Ask the Expert

How can I manage file encryption on a Windows network?

I have a program that needs to access a file on a Windows network, but the same file should not be accessible by other tools. Program A can access the file (read only). I'll use Encrypting File System (EFS) for file encryption to prevent moving the hard disk to another PC where it could gain access to file content, but this normally does not prevent the user who encrypted the file from seeing the content. My goal is that only that particular program should have access, while another program, like Explorer, that's running as the user account, would not be able to gain access. Is that possible?
I don't believe there is an easy way for you to do this kind of file encryption. You can try the following, though, which might achieve what you desire on your Windows network.

Create a user account. Locate the file that you only want the one tool to access and remove all other permissions, then grant the user account you created permissions to the file.

Next, configure the program to run as the user account you created.

This should allow the program to run as the user account that has rights to the file and, thus, can access the file. The drawback, however, is that if a user logs in as the user account, he will have access to the file with any programs he's running. Similarly, any other programs configured to run as the user account will also have access to the file.

This was first published in September 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: