24 total posts
This is a fine job for
Your IT and CIO to tackle. My guess is that your company is trying to run without these major positions filled and you are feeling the crunch.
Security today is still good and hard or soft and easy. I have yet to find easy and hard to crack.
We are an office of 7 people, so I AM the IT guy, even though I have no formal training. I just happen to be the most knowledgeable about computers by a long shot. Which is why I turn to resources like this when I am stumped.
To be honest, hard to crack isn't even my concern. I just need it protected from other employees who are not very computer literate at all. I've thought about just hiding the folder, as that would almost be enough. Unfortunately, the people using the folder would have a hard time learning about unhiding things.....
It appears you don't have a server either.
Maybe you need to reconsider your server setup.
Our network setup is 10 computers that are identical all set up in a P2P network. 1 computer is designated as the "server" and has nothing but our files on it that we can pull from all other 9 computers.
btw, I'm not in charge of the server. That is handled by an outside IT company....but they only work on our network and hardware. Small stuff like this is on me at the moment.
Just to recap.
Folder access is by "owners." You can't hide folders on PCs. This may come as a surprise to new IT staff.
So you can share a folder that came only be accessed by users you granted access to.
However since you are not on a server you are going to be working hard.
ok...so no hiding
Only giving permission to view it on certain PC's has been discussed, but there are times when an employee will work on a different computer from time to time, so this will not work.
Why would tyou say that?
The PC would be logged into by the user. I have run into newbie IT that wanted this to be locked by PC which is possible but not the norm.
Since I log in, I am me and that by extension gives me rights or not to the share.
I wonder if you are completely unaware of how to setup user access, etc. If so, what you need to know can't fit in a reply unless someone gives you a pile of links to books, classes and more.
not the best wording
I do understand that. We have access to each other's login credentials for Windows. Each PC only has 1 user, so when I say "PC" I mean "user".
So I'm guessing here is you want to break the model.
The current model is called Single Sign On. You log in and that's you for the session. There are new IT folk that want to break that system and add a second password to a resource. This is not how the system works and creates a mess at the end of the day.
So when I go to another PC in our office, I log in and as me I get access to what I need and have rights to.
It's how the current system (Windows) works. I take it you want to do something like those new to Windows networking would ask?
Ok we seem to have gotten off the original topic here. I want no such thing. What I want is an encryption program that will create an encrypted container that I can save on PC1. Then I want to have that same program on PC2 and PC3, and be able to access that encrypted container from all 3 PCs. Our network is already set up. We can already access every files from all 3 PCs from any of the 3. The problem is most of the programs I try will not allow me to encrypt a container that isn't directly on the computer I'm sitting at.
That's about the same thing as I noted.
So no, there is no such app because the standard model of sign on and rights already gives us restricted access according to who logs in.
Since you don't want to use what this OS provides then you'll have to keep searching. Or have it written just for you.
Seems odd when even my 1st year IT person could restrict access to those we specified.
Maybe this is all new to you and it will take time. Wish I could write this to not sound as bad. Sorry about that.
I know how to restrict access. But that doesn't solve my problem.
Then I'm not understanding the problem.
With the stock logons, access rights and such only the persons that have rights can see the shared content.
Can you share why that's not the solution?
Because everyone in the office has access to the login credentials of each other's User Accounts. So this would not be secure as someone without permission to access the file could jump onto a different computer, login under an authorized user, and access the file. This is why I want to encrypt the folder with a password only authorized people would know. Hope this makes sense, I know I wasn't very clear before.
All this means
Is you need to change the logins to support what you need it to do.
I've seen folk try to add their own system and it fails gloriously. But if you want you can try it again. My guess here is the lesson is best learned firsthand.
So with that, just make a password protected zip file. It's nowhere as good as the basic Windows system but you seem intent on not using what came with Windows.
How to password a zip file is on the web.
Not against anything that works
I'm not against using anything that works...Unfortunately I am not in charge of our network/users, as that is handled by an outside source. I can make small changes but that's it.
I had set us up using 7zip originally, but we kept having lots of problems getting the files to save once we updated them (even followed all procedures I could find online). The files we had encrypted, when we would make changes, sometimes it would save, and sometimes it wouldn't. And the big problem was you wouldn't know until you had already closed the document, therefore losing all changes you made if it didn't save. If there is a better way of doing this I am open to that.
I'm open to anything as long as it works and is easy to use for non-computer savvy employees.
If everybody knows the password of everybody else, it's quite likely everybody will know the secret encryption key in a few days.
After all, in standard Windows every user can (and if sensible, will) change his own password, so the policy of sharing and openness must be enforced by some setting in Windows to disable the password change.
With a corporate policy of sharing and openness it wouldn't make much sense to use encryption keys (or a password controlled CMS on your Intranet).
Some passwords are shared, others are not. Keeping the encryption password private would not be a problem.
Your last post finally reveals why you can't fix it.
You are not the IT lead, CIO or able to make the needed changes. So you are trying to find a bandaid rather suture the wound closed.
With your last post I finally see why you can't implement it properly. As such I have to say there's not much to do other than let the chips fall where they may. Someone in your office is not playing ball so let them deal with it.
already posted that
I AM the in house IT lead. You keep wanting to treat our company like a large organization, which it is not. We have on staff only 1 person that knows anything about computers, and that is me. Yes we have an outside guy that deals with our hardware/network setup, but he is not an employee and does not deal with day-to-day issues or even small things like this. I have been tasked by the owner of the business with protecting a folder. I don't know why you act like it's someone else's job, it's not, it's mine, which is why I'm here. I'll just go elsewhere, because after this LONG conversation I have still not gotten one recommendation.....nor any help at all. You keep wanting to make the issue into something it's not.
I CAN implement encryption on our computers, so I have no idea why you think I can't implement this. I have already done this with 10+ programs in the last few days.
You have also acted like this is impossible to do, yet I've already used VeraCrypt which does exactly this, so there are obviously ways of handling what I want. The only reason we aren't using VeraCrypt is because of the learning curve. I'm basically just asking for an easier to use version of VeraCrypt.
Re: tasked with protecing a folder
Standard Windows allows giving access to folders on a server based on the credentials of the user. So the simple 2 steps:
1. Tell the owner of the business he has to stop the policy of shared passwords. He's the only one who can do that. Having a rule that sharing your passwords means your're fired immediately greatly helps enforcing it.
2. Ask the IT guy to make a folder on the server only accessible to members of a certain Active Directory group and let your boss decide who the members will be,
It was only in your now next to last reply
That I got the clear picture. Someone is blocking you from doing this the usual way.
I've given my recommendation and it works in small to large networks. Plus it's mainstream, well understood and I could go on. Someone seems to be blocking you here. I can't imagine why this is. So my parting advice is to keep searching or just fix it.