Password Protect a File Directory


mridzon

New member
Local time
2:26 PM
Posts
3
OS
Windows 11
Folks, I'm using Win11 Pro. Is there a way to password protect a single directory (and its sub-directories) in File Explorer? A friend has access to my machine and my directories. I'd like to protect some of them from their wandering eyes.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
If they are using their own account and are not a member of the admin group then you can...
  1. Right click the directory you wish to secure and select properties
  2. Under the Attributes section of the general tab click Advanced
  3. Check the box 'encrypt contents to secure data'
  4. Accept this for all sub-directores
You should also get a notification to back up the key, make sure you do this and store it in a secure location. This key is tied to your user account, so another user will not have access to the data or the key. This can be defeated though if your friend has an admin account.

If you cannot limit their account to a user account then I would use something like 7zip or Veracrypt to create an encrypted container which is self-contained and without the password will not be able decrypt the data regardless of what type of account they have access to.
 

My Computer

System One

  • OS
    Windows 11
If they are using their own account and are not a member of the admin group then you can...
  1. Right click the directory you wish to secure and select properties
  2. Under the Attributes section of the general tab click Advanced
  3. Check the box 'encrypt contents to secure data'
  4. Accept this for all sub-directores
You should also get a notification to back up the key, make sure you do this and store it in a secure location. This key is tied to your user account, so another user will not have access to the data or the key. This can be defeated though if your friend has an admin account.

If you cannot limit their account to a user account then I would use something like 7zip or Veracrypt to create an encrypted container which is self-contained and without the password will not be able decrypt the data regardless of what type of account they have access to.
What you are effectively doing here is enabling EFS (Encrypting File System). Just be aware that there may be some extreme effects on performance (to put it mildly) if you intend to share files using EFS on the network. In that case, you could use BitLocker to encrypt the entire drive as an alternative.

Finally, another possible solution is to set the NTFS file permissions on this one directory and subdirectories so that your friend won't be able to access those files.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Encrypto offers a simple drag-n-drop interface to facilitate encryption of files and folders in Windows. Just launch Encrypto and then drag-n-drop the target files on the small Encrypto window.

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
I have been using the freeware program EncryptOnClick (EOC) for that purpose.
It does the same as a zip routine does, using 256bit AES enscryption, but in an easier way to use it.
It uses the extension .EOC, but if you change that into .zip the files / folders can be decripted by any good zip program like WinZIP.

The reason I don't use it anymore is rather personal: because I am rather old, I have been redenating that all important files on my PC should be reachable for my nearest family, if something happens to me. EOC is not fitting into that, password protected pdf's are (my family knows the standard password I am using to protect those pdfs). With password protected pdfs the only thing that has to be done is know the password, whatever pdf reader you re using. So all data (emails as well) that is important I 'print' to pdf and readprotect the pdfs.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 22631.3737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Build by vendor to my specs
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    MSI PRO B550M-P Gen3
    Memory
    Kingston FURY Beast 2x16GB DIMM DDR4 2666 CL16
    Graphics Card(s)
    MSI GeForce GT 730 2GB LP V1
    Sound Card
    Creative Sound Blaster Audigy FX
    Monitor(s) Displays
    Samsung S24E450F 24"
    Screen Resolution
    1920 x 1080
    Hard Drives
    1. SSD Kingston NV2 - 500 GB
    2. SSD-SATA Crucial MX500-2TB
    PSU
    Corsair CV650W
    Case
    Cooler Master Silencio S400
    Cooling
    Cooler Master Hyper H412R
    Keyboard
    Cherry Stream (wired, scissor keys)
    Mouse
    Asus WT465 (wireless)
    Internet Speed
    70 Mbps down / 80 Mbps up
    Browser
    Firefox 115.7.0 ESR
    Antivirus
    F-secure via Internet provider
    Other Info
    Oracle VirtualBox 7 for testing software on Win 10 or 11
Encrypto offers a simple drag-n-drop interface to facilitate encryption of files and folders in Windows. Just launch Encrypto and then drag-n-drop the target files on the small Encrypto window.
Kind of a pita really...,
You encrypt a folder, the original remains in full view and fully accessible...,
you decrypt it and it has to merge or create a new/duplicate folder!? 🤷‍♂️

0007034.jpg
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS ROG Strix
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
Add a User Account for your friend...,

otherwise:

I suggest Super Hide the folders within Command Prompt...

