Create a private secured folder that only you can access
Many computer users share their computer with other people and yet don’t want to share all of their personal files. Windows computers will use the same file system and folder structure for all the users who log onto that computer so everyone can see the same folders as everyone else assuming the right permissions are in place.
If you have local administrator rights on a computer then you will be able to see the others files located within their Users folder which stores things like documents, pictures, desktop files, music and so on. So if you keep all of your files there then you are safe from the prying eyes of other users UNLESS they have local administrator rights on that computer.
As you can see in our example our Users folder shows us that users named admin, Bobby and Cindy have logged in to this computer and when that happens the first time Windows creates their own folder based on their username.
When a standard user tries to access another users personal folder they will get prompted with a dialog box asking them to put in the credentials of a user with admin rights and if they don’t have the credentials for an administrator account then they will not be able to get into those files.
So what do you do if you want to lock down your files even from users with administrative credentials? Or maybe you want to have a folder that is not in your Users folder that only you can get to? If that’s the case then you will need to perform a few steps in order to get this accomplished. We will go through step by step example showing you how to do this.
In our scenario we have two users, Cindy and Bobby and Cindy wants to create a folder in the root of the C drive called Cindy’s Stuff and keep Bobby and any administrators from getting into her folder. So the first thing we do is create the new Cindy’s Stuff folder on the C drive. Then we right click on it and chooses Properties and then go to the Security tab.
Here you can see the access permissions to the folder and will be able to see which user types can access this folder. The Authenticated Users group contains user accounts that have logged in with a username and password. The SYSTEM account is used by Windows and by services that run under Windows and is not the same as a user account that you can log in with. Administrators contain all users that have been granted administrator rights on the computer. The Users group contains standard users that have been created on this computer.
What we need to do next is click on the Edit button to add Cindy as a user with full control of this folder by entering her username in the Object name box after clicking the Add button. Then we will click to check the Full control checkbox and then click on OK.
Now we want to remove all the other users from having any permissions on that folder. So we go back to the Cindy’s Stuff folder, right click it again and choose Properties once more. Then we click on Edit again and then on Authenticated Users to highlight it and then click the Remove button. As you can see we get a warning message saying we can’t remove Authenticated Users because this object is inheriting permissions from its parent. In our case the parent is the root or C drive itself.
To fix this we need to go back to Cindy’s Stuff Properties and click on the Advanced button. Then under the Permissions tab click the button that says Disable inheritance.
We will then get prompted with a message asking us to make a choice on what to do with the permission on our folder. We can either convert the inherited permissions into explicit permissions which will keep the permissions that we currently have on that folder that we inherited from the parent folder or we can remove all inherited permissions from the folder and then start from scratch.
This is up to you how you want to do it but if you choose Remove all inherited permissions from this object it will automatically remove all of the users including the SYSTEM user which Microsoft does not recommend you do and leave Cindy’s user account there. If you choose the Convert inherited permissions into explicit permissions on this object then it will just remove the inheritance and then you can remove all the other users manually by clicking on each one and then clicking on the Remove button. Just make sure to check the box that says Replace all child object permission entries with inheritable permission entries from this object to make sure that anything you put in this folder including other folders will inherit these new permissions. After clicking ok you will get a message that pops up saying This will replace explicitly defined permissions on all descendants of this object with inheritable permissions from Cindy’s Stuff. Do you wish to continue and you should click on Yes.
Now Cindy can start adding her personal files to her new folder so only she will be able to access them. When Bobby (who is a local admin) tries to access her folder he will get a message saying that he doesn’t have permission to access the folder and to click Continue to permanently get access to this folder.
But when Bobby clicks on Continue he will get an Access Denied message preventing him from opening the folder or doing anything with the folder.
So as you can see its possible for the average user to lock out even the administrators on a Windows computer if they want to keep their information secured and private. It may take a few steps to do so but once you understand how it works the process in fairly simple.