"For Your Eyes Only": How to lock a file
Everything is a File
If you think Microsoft people consider file management one of the least glamorous parts of the Windows operating system, you'd be forgetting we get excited about some pretty geeky stuff. I, for one, get excited about understanding the basics of working with the file system, because whether you're writing a book, making a movie, or working on a spreadsheet, when you use a cool application, what you're really doing is creating or changing a file. And if you can't work with your files (and folders, for that matter) the way you want to, then the applications aren't quite as much fun to use.
To make sure it's not just me who finds working with files both fascinating (and occasionally frustrating, it’s true), I was looking through your feedback on articles we've written about file management. I discovered that many of you have a really good basic question: “How can you keep other people from changing your files?” The short answer is: You lock them up (the files, not the people).
How to Lock a File
Windows XP gives you the ability to specify who can read, change, or delete any of the files or folders you create. This means, for example, you can control which files your children can read, change, or delete. The feature you’ll use is called Access Control, which is a feature that's associated with every file or folder you create. The user interface for working with Access Control looks like this:
You begin by finding the file or folder you want to work with in Windows Explorer. (I usually do this by clicking on the My Documents icon on the Start Menu.)
Note: Before working with Access Controls, you may need to change a setting for your file folders, and this quick tip tells you how to do it
After right-clicking on the file or folder name you want to protect, you'll use a dialog box like the one above to view and edit permissions for each person using your computer. (You see Groups in my example because this snapshot was taken on my work computer, and we're organized into groups here for security settings.) Anyway, basically you select the name of the person you want to set permissions for, then click on the check boxes to set the permissions he or she are allowed to have. In this example, I'm adding "write" permissions for Jason so he can play with my mom's picture in photo editing software. (Mom, if you're reading this, I'll tell you why later.)
So, there you have the really simple answer to the question about how to lock up your files. If that's all you were looking for, you can stop right here. But as you can guess from the screen shot above, there are a lot of different options for how to set up permissions, and if you'd like to explore these options, keep reading.
Get as Fancy as You Want!
Though the tip above gives you the basics for locking people out of a file, you may be interested in learning more about this feature. Access Controls offer a lot of flexibility in how you manage who can access what files, in what ways. By tweaking the Access Control settings, you can, for example, let your son read any file in the “family history” folder, but only edit files that contain his own personal history. If you'd like more technical details about the different ways you can restrict access to your files, read this article. It's within the Using Security section of the Windows XP site, which in turn can lead you to ever-deeper levels of technical detail based on your needs and interests.
The refinement of the control set up is totally up to you. To save time and headaches, I recommend you take a top-down approach and set the permissions at the folder level first and, in necessary, individual files second. For example, if you want everyone who uses your computer to have the same settings, rather than protect each document in your family history folder, you can apply the controls to the entire folder. If you want to give your son access to family history files only, you can either set the access control on individual files or you could sort the files as two separate folders and only grant him access to his document folder. By the way, keep in mind that the Access Controls feature doesn’t just work on documents, you can use it the same way on your pictures, movies, or other files created using Windows XP.
Public Service Announcement
Before I wrap up, I need to make a public service announcement for those of you considering setting up Access Controls on your work files. Before you begin, if you have an IT person who manages your computers, please check with him or her to make sure the controls you want to set don’t conflict with the security settings they’ve established for your business or organization.
The Access Control feature is one piece of the complementary set of security features provided by Windows XP. Understanding how all the security features work together can be helpful to you at home and at work, and our sister site, Microsoft At Home Security a great place to learn how all the technologies can be best used in your home or small business.
Security can be confusing, and we at Microsoft have been working for a long time to make this information easier to understand. And, not to toot our own horn too much, I think the At Home Security team has done a great job. In fact, I used the site to help my husband update our home PC this morning. And for the first time in years, I felt as though I had a clear and logical path to follow to get the system protected.
So, I realize I took what seemed like a simple question on a slightly lengthy journey to and beyond the answer. Feel free to add a comment if you have additional suggestions for ways you keep your files secure, or more questions about how to use the Access Control feature in Windows XP.
Robbin Young
Comments
Anonymous
October 27, 2005
This feature is only available to those with NTFS filing, not FAT32. The article does not indicate that. <<Great point! Thanks for bringing it up. --ry>>Anonymous
November 15, 2005
Also it's only available (via the Security tab) in XP Pro.
(Home users can still use cacls.exe from the command prompt if they need to.)Anonymous
November 30, 2005
Also,
this setting is overwritten by Group Security Policy set by the Admin. If you're not an Admin of the machine, setting the security attributes of the file will only prevent other non-Admin from prying. Admins will be able to view the file as they can overwrite the Full Control setting.Anonymous
November 30, 2005
Hello
I am for long searching for protecting my files and folders this way on IntraNet but couldn't find anywhere - Not even here which was a very detailed article about file/folders security. You, however, deserve appreciation!
