Is there anyway to put a password on a folder in XP?

[leglez]

I know that you can hide folders in XP but can you put a password on a folder?

 

[nweaver]

you could use NTFS permissions or a free encryption tool. The problem with NTFS permissions is if the other users you are trying to "keep out" are also admins, as they can change them right back.

 

[leglez]

Do you have any suggestions for an ecryption tool?

 

[Brazen]

you could put it in a zip file and add a password to the zip file (XP lets you put a password on zip files, or use 7zip to do it).

 

[stash]

The problem with NTFS permissions is if the other users you are trying to "keep out" are also admins, as they can change them right back.

This is the problem that EFS is designed to solve.

Now, if you are letting other people use your computer under the same account you use, then there isn't much you can do.

 

[Brazen]

Does EFS keep out local admins?

 

[stash]

Because local admins are not recovery agents by default on XP. Also, if a local admin resets a local user's password, they will not be able to access the encrypted data.

So if a user encrypts data, a local admin can 'see' the files, but cannot open them.

 

[Brazen]

Couldn't the admin just make himself a "recovery agent" then?

 

[stash]

I guess that is true. The admin would still have to wait for the user who original encrypted the files to touch all the encrypted files to update the FEK with the new DRA

I'm actually not sure how this works on standalone non domain joined XP box.

I guess the bottom line is, if you don't trust people who are admins on your box, they shouldn't be admins.

 

[Brazen]

Originally posted by: stash
I guess that is true. The admin would still have to wait for the user who original encrypted the files to touch all the encrypted files to update the FEK with the new DRA

I'm actually not sure how this works on standalone non domain joined XP box.

I guess the bottom line is, if you don't trust people who are admins on your box, they shouldn't be admins.

I would expect that is the case in some places, but then that is not he user's choice...