I posted a question a while ago:
asking about an app to encrypt / decrypt a folder on a shared win 7 machine. I think the end result of that was to set up different users and let NTFS deal with keeping that folder private.
As 1 person mentioned in that question, the folder is secure as long as the others are not local or domain admins. This is a workgroup.
Even if admin A goes into the properties for the files / folders he wants to protect and removes all other users permissions, all user B has to do is click on the folder, get the message they don't have rights to the folder and click the continue button to get permission!? right?
Does putting deny rights help any?
The problem is that this is a break fix client. If I make user B a standard user rather than administrator as they are currently, as a way to keep them out of that folder, then they can't apply patches, etc. The machine is 99.9% of the time signed in as user B.