Forgot your password?
typodupeerror

Microsoft Retracts Private Folder Option 336

Posted by Zonk
from the hey-no-takebacks dept.
An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."
This discussion has been archived. No new comments can be posted.

Microsoft Retracts Private Folder Option

Comments Filter:
  • If it actually worked as advertised, that'd be something I'd want to use. The correct answer for companies is to 1) forbid its use (just like you wouldn't let employees PGP-encrypt their work), and 2) find out how to disable it in Active Directory. Don't just dike out the functionality, though!
    • by Anonymous Coward on Saturday July 15, 2006 @01:53PM (#15725091)
      Here is an idea for those IT managers complaining, DONT allow users to install applications. What kind of a security policy do you have that allows users to just install software. Frankly I like this feature, it is simple to use for home, and is a better option than EFS at home.
      • by v1 (525388) on Saturday July 15, 2006 @07:28PM (#15726092) Homepage Journal
        You're falling into the oxymoron of "windows security" again.

        I find it amusing that Mac OS has had filevault for what, several years now, with no resulting cataclysm. MS introduces it and half the PC IT flip their lids and MS runs scared. What is wrong with these people? Sorry if I sound like a BOFH but if the user puts data into a vault and then loses their password, they will get no pity from me. Do we cry for the neighbor that just locked his keys in his car while it was running? No, we laugh and point fingers. Some actions carry a built-in penalty for blatant stupidity, and this is one of them. If I put a hammer in the toolbox at work and Joe cracks his thumb trying to hang a picture in his cubicle, do we chase after me for leaving a dangerous object within reach of the monkeys? No, again we laugh and point fingers.

        If your company is impossibly tilted toward the users, then just add a line to the AUP that states that filevault or whatever is not and cannot be supported by IT and if you have problems with it you should not expect any help.

        In some organizations, the head of IT thinks he's god. More often though it seems, the users think they are the chosen ones and that IT can do the work of gods.
        • Unfortunately, user stupidity is something IT constantly has to worry about. Imagine if you're the IT Director, and the President has just locked the annual budget reports in an encrypted vault. It's somewhat difficult to just point a finger at him and laugh.

          Though Mac OSX has some great features, and is a fine operating system, it does not support some of the niche software and does not have the capabilities to be deployed in a company of hundreds, or thousands of computers. There could very well been i
        • by NtroP (649992) on Sunday July 16, 2006 @12:21PM (#15728261)
          On OS X, you have the option of creating a "Master Password" that has the ability to unlock any encrypted home directories. It shouldn't be too hard to implement a setting that says a Domain Admin can unlock any encrypted files on computers that are joined to their domain. Something is fishy here. There has to be more broken with this scheme than just the user being able to encrypt their data.
    • Just tell users 'if you use this and lose data you are on your own' and ' if you use this and hide anything you are violiting our AUP and subject to termination'.

      Actually we do allow PGP, under the premise 'if you hose it, your data is gone'.
      • by rah1420 (234198) <rah1420@gmail.com> on Saturday July 15, 2006 @03:25PM (#15725406)
        Just tell users 'if you use this and lose data you are on your own'

        Suuuure. That will work when the CEO comes a-knockin' on the door... "uh, Nurb, I had my speech to the local Chamber of Commerce in this folder, I sweated bullets on it for six weeks, the speech is in three hours, and [I forgot the password|the password doesn't work]."

        we do allow PGP

        My point exactly. It's doubtful the CEO will know enough to PGP encrypt a file, but they do know how to get to that context menu quickly enough...

        Not that I'm espousing deleting the functionality, mind you; it's pretty cool. But the premise of "making the user responsible" seems credible in inverse proportion to the level at which the person is in the company.
      • We had a policy... We won't stop you but if you screw it up we re-image the disk and you start all over again.

        It worked...

        As others have said, these things don't apply to CEOs.. that get local admin because.. well.. are you going to refuse someone who can fire your ass?

  • Oh great, they retracted the article too!

    But more seriously... you can still download it here: http://fileforum.betanews.com/detail/Microsoft_Pri vate_Folder/1152200243/1 [betanews.com] (redirects to download.microsoft.com) all that was removed was the HTML download page.

    On a related note, are the legions of ZIP tool companies going to retract ZIP encryption or password protection? Other archive format encryption schemes? How about general encryption programs? Oh f***, I wrote a DES implementation once, I'm screwed now aren't I?

    • Walled Garden? (Score:2, Interesting)

      by Anonymous Coward
      Gee, I can't even download, much less install, *anything*.msi behind our firewall (which makes both the Berlin and Great Walls look like garden decorations). So maybe M$ is responding to inept or poor "IT managers" - in which case there's the real problem.
  • I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea. Good stuff :)

    http://religiousfreaks.com/ [religiousfreaks.com]
    • perhaps they simply aren't as incompetent as the so called "IT managers" and therefore don't think at that level?

      "this looks good, let's release it." "oh noez i can't keep my users from installing this and then forgetting their passwords! arrrrrrgh m$ is teh evils!" "damn, these idiots managed to mess up a good thing once again, pull it back until the clowns managing networks can catch up to the rest of us or get fired and replaced with people who didn't go to Burger King Tech Institute."
    • Because its not IT people developing the features.

