Q

How can I manage file encryption on a Windows network?

With proper file permissions and account settings, you can better manage file encryption on Windows networks.

I have a program that needs to access a file on a Windows network, but the same file should not be accessible by other tools. Program A can access the file (read only). I'll use Encrypting File System (EFS) for file encryption to prevent moving the hard disk to another PC where it could gain access to file content, but this normally does not prevent the user who encrypted the file from seeing the content. My goal is that only that particular program should have access, while another program, like Explorer, that's running as the user account, would not be able to gain access. Is that possible?
I don't believe there is an easy way for you to do this kind of file encryption. You can try the following, though, which might achieve what you desire on your Windows network.

Create a user account. Locate the file that you only want the one tool to access and remove all other permissions, then grant the user account you created permissions to the file.

Next, configure the program to run as the user account you created.

This should allow the program to run as the user account that has rights to the file and, thus, can access the file. The drawback, however, is that if a user logs in as the user account, he will have access to the file with any programs he's running. Similarly, any other programs configured to run as the user account will also have access to the file.

This was first published in September 2007

Dig deeper on Network intrusion detection and prevention and malware removal

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close