What's equivalent in W7 to XP's "Make this folder private..."?

What's equivalent in W7 to XP's "Make this folder private..."?

I'm working in a Windows 7 Pro VM to test this issue.

I've created two user profiles, both "Admin" account type.

When either user is logged in he can go to the C:\Users\ folder and open files in both users' Documents and other folders. So, no user's data folders are private. I'm not trying to hide individual folders, password protect or encrypt a folder, nothing special -- just give two users data privacy from each other like you could in XP by checking the familiar "Make this folder private so that only I have access to it" checkbox.

I know that if I changed the second user to type "Standard" that user would not have access to the first user's data folders, BUT the first user would still have access to the Standard user's folders. So that method won't give both users privacy. (I could make both users Standard but one user is the admin of his PC and all the others, and he doesn't care to endure any Standard user hurdles.)

I've experimented with opening the Properties of a user's folder in C:\Users\ and removing "Administrators" in the Permissions tab of Advanced Security Settings, but in the process a series of "Error Apply Security" - "Access denied" messages appeared for every subfolder (Documents, Pictures, Send To, etc.) within the user's folder. This worked in terms of giving the user data privacy but it seems messy and I wonder what the future implications of those error messages might be.

So what's the correct method for accomplishing this?

Hello,

The correct method would be to deny the other user from accessing the folder. Doing it on the administrators group will cause you problems with both users as they are both members of the group. Right click on one of the user folders > properties> Security tab> Edit. Deny the other user access to the folder (deny permissions always overrule the allow permissions).

This isn't a solid way to do this though. As administrators they have the ability to reset the permissions via the same method. They would however have to take ownership over the file to be able to do so.

My suggestion would be to create two standard user accounts for each of the users to use and an administrator account that can be used for admin tasks - This could be given to both users so that they have the credentials if ever prompted by an installer etc.

As far as I remember, that's only a shortcut to automatically set the permissions of selected files, so that it gives access to the current user, while removing everyone else. This makes privacy by denying permissions. The very same can be made in Windows 7.
In fact, user profiles already have such "protection" by letting only the owner and administrators. This really gives all the "privacy" you can get from permissions.

The real problem you have is that both users are administrators, that's the show-stopper. Administrator accounts are designed to have full control over everything, including other user accounts and "private" files, so, no matter what you do, another administrator will always be able to lift those protections and read and modify the data.

The only solution I see, without recurring to encryption, is to demote both accounts to standard, you'll not be able to tamper each other permissions, and even leaving the Windows defaults will suffice to ensure lack of access from others. The drawback from this is who "owns" the administrator password. As some administrative work must always be done in any system, access to the admin password is required, which leaves another security hole, as this account can be abused to reach the private files.

It all depends on which risks you consider acceptable and how much effort do you want to do to get that setup working. For anything valuable, if you really mind other people seeing it, I would seriously consider encrypting with Truecrypt, and having both as standard users.