Discussion:
Password Protecting/Hiding Files & Folders on Windows 2003 server???
(too old to reply)
s***@hotmail.com
2006-09-24 09:30:28 UTC
Permalink
I have a situation which, to date, no password protection/file
encryption/hiding software has been able to resolve... I am at a point
where I do not believe that there is actually a program to fit my
needs!!!

We are using Active Directory and have a file server for all users to
store documents.

I use my laptop and save data to the file server under my standard AD
user account.

I have a lot of sensitive information that I would like to store on the
file server but do not want anyone (including the administrator of AD)
to view or open.

All programs I have tried can encrypt/hide/protect files & folders on
my local pc but fail to deliver the features over the network on the AD
file server...

I want to, from my local laptop, hide/protect certain files that are
residing on the AD file server so that noone can open the files or view
the contents, including the AD administrator...

Is there anything available that will help me achive my goal?
Karl Levinson, mvp
2006-09-24 12:53:22 UTC
Permalink
Post by s***@hotmail.com
I have a situation which, to date, no password protection/file
encryption/hiding software has been able to resolve... I am at a point
where I do not believe that there is actually a program to fit my
needs!!!
I have a lot of sensitive information that I would like to store on the
file server but do not want anyone (including the administrator of AD)
to view or open.
All programs I have tried can encrypt/hide/protect files & folders on
my local pc but fail to deliver the features over the network on the AD
file server...
I want to, from my local laptop, hide/protect certain files that are
residing on the AD file server so that noone can open the files or view
the contents, including the AD administrator...
Is there anything available that will help me achive my goal?
Most any file encryption solution will do that. PGP, BestCrypt, etc.
Except for Microsoft EFS, I can't imagine what solutions you looked at that
won't do what you're looking to do.

It's true that if you store your encryption private keys on your local
workstation, a Local administrator of your workstation could in theory get
the keys and use them to decrypt your files, although this seems not that
likely to me. Many encrytion solutions require you to enter a password
(that only you should know) to decrypt. You can further protect your
private keys from administrators by storing the keys on removable media such
as floppy, USB drive or CD where there is no network sharing configured,
and/or by removing everyone else but yourself from the local administrators
group on your workstation (although this could prevent maintenance from
happening on your PC).

http://securityadmin.info/faq.asp?encryption

www.pgp.com
www.scramdisk.clara.net
www.e4m.net
www.jetico.com ["BestCrypt"]
www.utimaco.com ["SafeGuard Easy"]
s***@reynolds.com.au
2006-09-25 00:09:24 UTC
Permalink
I guess my problem lies in the fact that I need a solution that is easy
to use or the people that I need the most support from (managers &
directors) wont use it and wont support it...

If they are required to encrypt every file before transferring to the
file server using a cumbersome program then they will just not do it...


It needs to be as simple as:

1. Save the file on server
2. Right click to activate encryption

And the files need to be re-accessible by a simple double click and
then a password prompt.

Microsoft EFS is the best solution I have seen but it is not activated
on AD yet and the administrator was a little hesitant to allow user
acces to this facility...

I might have a look into PGP...

Some of the programs I tried to use include:

- Folder Security Guard
- Hide Folders
- Folder Password
- SecuKEEPER
- Universal Shield

All had their advantages but none worked over a network on a file
server...

