Password Protect a File Directory


M

mridzon

New member
Local time
5:06 AM
Posts
9
OS
Windows 11
Folks, I'm using Win11 Pro. Is there a way to password protect a single directory (and its sub-directories) in File Explorer? A friend has access to my machine and my directories. I'd like to protect some of them from their wandering eyes.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
If they are using their own account and are not a member of the admin group then you can...
  1. Right click the directory you wish to secure and select properties
  2. Under the Attributes section of the general tab click Advanced
  3. Check the box 'encrypt contents to secure data'
  4. Accept this for all sub-directores
You should also get a notification to back up the key, make sure you do this and store it in a secure location. This key is tied to your user account, so another user will not have access to the data or the key. This can be defeated though if your friend has an admin account.

If you cannot limit their account to a user account then I would use something like 7zip or Veracrypt to create an encrypted container which is self-contained and without the password will not be able decrypt the data regardless of what type of account they have access to.
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
neemobeer said:
If they are using their own account and are not a member of the admin group then you can...
  1. Right click the directory you wish to secure and select properties
  2. Under the Attributes section of the general tab click Advanced
  3. Check the box 'encrypt contents to secure data'
  4. Accept this for all sub-directores
You should also get a notification to back up the key, make sure you do this and store it in a secure location. This key is tied to your user account, so another user will not have access to the data or the key. This can be defeated though if your friend has an admin account.

If you cannot limit their account to a user account then I would use something like 7zip or Veracrypt to create an encrypted container which is self-contained and without the password will not be able decrypt the data regardless of what type of account they have access to.
Click to expand...
What you are effectively doing here is enabling EFS (Encrypting File System). Just be aware that there may be some extreme effects on performance (to put it mildly) if you intend to share files using EFS on the network. In that case, you could use BitLocker to encrypt the entire drive as an alternative.

Finally, another possible solution is to set the NTFS file permissions on this one directory and subdirectories so that your friend won't be able to access those files.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Encrypto offers a simple drag-n-drop interface to facilitate encryption of files and folders in Windows. Just launch Encrypto and then drag-n-drop the target files on the small Encrypto window.

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
I have been using the freeware program EncryptOnClick (EOC) for that purpose.
It does the same as a zip routine does, using 256bit AES enscryption, but in an easier way to use it.
It uses the extension .EOC, but if you change that into .zip the files / folders can be decripted by any good zip program like WinZIP.

The reason I don't use it anymore is rather personal: because I am rather old, I have been redenating that all important files on my PC should be reachable for my nearest family, if something happens to me. EOC is not fitting into that, password protected pdf's are (my family knows the standard password I am using to protect those pdfs). With password protected pdfs the only thing that has to be done is know the password, whatever pdf reader you re using. So all data (emails as well) that is important I 'print' to pdf and readprotect the pdfs.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 26100.3915
    Computer type
    PC/Desktop
    Manufacturer/Model
    Build by vendor to my specs
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    MSI PRO B550M-P Gen3
    Memory
    Kingston FURY Beast 2x16GB DIMM DDR4 2666 CL16
    Graphics Card(s)
    MSI GeForce GT 730 2GB LP V1
    Sound Card
    Creative Sound Blaster Audigy FX
    Monitor(s) Displays
    Samsung S24E450F 24"
    Screen Resolution
    1920 x 1080
    Hard Drives
    1. SSD Crucial P5 Plus 500GB PCIe M.2
    2. SSD-SATA Crucial MX500-2TB
    PSU
    Corsair CV650W
    Case
    Cooler Master Silencio S400
    Cooling
    Cooler Master Hyper H412R with Be Quiet Pure Wings 2 PWM BL038 fan
    Keyboard
    Cherry Stream (wired, scissor keys)
    Mouse
    Asus WT465 (wireless)
    Internet Speed
    70 Mbps down / 80 Mbps up
    Browser
    Firefox 130.0
    Antivirus
    Windows Defender
    Other Info
    Router: FRITZBox 7490
    Oracle VirtualBox 7 for testing software on Win 10 or 11
FreeBooter said:
Encrypto offers a simple drag-n-drop interface to facilitate encryption of files and folders in Windows. Just launch Encrypto and then drag-n-drop the target files on the small Encrypto window.
Click to expand...
Kind of a pita really...,
You encrypt a folder, the original remains in full view and fully accessible...,
you decrypt it and it has to merge or create a new/duplicate folder!? 🤷‍♂️

0007034.jpg
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS ROG Strix
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
Add a User Account for your friend...,

otherwise:

I suggest Super Hide the folders within Command Prompt...