Hide: attrib +s +h "path"

Show: attrib -s -h "path"

(Unless you're showing Protected System Files by default)
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS ROG Strix
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
Hi there
Doesn't bog standard Windows sharing work :

Skjámynd 2024-06-22 115938.png

For Linux NAS shared directories -- bog standard SAMBA governs accesses with / without passwords (note to add a password and user to SAMBA as root / sudo type smbpasswd -a <user> <password> ).

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Folks, thanks for this feedback. I guess I should have given more context. The other user I am referring to is my company IT department. They can remote connect to my machine at any time. They have admin rights. I am a standard user.

From your feedback, it sounds like I do not have a good option since they can override anything I do, and they are admins. Am I correct?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
... it sounds like I do not have a good option since they can override anything I do, and they are admins. Am I correct?
Probably! Perhaps you need to purchase your own Laptop, or, get them to provide you with an other one.

(Others may prove me wrong...)
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS ROG Strix
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
No you are not correct.
If you read-protect files / folders by any program that uses ZIP methods to encrypt them, they will not be able to use / read / write to those files, not even if they are administrators. In the EOC program I described, the password you use for that you have to enter every time you use it to encrypt a file or bunch of files. As long as you don't write that password somewhere on the system in readable form, your files will be safe!

PS. I am my own administrator in my system and even I cannot read the encrypted files without remembering my password!

PS.2 EOC will encrypt the files and overwrite them, whilst removing the unencrypted file(s). Nothing with making new files as described in #6.

But indeed:

Perhaps you need to purchase your own Laptop.
That may be better, in that case you don't have to deal anything with the company.
Because encrypting files takes a lot of diciplin: if you only once forget to encrypt one file / folder and it would contain sensible information, you might be in trouble.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 22631.3737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Build by vendor to my specs
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    MSI PRO B550M-P Gen3
    Memory
    Kingston FURY Beast 2x16GB DIMM DDR4 2666 CL16
    Graphics Card(s)
    MSI GeForce GT 730 2GB LP V1
    Sound Card
    Creative Sound Blaster Audigy FX
    Monitor(s) Displays
    Samsung S24E450F 24"
    Screen Resolution
    1920 x 1080
    Hard Drives
    1. SSD Kingston NV2 - 500 GB
    2. SSD-SATA Crucial MX500-2TB
    PSU
    Corsair CV650W
    Case
    Cooler Master Silencio S400
    Cooling
    Cooler Master Hyper H412R
    Keyboard
    Cherry Stream (wired, scissor keys)
    Mouse
    Asus WT465 (wireless)
    Internet Speed
    70 Mbps down / 80 Mbps up
    Browser
    Firefox 115.7.0 ESR
    Antivirus
    F-secure via Internet provider
    Other Info
    Oracle VirtualBox 7 for testing software on Win 10 or 11
No you are not correct.
If you read-protect files / folders by any program that uses ZIP methods to encrypt them, they will not be able to use / read / write to those files, not even if they are administrators. In the EOC program I described, the password you use for that you have to enter every time you use it to encrypt a file or bunch of files. As long as you don't write that password somewhere on the system in readable form, your files will be safe!

PS. I am my own administrator in my system and even I cannot read the encrypted files without remembering my password!

PS.2 EOC will encrypt the files and overwrite them, whilst removing the unencrypted file(s). Nothing with making new files as described in #6.

But indeed:


That may be better, in that case you don't have to deal anything with the company.
Because encrypting files takes a lot of diciplin: if you only once forget to encrypt one file / folder and it would contain sensible information, you might be in trouble.

Ok, but the problem I see with the EOC program is that I do not have permissions to install it on the machine. And when I ask for permission, IT is not going to be happy about that.

