Need to hide files from an employee who is a SNOOP!!!!! 5

[LancepsGuerrero]

My only employee is a Serious Snoop, and there are some things that I would like to keep private as well as some company data that is simply none of her business. Is there any way I can do that? I realize that for optimum security I should just get another PC for my personal use but that's not in the cards right now. The problem with hiding files is that of course she could just click on "show all files" and I'd be toast. So if you have any ideas/suggestions I'd really appreciate it. I'd even be willing to encrypt stuff if I knew how. If at all possible, I'd like to have something that, were she to attempt to access the information, would freeze the computer with the message "SNOOPINGAGAIN????????

 

[MattWray]

Do you have the option to upgrade to Win2k? If so, you can set up the admin acct for yourself and a user acct for the snoop. With NTFS permissions you can restrict the heck out of her! I don't really know how you can do it with 98 or 95, but that doesn't mean it's not possible...

Matt Wray
CCNA, MCP

 

[LancepsGuerrero]

Excellent point, I'd thought of upgrading to Win2k anyway, that makes it even more enticing. Now I've a great reason to do it...Hopefully that will also enable me to greatly restrict her internet activities--it really frosts me to suddenly come in and find her instant messaging her buddies--I pointed out to the little twit that leaving it on is an open door to malicious code & to please stop doing it, but she ignored that plea. It's too bad I can't set the system up to crash when she's doing something unrelated to work, which would a) scare the daylights out of her and b)cut down on her time-wasting.
Thanks again!!!

 

[fedto]

If you can't upgrade to win2k, or xp pro, depending on the antivirus program you are using, you could use it to restrict her web activities.
If you use McAfee, you can place specific sites in the restricted zone, or even lock out web access totally. aol uses the dns name logon.oscar.aol.com for AIM to connect.

Where I used to work, they added it to the restricted list and we could not logon to AIM.

 

[MattWray]

For web related restrictions, you could run a firewall program like zone-alarm, or if you have a router most of them can do the same things.. Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[LancepsGuerrero]

Aha! I feel like I'm well on the way to clipping this chick's wings, hahahaha!!! I have Norton Firewall, had contemplated getting Zone Alarm as well, now I've an additional reason to do it. I've had good success in confusing her by making changes in the Firewall's advanced options, but what really gets her is when I delete the crucial cookies she depends on to do her banking on my time.
She just can't understand what's going on...
Just checked the Windows 2000 XP pro., I can get the upgrade, clearly that is the way to go--her snooping will be curtailed and her internet cruising will be a thing of the past as well. She might even have to do some work for a change!!!!!!
Thanks again for the info., you all are the best...

 

[Kento]

You could lock her out of sites she visits using Content Advisor in internet options.

You could hide your private files and folders with Magic Folders or Encrypted Magic Folders which are shareware.

http://www.pc-magic.com/

Paranoid (prnoid14.zip) works well and is free. I use it in 98.

http://esca.atomki.hu/paradise/sac/security.html

A tip if you use Paranoid. If you unprotect a folder and you can't open it then close windows explorer and then reopen it and then it'll open. And don't forget the password if you use one.

 

[grygst76]

there are quite a few ways to keep her from snooping here is a couple but they involve the registry you would go to your start menu run and type regedit then these simple keys

Creating a Directory That is Not Accessible From Windows

To create the directory, type md, then a space, then holding down your ALT button type on number pad only 255.
To access cd\ALT+255 from DOS
When you try to access this from the Explorer you get an Access Denied error.

Resricting the Start Menu, Explorer and the Desktop

There are many general restrictions you can make to the Start Menu, the Explorer and to the Desktop itself.

Start Regedit
Go to HKEY_Current_User / Software / Microsoft / Windows / CurrentVersion / Policies
There should already be at least a Explorer section there already
Additional keys that can be created under Policies are WinOldApp
You can then add DWORD values set to 1 in the appropriate keys
To re-enable them, either delete the key or set the value to 0
ClearRecentDocsOnExit = Clear of Recent Documents on Exit
NoAddPrinter = Adding new printers
NoClose = Computer Shutdown
NoDeletePrinter = Delete Installed Printers
NoDesktop = Doesn't show Desktop items as well as and Desktop right-click menu
NoDevMgrUpdate = Windows 98/ME web Update Manager
NoDrives [hex] = Hides Drives in my computer
NoFind = Find command
NoInternetIcon = Internet Icon on Desktop
NoNetHood = Network Neighborhood
NoRecentDocsHistory = Recent Documents in Start Menu
NoRun = Run command
NoSaveSettings = Save Settings on exit
NoSetFolders = Folders in Start Menu -> Settings
NoSetTaskbar = Taskbar in Start Menu -> Settings
NoSMMyDocs = My Documents folder in Start Menu
NoSMMyPictures = My Pictures folder in Start Menu
NoWindowsUpdate = Windows web Update


