected' and click OK.

Then, when you insert the USB flash drive into the USB port, you will be asked for the volume password (and/or keyfiles) (unless it is cached) and if it is correct, the volume will be mounted.

Note: TrueCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volume uses the same password as the system partition/drive.


http://www.truecrypt.org/faq
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39817985
to complete mounting, you need the password, right?  So if the person booting up the machine isn't the boss, they won't have the password, the folder won't be accessible.  and even if it was the boss and he unlocks it, the folder will lock after x minutes. and then how does he reopen the locked folder?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39818008
Jeff:  I don't know if a single app will do all that you are asking

really : (

you'd know but damn, that's disappointing.  it seems so simple - click on a folder / prompt for a password.  you enter the password and get the files.  No password, no files.  And if you don't use that folder for x minutes, it locks the folder.  

Clcik on a link to a file in that folder, it knows to prompt for a password.

like accessing a shared drive - sometimes you get prompted for credentials?  But that won't break the connection after x minutes natively. I suppose you can schedule a task to do that?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39818734
Hi.

Wouldn't it be time for the whole story?
Who is protecting what against whom (doing what) and why?
Why would you need the lock-after-idle?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39819763
whole story?  shared computer in the office of a small business.  Boss wants a way to keep some files inaccessible to others.

protecting files from others using the computer

Lock after idle if he gets busy with something else and steps away from the pc.

now that you have that, have any recommendation?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39819836
"And if you don't use that folder for x minutes, it locks the folder.  "

The problem is that it would need to close the document before locking the folder.  Otherwise, you may have a modified document sitting open which cannot be saved because the folder is now locked.

But now that we have the full story, my suggestion makes even more sense.

Your scenario is not unique and Windows is designed to handle this.

When you share a computer, that doesn't mean that users log on with the same account.  Each user should log on with their own credentials, and when they are done they log off or lock the computer (WINDOWS KEY + L) if they don't want to close out of work in progress.

Next person comes along and logs in with their own credentials.  This puts them into a separate profile (desktop) which will not allow them to access any files owned by the first user.

No need for encryption.  NTFS permissions will keep anyone out of the files as long as they are not in the Local or Domain Administrators groups.

Adding the group policy to automatically lock the workstation after a short period of inactivity will address the issue you raised about the first user just walking away without locking the computer.  

Instructions on how to create that policy are located here:
http://technet.microsoft.com/en-us/library/ee617164(v=ws.10).aspx

Jeff
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 39819898
adjust the screensaver options
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39819925
separate user names just isn't something they are going to do. 99% of the time they are working on shared data and on for a minute or 2 at a time. They do not want to deal with logging in each time they need the machine.

thanks anyway. So jeff - no one answered the question.  How do I close this out? For everyone's effort, I'd split the points.  You all tried to help.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39819934
So, the thing is that you can definitely LOCK the folder from other users.  

Just compress the folder into a .zip file and add a password to it.  You'll need something like 7-Zip to do this.

That will keep everyone out of the folder that doesn't have the PW.

It will NOT, however, protect a document that has been left open.  There is really no way to automatically do this without just locking the desktop.

It will also not protect anything if the folder itself is left open.  So a user should make sure to close the folder after retrieving the intended document.

Jeff
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39819936
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39819942
I know how to split points. but in another question I posted, I gave points out to people for answering but you took issue with the fact that I didn't use their answers. Same here.  lots of comments / good ideas, but don't answer the question looking for the name of an app that meets the criteria I was describing.

So do I reward people for trying / putting in the time or bother a moderator to close the question without rewarding points? or some other resolution?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39819943
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39820011
http://support.experts-exchange.com/customer/portal/articles/755964-the-experts-told-me-%E2%80%9Cyou-can%E2%80%99t-do-that%E2%80%9D-what-do-i-do-now-

This is a different situation than your other question because the answer ended up being, "You can't do that".

(although, I do believe that I was finally able to provide you with a way to at least lock the folder).

Jeff
0
 
LVL 32

Expert Comment

by:_
ID: 39820017
Sorry, got swamped today, and didn't get a chance to play with TrueCrypt.
If you want to wait until tomorrow, I will see if it will do the one-click part.

Otherwise, post a Q in CS, and ask them to Delete this Question, with the reason no viable answer was given.
Don't forget to include a link to this Q.

http://www.experts-exchange.com/Community_Support/General/
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39820077
Shared logins render all measures useless. What if a person starts a keylogger right in your shared profile that records the keystrokes? Get away from shared logins, that is the best thing you could do. Before you do, measures like this are mere wishful thinking.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39820079
There is no reason to delete this question.  Because there WAS an answer given.

Based on the original question, the answer is "you can't do that".  Because there is no way to "lock" an OPEN document.

FYI, you CAN actually add a VB MACRO to every document which will automatically save and close it after a certain period of idle time.  (See:  http://rdsrc.us/Q9eHTC).  However, you need to be aware that it could cause unwanted changes to be saved -- therefore be sure that "Previous Versions" is enabled on the drive where the folder resides in order to be able to revert to one if necessary.

Furthermore, I provided a very simple method to password lock a folder on a computer that has multiple people using the same user profile.  

I believe I have now satisfied all requirements of the original goal of this question.

Jeff
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39822436
I urge you to think about a new concept, shared logins are a no-go, security-wise. That cryptofolder concept does not change anything, as said before, the password can be keylogged with a small effort.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 39822515
all you need are 2 accounts .... boss and employees   the boss account is the only one that needs a password and use the power options/ screensaver options to lock the computer when idle ... as long as the employee account is a standard account it cannot access the boss's personal files .. he could also use the built in EFS (encrypting file system) to further secure the files (all within windows)
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question