Thanks for the feedback
Roger Abell [MVP]
2006-09-25 14:23:59 UTC
Permalink
Post by s***@reynolds.com.au
I guess my problem lies in the fact that I need a solution that is easy
to use or the people that I need the most support from (managers &
directors) wont use it and wont support it...
If they are required to encrypt every file before transferring to the
file server using a cumbersome program then they will just not do it...
1. Save the file on server
2. Right click to activate encryption
And the files need to be re-accessible by a simple double click and
then a password prompt.
Microsoft EFS is the best solution I have seen but it is not activated
on AD yet and the administrator was a little hesitant to allow user
acces to this facility...
I might have a look into PGP...
- Folder Security Guard
- Hide Folders
- Folder Password
- SecuKEEPER
- Universal Shield
All had their advantages but none worked over a network on a file
server...
Thanks for the feedback
EFS can come close to what you outline as a need, if your environment
is correctly set up to use it in remote scenario. However, depending on
your situation the file may be unencrypted while on the wire, and in order
to meet the requirement that no one except the doc owner can access it
while on the server tight control would have to be taken over the EFS
default recovery agent (or, again depending on your environment, over
key escrow, etc.).
s***@reynolds.com.au
2006-09-26 03:09:28 UTC
Permalink
And I've just discovered that the administrator still has access to the
file anyway...

Is there a logging agent on an AD file server? I would be happy to use
EFS if I could just review logs... This way I could have the employee
sign a declaration stating they will not access employee data and also
state that we are able to monitor this...

I really just want to protect files against trusted users... I'm not
looking for a water tight solution that no-one can break - I just want
to be able to instill confidence in the fact that:

a) the administrator is clear that they will be reprimanded if caught
snooping through employee folders & files (mainly the CEO & CFO)
b) there is basic encryption meaning the administrator can't just
double click and view any files..

I know if someone wants access, and they know what they are doing, then
they will end up getting it but I would like to think I can place some
trust in the employee not to do that...

Thanks
Shannon
Post by Roger Abell [MVP]
Post by s***@reynolds.com.au
I guess my problem lies in the fact that I need a solution that is easy
to use or the people that I need the most support from (managers &
directors) wont use it and wont support it...
If they are required to encrypt every file before transferring to the
file server using a cumbersome program then they will just not do it...
1. Save the file on server
2. Right click to activate encryption
And the files need to be re-accessible by a simple double click and
then a password prompt.
Microsoft EFS is the best solution I have seen but it is not activated
on AD yet and the administrator was a little hesitant to allow user
acces to this facility...
I might have a look into PGP...
- Folder Security Guard
- Hide Folders
- Folder Password
- SecuKEEPER
- Universal Shield
All had their advantages but none worked over a network on a file
server...
Thanks for the feedback
EFS can come close to what you outline as a need, if your environment
is correctly set up to use it in remote scenario. However, depending on
your situation the file may be unencrypted while on the wire, and in order
to meet the requirement that no one except the doc owner can access it
while on the server tight control would have to be taken over the EFS
default recovery agent (or, again depending on your environment, over
key escrow, etc.).
Roger Abell [MVP]
2006-09-26 06:06:38 UTC
Permalink
It is good that you hold a sane attitude toward the strictures you
seek over the admins actions. Basically, at some level you must
place trust in the persons you empower to run the IT infrastructure.

The best advise I can give to you is to hire a quality, relative to
Windows and this aspect of security in it, IT consultant to set
this up for you and to show you the few critical watch points.
That might be a hard sell, both cost wise and with regards to
you current IT staff's feelings. On the other hand, it would make
clear to them that you are indeed serious about this, and enabled;
plus, staff come and go, so you would be set in the face of future
changes.

There are a few issues you are facing.
First, to be clear, EFS allows for one account (inital encryptor) to
transparently access an encrypted file, for access by the recovery
agent (DRA) if one is defined, and then also for other account to
have the same transparent access if the inital encryptor take manual
action to allow this (and that granted account can then do the same,
allowing further accounts).
So, you said you want a hands-free, so to speak, solution; and you
also indicated you need for two individual to have access.
Either the CFO would need to make sure to remember to grant the
CEO access (a manual step you want to avoid), or for the EFS docs
the two of them would need to use a shared account, or one of them
would need to be the DRA. It might make sense in you case for the
CEO's account to be the DRA, which would mean that nothing could
be stored in the IT infrastructure with EFS that would be inaccessible
to that account. If the administrator could get the password of that
account (not set, but get it as it is) then the water has passed through
the sieve. If the administrator set the password the true owner of
that account would, I would hope, notice that there password was
not as it should be. If the admin cracked the dumped password
hashes, and the account's password was not very strong, they would
have access to all and it would look like the access was done by the
owner of that account.

