File sharing (or rather files to not be shared)?

JustAnotherSaver

debitcardmayhem wrote: »

One big problem is that A or B or C is you so you can do as you please with their data, then most of your premises or questions have holes in them which frankly I find it is not surprising that people can’t get in their heads what you are saying. Do these other users log on the local machine, or do they remote in? Windows server or linux/unix is the way to go if remote, if local any of them can see all the data on the machine.

They don't have holes in at all. It's people trying to go too far with it.



Take your question of remote logging in for example. That's pretty key. If they were logging in from afar then i'd have said. I didn't so it can't be remote logging in. Remote logging in isn't even the standard way to log in to a family PC anyway. Sure i'm not saying it doesn't happen in some cases but it wont be in anywhere near the majority and i don't even need to conduct a survey for that. So the default has to be local unless the person specifies otherwise.


It's like when i talk about the average Joe and people having no knowledge and then get answers talking about if we were dealing with computer scientists with upper 1% level intelligence. It's 1) going too far and 2) completely ignoring what i'm saying ... yet then people get upset when i dismiss what they say? Yeah because that's fair. I forgot what's ok for others isn't ok for me.


And it's also not a case of doing as i wish with their data. That's not what i'm asking.


Honestly it's like getting stopped in the street by someone asking for directions to such-&-such a pub and then just telling them they don't want to go to that pub because you believe it's crap, they should go to this other one instead. Then making out like you don't understand their question because you don't know why they'd want to go to the pub they ask for but the pub you suggest is the best pub in town. Of course, it must be .... you suggested it.
Then the person leaves, still not knowing how to get where they want.






But anyway, there's been one or two suggestions within this thread that may work. I'll have to try them out and thanks to those people for not only suggesting them but just simply answering the question and not getting all shirty about it.

rmg1

At the risk of (potentially repeating) what's been said (it's quite a long topic), what I'd do is this:-
1) Drive 1 - O/S and programs only (with all 3 users account on it - password protected, obviously)
2) Drive 2 - Data drive.

What I'd do on the data drive is:-
create a folder for each user (A,B ad C)
Go with Esuhls suggestion of "repointing" my documents to the relevant folder

A quick bit of Googling mentions that removing "List Folder" permission hides the folder from the given user.

So, in essence, it would be a bit fiddly to set up but I would say it's perfectly doable.

To echo some others that have posted here, anyone with Admin-level access can see/do whatever they want so you would need to make sure that you are the only one with admin access.

JustAnotherSaver

rmg1 wrote: »

A quick bit of Googling mentions that removing "List Folder" permission hides the folder from the given user.

So, in essence, it would be a bit fiddly to set up but I would say it's perfectly doable.

Yeah that to me sounds like eshul's suggestion. To my mind it sounds like it could work. I'd have to try it out. I'm not quite sure what this removing list folder permission is all about as i've never heard of that but again that's something i'd have to look at to get a better understanding of it.


Thanks for actually answering the question.

To echo some others that have posted here, anyone with Admin-level access can see/do whatever they want so you would need to make sure that you are the only one with admin access.

This is my concern and something i was trying to get to the bottom of earlier but people were reading my "can the average Joe" question and somehow seeing "can YOU do it". Not sure how the words on my screen were different from the words on their screen but there you go.


If it's a case of Person A, Person B and Person C have user accounts (passworded). Whenever one of them logs on they can see the other 2 peoples folders on the storage/data drive, they get curious, they double click it, they get a notification saying something like you're about to open this folder and you need admin rights (which they'll have) and then you simply click YES and voila you can see the contents


then that's one thing.


But if it's a case of (like with my current setup), they need to start clicking through, making things visible, changing settings (that they'd have to be aware of in the first place - something i seem unable to spell out here it seems), doing a bit of tweaking and THEN they'd be able to view the folders/contents due to their admin privileges


then that is a totally different matter, because that requires above average Joe knowledge, which has been my U]ignored[/U point all along.

that

rmg1, but JustAnotherSaver want people to have admin rights too so that they install software too.

Basically you can either hide the folders via security and removing the list rights, or give them admin rights, but you can't have both.

You can encrypt the folders or use EFS so that each can only see what is in their own area.

JustAnotherSaver

use EFS

Ok you got me. I'm afraid i'm going to have to say this.....


whatchusay??? Sorry don't have a clue what an EFS is. Or maybe i do, i just am not the best with abbreviations.

that wrote: »

rmg1, but JustAnotherSaver want people to have admin rights too so that they install software too.

Basically you can either hide the folders via security and removing the list rights, or give them admin rights, but you can't have both.