Reply if anyone can solve my problem at zahidlhr@gmail.comAnonymous
December 01, 2005
MS Office can do this too - choose "Protect Document" from the Tools Menu.Anonymous
December 07, 2005
A big warning is that if the user who changes the security settings goes a bit too far without understanding what the security settings mean, they could by mistake even shut themselves out of accessing their own file!Anonymous
December 08, 2005
For your eyes - article.
provided information I did not know. Thank you.
I still do not understand the basics of "Fils & Folders. ".
1) How to prepare a file.
2) How to give names to a files.
3) where to store files and folders.
4) How to find a file and a folders.
5) How to go about retriving stored files & folders.
I would appreciate if you could send me an article re. above topics.
Sincerely
Navin.Anonymous
December 21, 2005
I could simply suggest that you return to article and think. Then act! Like myself. A retired thirty-two year veteran of this industry with three graduate degrees.
Ever heard of work and play? Don't mix business with pleasure?. Both mixed apportunately are beneficial in a responsible environment.
Security of your microprocessor is tantamount. Along with its volatlity. Your hard drive is unforgiving, as every keystroke, believe me, can be retrieved from that drive. Parallels and real-time monitors have long been in use. Their origins and useage are entirely relevant and beneficial. As fellow specialist will agree!
For the novice and in fact the greatest majority of world users, their microprocessor can appear unyielding and in fact controlling their life. Many may endure anywhere between a mild phobia, through to a paranoia.
The civlised world is becoming too user friendly and complacent to this form of electronics. The consumer purchases the product and then cries, like a banshee, because it doesn't function as it should, even blaming the microprocessor.
There are remedies for all your microprocessor problems, including the topic in question and every last one you may ever think of, relative to your appropriate GUI (Graphic User Interface) experience, all simplified to spur even the humblest beginner on a self-learning curve to IT proficiency!
For the total beginner onward:
Thoroughly read all directions, including peripherals (Other hardware). Accept all default settings as positive. This includes all user and security. Lost? Re-read! Check!
Printer? Read, instal, connect. Intent? Print all help files (approx 6 reams= 3000 pages for a well loaded programs file. (Check with vendor on ink quantity required!)
If you've followed the steps so far. Get a pen and notepaper. Write very briefly (Key topics that you want to "catch up on"). Then, when you are confident, or at least happy with what you've achieved you may then take the next step.
Now, so far you,ve been handed raw-rock instructions. You alone, through a new experience and a lot of reading will get through thus far with few mistakes. This, being a guide only!
The real task begins: USER PROFILES. Intent? Create one, perhaps even two new profiles! Why? In simple terms, if you totally botch one profile, you still have your original. There is more though! Your second profile is the one you do your LEARNING MISTAKES WITH! When you make a mistake you need not fret because you're utilising your maximum learning parameters and not only learning through experience, but experiencing an input learning curve, where knowledge will come and be retained more expediently!
Now, get back to your help file reading. In your new profile you will re-create every already installed program, but with a difference. In this, your second profile you have allowed yourself every silly and tragic error imaginable and yet because you have your original profile you have not affected it whatsoever!
Simply stated: You seek, You learn, you experience. YOU WILL RETAIN MORE!
Is this all? No! In your second profile all your programs are not auto-select, but stored in your pre-defined destination, which you allocate and name. As you stuff up and correct and when you're satisfied with your wants. Go to your first profile, doing things properly the first time.
SECURITY SETTINGS: Are self-explanatory. The abovementioned article is clear. As is my comments. Learn as you do!
ADVANCED USERS: May consider partitioning their drive instead and follow a similar parallel, with, EXPERTS: A multi-level sequential drive bank.
---From the DOCTORAnonymous
December 28, 2005
Hello, good article, but a few assumptions and omissions:
1. Assuming the system is NTFS
2. Assuming this is Windows XP Pro
3. Assuming user has Admin Status
3. Didn't warn people not to click on DENY, especially to block everyone or system.
4. Where is CREATOR OWNER?
5. Where is "Everyone"
6. People have Simple File Sharing turned off although you mentioned it in the "quick tip" link, readers may miss it
7. To remove Creator and Everyone, you must have already changed the permissions.
Cheers
TomAnonymous
December 04, 2006
i still don't know what rss 2.0 is? nor did i get to understand what is atam 1.0 ? which is what i asked for in my search. can you tell me?Anonymous
June 02, 2009
PingBack from http://woodtvstand.info/story.php?id=86865