Hide: attrib +s +h "path"

Show: attrib -s -h "path"

(Unless you're showing Protected System Files by default)
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS ROG Strix
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
Hi there
Doesn't bog standard Windows sharing work :

Skjámynd 2024-06-22 115938.png

For Linux NAS shared directories -- bog standard SAMBA governs accesses with / without passwords (note to add a password and user to SAMBA as root / sudo type smbpasswd -a <user> <password> ).

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,10,11 Linux (Fedora 42&43 pre-release,Arch Linux)
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
    Screen Resolution
    4KUHD X 2
Folks, thanks for this feedback. I guess I should have given more context. The other user I am referring to is my company IT department. They can remote connect to my machine at any time. They have admin rights. I am a standard user.

From your feedback, it sounds like I do not have a good option since they can override anything I do, and they are admins. Am I correct?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
mridzon said:
... it sounds like I do not have a good option since they can override anything I do, and they are admins. Am I correct?
Click to expand...
Probably! Perhaps you need to purchase your own Laptop, or, get them to provide you with an other one.

(Others may prove me wrong...)
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS ROG Strix
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
No you are not correct.
If you read-protect files / folders by any program that uses ZIP methods to encrypt them, they will not be able to use / read / write to those files, not even if they are administrators. In the EOC program I described, the password you use for that you have to enter every time you use it to encrypt a file or bunch of files. As long as you don't write that password somewhere on the system in readable form, your files will be safe!

PS. I am my own administrator in my system and even I cannot read the encrypted files without remembering my password!

PS.2 EOC will encrypt the files and overwrite them, whilst removing the unencrypted file(s). Nothing with making new files as described in #6.

But indeed:

Edwin said:
Perhaps you need to purchase your own Laptop.
Click to expand...
That may be better, in that case you don't have to deal anything with the company.
Because encrypting files takes a lot of diciplin: if you only once forget to encrypt one file / folder and it would contain sensible information, you might be in trouble.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 26100.3915
    Computer type
    PC/Desktop
    Manufacturer/Model
    Build by vendor to my specs
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    MSI PRO B550M-P Gen3
    Memory
    Kingston FURY Beast 2x16GB DIMM DDR4 2666 CL16
    Graphics Card(s)
    MSI GeForce GT 730 2GB LP V1
    Sound Card
    Creative Sound Blaster Audigy FX
    Monitor(s) Displays
    Samsung S24E450F 24"
    Screen Resolution
    1920 x 1080
    Hard Drives
    1. SSD Crucial P5 Plus 500GB PCIe M.2
    2. SSD-SATA Crucial MX500-2TB
    PSU
    Corsair CV650W
    Case
    Cooler Master Silencio S400
    Cooling
    Cooler Master Hyper H412R with Be Quiet Pure Wings 2 PWM BL038 fan
    Keyboard
    Cherry Stream (wired, scissor keys)
    Mouse
    Asus WT465 (wireless)
    Internet Speed
    70 Mbps down / 80 Mbps up
    Browser
    Firefox 130.0
    Antivirus
    Windows Defender
    Other Info
    Router: FRITZBox 7490
    Oracle VirtualBox 7 for testing software on Win 10 or 11
Kees said:
No you are not correct.
If you read-protect files / folders by any program that uses ZIP methods to encrypt them, they will not be able to use / read / write to those files, not even if they are administrators. In the EOC program I described, the password you use for that you have to enter every time you use it to encrypt a file or bunch of files. As long as you don't write that password somewhere on the system in readable form, your files will be safe!

PS. I am my own administrator in my system and even I cannot read the encrypted files without remembering my password!

PS.2 EOC will encrypt the files and overwrite them, whilst removing the unencrypted file(s). Nothing with making new files as described in #6.

But indeed:


That may be better, in that case you don't have to deal anything with the company.
Because encrypting files takes a lot of diciplin: if you only once forget to encrypt one file / folder and it would contain sensible information, you might be in trouble.
Click to expand...

Ok, but the problem I see with the EOC program is that I do not have permissions to install it on the machine. And when I ask for permission, IT is not going to be happy about that.

Getting my own laptop is likely the only good option. The small problem with that, is that some of these files overlap and are needed on both machines. So then I have to take the time to split apart the directories, which is a little hassle. But it may be my only option.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
Edwin said:
Kind of a pita really...,
You encrypt a folder, the original remains in full view and fully accessible...,
you decrypt it and it has to merge or create a new/duplicate folder!? 🤷‍♂️

View attachment 99776
Click to expand...
No idea i haven't used.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
This guide discusses about how you can encrypt files and folders in Windows using EncryptOnClick program.