You can encrypt the folders or use EFS so that each can only see what is in their own area.

Ah ok. I think the admin rights will be more important then and i'll have to find a workaround. VeraCrypt may be one method. External drive is another but that's really not what i want at all. Same setup as i currently have would be another method, i was just considering having a single boot rather than dual that's all.



99.9% of the time i will have installed all the required programs on the PC anyway but there may some time be a time where they wish to install a program and i'm not there. I'm at work, i'm away, whatever. They'll then want access to my profile .... oh can i just go on your profile and install it and use it there. What's your password?


Creates all manner of would rather nots.

esuhl

A few thoughts (rehashed or inspired by the other helpful replies):-



You could create VeraCrypt containers to hold each users' data. And then automatically run a script to mount a user's data partition when they logged in to Windows. (I'm fairly sure you can create a registry entry to run a command to do this, if storing a readable password in the registry isn't an issue).



Alternatively, you could set up a Linux-based file server or NAS device to store users' data, which users can access over the network from your existing Windows PC. That way every user has complete control of the local Windows machine, but all the data are stored on a secure Linux device.

arciere

At the risk of sounding rude, after 3 pages of advice, I think that the answer that OP is looking for is not a technical one. He wants to keep his things private, fair enough, but at the same time he doesn't want others (who use the same computer) to know that he's keeping private things, because otherwise they could get curious and start to investigate. Yet, OP seems more concerned about keeping things hidden than keeping things secure.

Keeping his data on a separate, removable device is probably the best thing to do.

that

efs = encrypting file system - unless the have changed it, think it was released in window 2000

here is the old way for win 7. it has a great explanation, but now may no longer be correct on win 10 https://www.youtube.com/watch?v=rnuCitzSgQ8

Here is the win 10 way which I ties your name and password to your encryption key, so with you can get seamless into the directory, but the file is encrypted for others, but not hidden
https://www.youtube.com/watch?v=3bcOh90ehjU

however you file names are still visible and if this is an issue, veracypt may be the answer but you may have to put in your password each time, or at worst remember it when things go wrong, or the system forgets your password
.

We use certificates at work for other things, and we do not use encryption on servers. Have to say certificates have an expiry date, and if you do not renew it before that date is up, you are in trouble without knowing why as you will not be informed that it is a certificate issue. Certificates are a PITA!!! I recommended to our certificate guy that he should make the expiry date 17 years, because he will have retired by then, and it will be another persons problem

The people will be admins and have rights to the files, do before they leave, they could encrypt it and leave you dangling.

Also seen it where a corruption creeps in and stuff is lost. Also people can't undelete and recovery software pointless.

Johnmcl7

JustAnotherSaver wrote: »

Regards Virtual PC - i'm well aware this is going to sound like i'm being dismissive again, but i have tried Virtual PCs before and they seem very very slow. I gave up in the end.

Originally virtual machines were painfully slow but now processors have hardware support for virtualisation and most servers now run virtually since it allows large numbers of OS's per hardware.

Only budget low end systems tend not to have virtualisation support and you can check your own hardware to see if it supports it by looking for VT-x (Intel) or AMD-V (AMD). You can try it for free and see if it does what you want, you may find other limitations with peripherals which make it unsuitable.

If you're going to give the other users admin rights then there's no point trying to lock down parts of the file system because anything you do can be overridden.

JustAnotherSaver

esuhl wrote: »

You could create VeraCrypt containers to hold each users' data.

I was with you on that, in the sense that i can visualise that. But this...

And then automatically run a script

Meltdown! :rotfl:
I've seen that ("run a script") mentioned in other threads to other people about whatever problem they're facing and it reminds me of trying to tackle coding at school which was mildly better than trying to learn French but still not enjoyable. In short i have absolutely no clue i'm afraid. Right now that kind of thing is beyond me and tbh i'm reluctant to ask.

Johnmcl7 wrote: »

Originally virtual machines were painfully slow but now processors have hardware support for virtualisation and most servers now run virtually since it allows large numbers of OS's per hardware.

I don't really know when "originally" was.



But up until 2018 i tried Virtual Machines.


I've used various ones. VMWare i think was the name of one. Virtual PC another. Something about Sand was another one i remember. Sure they worked ... but they were slow. I tried allocating more processor power and RAM to them but yeah they were still just slow. That's with Windows 7 on them and various Linux OS that i was trying out (Mint & Zorin were two i remember).

If you're going to give the other users admin rights then there's no point trying to lock down parts of the file system because anything you do can be overridden.

I think we'll just go round in circles on that one so i'll just say ok so as to avoid any back-&-forth.