Anyway, yes, any NTFS area of storage can be audited. This can
be set up for all types of accesses, successful and/or failed, by any
account or by only some defined groups of accounts.
Administrators can clear event logs where these audition records
are written, but that clearing caused an event to be written into the
cleared log. If no one is watching the logs the auditing is close to
useless. Auditing can be very verbose. One needs to have auditing
defined so it generates what is of interest but a minimum of other,
by only auditing what parts of the filesystem really need the coverage.

The DRA is defined by having its cert available in the system. To
decrypt an encrypted file the matching key needs to be available.
It is this part, the key, that must be kept out of the hands of the
admin. Any account into which the key is imported can function
as DRA, and hence access any EFS encrypted file.

A normal use would be to have a DRA defined, to have the
cert/key saved safely, such as on come CDs locked away.
There would be no account with the key imported into it.
That would happen only when there was need to recover some
otherwise inaccessible EFS encrypted files.

This is getting long already and we still have not looked at issues
related to the config of the storage server to support remote EFS
file storage, safe transfer over the network, the types of profiles
used by the domain accounts, monitoring the storage area to make
sure no one has unset the requirement on the folders that files stored
in them will be encrypted (or changed the auditing settings for that
matter), etc..
Perhaps that indicates why I suggested hiring a quality consultant.
It is really not that hard to set up, but it surely is involved to try to
explain the main aspects and (what I mostly focused on) the in use
vulnerabilities to breach of the privacy you would believe is in effect.

In the final analysis, Karl's suggestions, although rejected by yourself
as needing manual actions, may be the shortest route for maintaining
a relatively small amount of data.

It is quite ironic, Microsoft released a free tool that would have been
just about exactly what you are after, back in July, call Private Folders,
but corps pretty much forced MS to withdraw it in almost no time.
http://news.com.com/Microsoft+shutters+Windows+private+folders/2100-1012_3-6094481.html
Go figure ey?

Roger
Post by s***@reynolds.com.au
And I've just discovered that the administrator still has access to the
file anyway...
Is there a logging agent on an AD file server? I would be happy to use
EFS if I could just review logs... This way I could have the employee
sign a declaration stating they will not access employee data and also
state that we are able to monitor this...
I really just want to protect files against trusted users... I'm not
looking for a water tight solution that no-one can break - I just want
a) the administrator is clear that they will be reprimanded if caught
snooping through employee folders & files (mainly the CEO & CFO)
b) there is basic encryption meaning the administrator can't just
double click and view any files..
I know if someone wants access, and they know what they are doing, then
they will end up getting it but I would like to think I can place some
trust in the employee not to do that...
Thanks
Shannon
Post by Roger Abell [MVP]
Post by s***@reynolds.com.au
I guess my problem lies in the fact that I need a solution that is easy
to use or the people that I need the most support from (managers &
directors) wont use it and wont support it...
If they are required to encrypt every file before transferring to the
file server using a cumbersome program then they will just not do it...
1. Save the file on server
2. Right click to activate encryption
And the files need to be re-accessible by a simple double click and
then a password prompt.
Microsoft EFS is the best solution I have seen but it is not activated
on AD yet and the administrator was a little hesitant to allow user
acces to this facility...
I might have a look into PGP...
- Folder Security Guard
- Hide Folders
- Folder Password
- SecuKEEPER
- Universal Shield
All had their advantages but none worked over a network on a file
server...
Thanks for the feedback
EFS can come close to what you outline as a need, if your environment
is correctly set up to use it in remote scenario. However, depending on
your situation the file may be unencrypted while on the wire, and in order
to meet the requirement that no one except the doc owner can access it
while on the server tight control would have to be taken over the EFS
default recovery agent (or, again depending on your environment, over
key escrow, etc.).
Loading...