New
#1
Folder and file permissions
I want to set up a folder that only the administrator that created it can access. I've done a bit of research but can't seem to find the right way to do this. Any help appreciated. Thanks
I want to set up a folder that only the administrator that created it can access. I've done a bit of research but can't seem to find the right way to do this. Any help appreciated. Thanks
Hello Vincenzo,
The problem is that even if you restrict access to all users but the owner, the other administrators could still just change the permissions using their own credentials if they like.
One option would be to use EFS to encrypt the folder so that no other user would be able to open the folder. If you use this option, then be sure to backup the EFS certificate afterwards.
Hope this helps, :)
Shawn
My goal is to make a folder inaccessible to the user account that is used for everyday computing, as protection in case the Cryptolocker virus infects it. (I plan to have an extra backup run to that folder everyday, in addition to my regular backups.)
I plan to create an admin account that is only there because the backups will be run from it.
So I am not concerned about a user changing permissions, I don't believe the virus can do that, at least not yet.
Thanks
If the folder is in a user folder of the administrator account, then standard user accounts will not be able to access it by default.
When it comes to that Trojan virus, it could lock out any file, folder, or the whole PC, so it wouldn't matter if the folder was protected or not.
From the reading I've done, I've gotten the impression that CryptoLocker can only encrypt files on drives that are visible and accessible from the user account that was in use when the computer was infected. So it seems like a folder that has permissions blocking access by the everyday user account would not get encrypted. As least that is my working theory right now.
Deny Access everyone who is listed in security tab and no one can open this folder. if you want like this of course. I don't know other ways.