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
mridzon said:
Ok, but the problem I see with the EOC program is that I do not have permissions to install it on the machine. And when I ask for permission, IT is not going to be happy about that.
Click to expand...
Probably you don't have permission to install any program on your machine. That will be because you are a user without administrative rights:
mridzon said:
They have admin rights. I am a standard user.
Click to expand...
In that case there will be no way you can do what you would like to do.
Unless the company IT department is willing to install such a program for you.
But I think they won't cooperate with that, may be because they have the same installation on all of their company laptops.

In that case there is no other possibility for you but to buy a separate laptop, that is managed by just you and not someone else.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 26100.3915
    Computer type
    PC/Desktop
    Manufacturer/Model
    Build by vendor to my specs
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    MSI PRO B550M-P Gen3
    Memory
    Kingston FURY Beast 2x16GB DIMM DDR4 2666 CL16
    Graphics Card(s)
    MSI GeForce GT 730 2GB LP V1
    Sound Card
    Creative Sound Blaster Audigy FX
    Monitor(s) Displays
    Samsung S24E450F 24"
    Screen Resolution
    1920 x 1080
    Hard Drives
    1. SSD Crucial P5 Plus 500GB PCIe M.2
    2. SSD-SATA Crucial MX500-2TB
    PSU
    Corsair CV650W
    Case
    Cooler Master Silencio S400
    Cooling
    Cooler Master Hyper H412R with Be Quiet Pure Wings 2 PWM BL038 fan
    Keyboard
    Cherry Stream (wired, scissor keys)
    Mouse
    Asus WT465 (wireless)
    Internet Speed
    70 Mbps down / 80 Mbps up
    Browser
    Firefox 130.0
    Antivirus
    Windows Defender
    Other Info
    Router: FRITZBox 7490
    Oracle VirtualBox 7 for testing software on Win 10 or 11
mridzon said:
Folks, thanks for this feedback. I guess I should have given more context. The other user I am referring to is my company IT department. They can remote connect to my machine at any time. They have admin rights. I am a standard user.

From your feedback, it sounds like I do not have a good option since they can override anything I do, and they are admins. Am I correct?
Click to expand...
You are on a company computer. The IT dept should have access to your computer at any time. Any files you are working on or saving should only be Work related. If you have files you don't want your work to know about, it is not work related. The IT dept have put in place security to not allow you to install any software to keep you from installing a Virus or Malware by accident and infecting the rest of the network.

The IT dept has also probably restricted access to any external USB devices for the same reason. If they haven't, then you can save your "personal files" to an external HDD and take it with you at the end of the day.
Be aware that if you are violating company policy, they can monitor your internet traffic and block any non work related sites you are on, or report you to HR and have you terminated.
 

My Computer

System One

  • OS
    Windows 11 Pro 64 bit 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte Z390 UD
    CPU
    Intel Core i7 77000 3.60
    Motherboard
    Gigabyte Z390 UD
    Memory
    16 GB
    Graphics Card(s)
    nVidia GEForce RTX 2060 Super
    Sound Card
    onboard
    Monitor(s) Displays
    Two 27" Dell 4K monitors
    Screen Resolution
    3840 x 2160
    Hard Drives
    M.2 NVME SSD, 500 GB; Two 2TB Mechanical HDD's
    PSU
    850w PSU
    Case
    Cyberpower PC
    Cooling
    Water cooled
    Keyboard
    Backlit Cyberpower gamiong keyboard
    Mouse
    Backlit Cyberpower gaming mouse
    Internet Speed
    1 GB mbps
    Browser
    Brave
    Antivirus
    Windows Security
Since it's a work computer it really boils down to what does your companies AUP (acceptable use policy) say, assuming there is one. If not, ask your IT or security team what is acceptable.
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
You must log in or register to reply here.

Similar threads

What's the easiest way to password protect a folder in Windows 11?
Replies
11
Views
12K
Florio
F
Solved How to password-protect awakening from sleep state?
Replies
9
Views
1K
wpcoe
W
Solved Cannot access password-protected network folders of a Windows 11 PC
Replies
7
Views
11K
antoniu200
A
Solved Is there anyway to safely password protect an external usb drive?
Replies
10
Views
3K
hsehestedt
hsehestedt

Latest Support Threads

Latest Tutorials

Back
Top Bottom