How can I manage file encryption on a Windows network?
I have a program that needs to access a file on a Windows network, but the same file should not be accessible by other tools. Program A can access the file (read only). I'll use Encrypting File System (EFS) for file encryption to prevent moving the hard disk to another PC where it could gain access to file content, but this normally does not prevent the user who encrypted the file from seeing the content. My goal is that only that particular program should have access, while another program, like Explorer, that's running as the user account, would not be able to gain access. Is that possible?
I don't believe there is an easy way for you to do this kind of file encryption. You can try the following, though, which might achieve what you desire on your Windows network.
Create a user account. Locate the file that you only want the one tool to access and remove all other permissions, then grant the user account you created permissions to the file.
Next, configure the program to run as the user account you created.
This should allow the program to run as the user account that has rights to the file and, thus, can access the file. The drawback, however, is that if a user logs in as the user account, he will have access to the file with any programs he's running. Similarly, any other programs configured to run as the user account will also have access to the file.
This was first published in September 2007