Getting my own laptop is likely the only good option. The small problem with that, is that some of these files overlap and are needed on both machines. So then I have to take the time to split apart the directories, which is a little hassle. But it may be my only option.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
Kind of a pita really...,
You encrypt a folder, the original remains in full view and fully accessible...,
you decrypt it and it has to merge or create a new/duplicate folder!? 🤷‍♂️

View attachment 99776
No idea i haven't used.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
This guide discusses about how you can encrypt files and folders in Windows using EncryptOnClick program.

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
Ok, but the problem I see with the EOC program is that I do not have permissions to install it on the machine. And when I ask for permission, IT is not going to be happy about that.
Probably you don't have permission to install any program on your machine. That will be because you are a user without administrative rights:
They have admin rights. I am a standard user.
In that case there will be no way you can do what you would like to do.
Unless the company IT department is willing to install such a program for you.
But I think they won't cooperate with that, may be because they have the same installation on all of their company laptops.

In that case there is no other possibility for you but to buy a separate laptop, that is managed by just you and not someone else.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 22631.3737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Build by vendor to my specs
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    MSI PRO B550M-P Gen3
    Memory
    Kingston FURY Beast 2x16GB DIMM DDR4 2666 CL16
    Graphics Card(s)
    MSI GeForce GT 730 2GB LP V1
    Sound Card
    Creative Sound Blaster Audigy FX
    Monitor(s) Displays
    Samsung S24E450F 24"
    Screen Resolution
    1920 x 1080
    Hard Drives
    1. SSD Kingston NV2 - 500 GB
    2. SSD-SATA Crucial MX500-2TB
    PSU
    Corsair CV650W
    Case
    Cooler Master Silencio S400
    Cooling
    Cooler Master Hyper H412R
    Keyboard
    Cherry Stream (wired, scissor keys)
    Mouse
    Asus WT465 (wireless)
    Internet Speed
    70 Mbps down / 80 Mbps up
    Browser
    Firefox 115.7.0 ESR
    Antivirus
    F-secure via Internet provider
    Other Info
    Oracle VirtualBox 7 for testing software on Win 10 or 11
Folks, thanks for this feedback. I guess I should have given more context. The other user I am referring to is my company IT department. They can remote connect to my machine at any time. They have admin rights. I am a standard user.

From your feedback, it sounds like I do not have a good option since they can override anything I do, and they are admins. Am I correct?
You are on a company computer. The IT dept should have access to your computer at any time. Any files you are working on or saving should only be Work related. If you have files you don't want your work to know about, it is not work related. The IT dept have put in place security to not allow you to install any software to keep you from installing a Virus or Malware by accident and infecting the rest of the network.

The IT dept has also probably restricted access to any external USB devices for the same reason. If they haven't, then you can save your "personal files" to an external HDD and take it with you at the end of the day.
Be aware that if you are violating company policy, they can monitor your internet traffic and block any non work related sites you are on, or report you to HR and have you terminated.
 

My Computer

System One

  • OS
    Windows 11 Pro 64 bit 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte Z390 UD
    CPU
    Intel Core i7 77000 3.60
    Motherboard
    Gigabyte Z390 UD
    Memory
    16 GB
    Graphics Card(s)
    nVidia GEForce RTX 2060 Super
    Sound Card
    onboard
    Monitor(s) Displays
    Two 27" Dell 4K monitors
    Screen Resolution
    3840 x 2160
    Hard Drives
    M.2 NVME SSD, 500 GB; Two 2TB Mechanical HDD's
    PSU
    850w PSU
    Case
    Cyberpower PC
    Cooling
    Water cooled
    Keyboard
    Backlit Cyberpower gamiong keyboard
    Mouse
    Backlit Cyberpower gaming mouse
    Internet Speed
    1 GB mbps
    Browser
    Brave
    Antivirus
    Windows Security
Since it's a work computer it really boils down to what does your companies AUP (acceptable use policy) say, assuming there is one. If not, ask your IT or security team what is acceptable.
 

My Computer

System One

  • OS
    Windows 11

Latest Tutorials

Back
Top Bottom