Hiding Any Combination of Drives

If you want to stop a drive or any combination of drives appearing in Explorer/My Computer

Add the Binary Value of 'NoDrives' in the registry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Give it a value from a combination of the table below:

A 1 00 00 00
B 2 00 00 00
C 4 00 00 00
D 8 00 00 00
E 16 00 00 00
F 32 00 00 00
G 64 00 00 00
H 128 00 00 00
I 00 1 00 00
J 00 2 00 00
K 00 4 00 00
L 00 8 00 00
M 00 16 00 00
N 00 32 00 00
O 00 64 00 00
P 00 128 00 00
Q 00 00 1 00
R 00 00 2 00
S 00 00 4 00
T 00 00 8 00
U 00 00 16 00
V 00 00 32 00
W 00 00 64 00
X 00 00 128 00
Y 00 00 00 1
Z 00 00 00 2

Where (for eg) you want to hide Drives {C,E,J,O,R,U,Y,Z} you would give 'NoDrives' the value 14 42 12 03
Where C+E = 14, J+O = 42, R+U=12 and Y+Z = 03
Please NOTE: The Numbers are to be added in HEXadecimal ie: ABCD = 0F, not 15 All Drives Visible is 00 00 00 00 All Drives Hidden is FF FF FF 03

their are so many other ways to do this but make sure you reenable when you want

 

[LegoArtist]

Reading these posts, I'm wondering why you haven't implemented the low-tech solution: fire her. Being concerned for your company data and your system's security, not to mention her blatant failure to follow your directives, give you solid ground for doing so. I know it's not a popular solution and it's not something I recommend lightly but sometimes it's the only real way to go.

 

[ANFPS26]

I've enjoyed reading this thread. I feel like I've been reading "Dear Abby"! Ha. (I'm sure It's not funny to LancepsGuerrero. I apolopgize) "A little knowledge is a dangerous thing....."

 

[mickeyred]

LancepsGuerrero,

If you are the one in charge with providing network security, you're the one on my fire list and not the snoop regardless of her desk activities! What if this lad gains access to confidential information without your knowledge? You (and your boss, provided many more do work in your company) are being penny-wise-pound-foolish for not taking immediate action to prevent employees from doing what are not allowed from their PCs. Do you know that the vast majority of corporate break ins come from within?

[From now on, notice that this information applies if there are other employees than just you and your snoop] Do your company and yourself a favor? Upgrade to W2K (sorry, not comfortable with WinXP yet), have everyone sign up a System Security policy which clearly states what is and is not allowed while working on/with corporate property, assing privileges on a-per-employee basis (read password) and handle a copy of this message to your boss. Perhaps if you don't do nothing, s/he will, and have you out the door in no time. Sorry for being too sharp. Situations like this can not be tolerated in the corporate/business enviroment. I spent two whole days cleaning up viruses from office coworkers (I'm NOT an IT/IS folk) because the people at the IT/IS department did nothing to prevent the break ins (one from within), much like you have not prevented this lad from doing what she's done!

The time to get your act together is now, before your boss finds out and does it!

Good luck!

 

[LancepsGuerrero]

How did I miss this post from Mickeyred until today, several months later???? sorry about that...anyway, Mickeyred, your points are well taken, however I am the boss, i.e. this is a sole proprietorship, extremely small company, so the ultimate authority is me. I keep the virusware up to date of course, and so far have had no problems, although we certainly do get our share of infected emails from the website, usually about 7 per day, all of which Norton has picked up. Of course I have made rules regarding opening of attachments, but it's impossible to police her activities 100% of the time. The information she's interested in is my personal stuff, which, oddly enough, I would like to remain personal! I've invested in a safe for tax stuff and other documents I know she would give her eye-teeth to see, and she's kept on a short leash, though clearly not short enough. I will definitely upgrade to W2K ASAP. I do appreciate your pointing out the seriousness of this situation...BTW I do keep back-ups off premises (safe deposit box)and they're done regularly too.
Many thanks to all of you for the excellent advice!!

 

[Guest_imported]

Hello!
I think it's a good idea to use some data encryption software. I had the same problem until i ran against the program named BestCrypt. It implements encoding using the most contemporary and safe encryption algorithms. Besides, I know there are some progs that allow to make something like win2k bootup user identification in win9x. Unfortunately i don't know exact titles.