      At most companies the closest developers (and PM's if you're MS) at come to IT is when they have a problem with their office workstation. They call/email IT and someone swings by to fix the problem.

      Sure, there are companies where the IT people think up & implement features in key products. MS is not one of them.
    • by FractalZone (950570) on Saturday July 15, 2006 @03:16PM (#15725375) Homepage
      I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea.

      Many IT administrators are barely-in-the-closet fascists. They enjoy making sure that their user bases have no privacy, cannot use their organizations phones or computers for anything that isn't "strictly business", are constantly under surveillance at the workplace, etc. These admins are usually on power trips -- they are usually hated by the users of the systems they (supposedly) support and those users often take pleasure in working against them in subtle (or at least anonymous) ways. These "Users versus IT Gestapo" situations are often entertaining to observe, as long as one isn't part of the problem.

      At the other extreme are the system and network administrators who allow (even encourage) users to do (or install) whatever they damn well please on their workstations (unless the action is obviously malicious or illegal). These admins must be masochistic -- the more computer illiterate the user base, the more likely it will figure out ways to create problems which require a week's worth of IT's time to correct, on a daily or even hourly basis. These nearly anarchistic computing environments are a lot of fun while they last -- which is rarely for longer than it takes for an oh-so-clever user to crash a server, delete someone else's files, sell organizational secrets, buy a drop-in pr0n site package and run it on the facilities at the workplace, make (what she thinks are) anonymous death threats, etc.

      Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.

      As someone who has tried to fall into that third, loosely defined group of IT administrators/managers when I've held such positions, I find it to be worth the effort to do the balancing/juggling act. Then again, I'm a practical libertarian and not a compulsively anal authoritarian by nature.
      • by gregmac (629064) on Saturday July 15, 2006 @03:54PM (#15725496) Homepage
        Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.

        I work at a small company, where my role only requires me to spend part of my time as an IT admin. I take this same approach, and find it's mutually beneficial. Users don't have install rights, but I also will install things on individual workstations that people ask for. (They actually used to have install rights on their personal workstations - not if they logged into others - but I had to take it away because they'd blindly install some web background program that would install 30 spyware applications. They were understanding when I removed that right after they saw the damage it caused). I've helped people setup their personal email accounts in thunderbird.

        I've read articles talking about how if you don't allow people time to do personal tasks at work, that instead of taking 5 or 10 or even 30 minutes of work time, they'll take a sick or vacation day to catch up on errands, and I can see this happening. Personally I don't really mind fixing a server issue on the weekend or late at night, because I'm afforded this flexibility at work. At some offices, as soon as it hits 5:00pm, everyone drops what they're doing and goes home.. that's just a sad situation. It's not that people should be expected to work late, or work exactly their 8 hours per day, but if, for example, a task will take 20 minutes to finish before you go home, versus 45 minutes if you have to start in the morning when it's no longer fresh in your mind, it's better to stay the 20 minutes. In a company where workers are prohibited from doing anythink but work on company time, they're obviously not going to be willing to go the other way, and sacrifice their personal time for work.

        • Realistically, it is often better to let users know that they are not being treated like a bunch of slaves, crooks, children or sheep at the workplace, but that management and IT administration have the right and ability to lock things down at any time for any reason. More importantly, it helps to let users know how public some of the activities they naively think are private actually are.

          Pointing out to a user that her favorite screensaver or wallpaper image comes from an external (to the organization)
  • Who cares... (Score:5, Informative)

    by Poromenos1 (830658) on Saturday July 15, 2006 @01:51PM (#15725082) Homepage
    TrueCrypt [truecrypt.org] is your friend. It's open source, it mounts as a drive and you can even have hidden volumes (so you can deny having stored porn when your gf tells you to show her). It's great.
  • I recognize that there may be some degree of opprobrium as a result of pointing this out, as most of us here believe in bringing the newest and fastest technology to bear on a given problem. I don't disagree with this approach; indeed, given Moore's Law and costs not dramatically increasing, one would be a fool not to recommend the regular upgrade of hardware and software every two to five years, depending on circumstances.

    Irregardless, news such as this points out that sometimes blindly following technology without carefully measuring its implications on IT and data processing can create issues. In the interest of bettering our approach to systems analysis and design, I feel it is important to quote: approximately 90% of the typical activities on 1/3rd of the computer systems out there can take 10-15% longer than performing their equivalents using a 50/50 methodology of planning the computing tasks first, computing the planned tasks second. In other words, you have to know where you are and where you want to be before you purchase and implement new systems; otherwise you not only run the risk of a wasted investment in extra or unnecessary technology (such as private folders when you only need and want public ones) but of having to backtrack and start again to purchase new technology to meet current, previous and future uses.

    Unfortunately this seems intuitive but it's not; in fact, in many ways it can actually be seen to be counterintuitive. In other words, it's a balance -- one of considering the importance of keeping pace with current technology while retaining past and projected compatability with previous and anticipated data storage and processing needs.

  • by djupedal (584558) on Saturday July 15, 2006 @01:53PM (#15725090)
    Why is there an option to adjust view incidence of Apple, but not MS? I would love to be able to have the option to push MS out to the horizon, please?

    "...but it's a bit of a sloppy release by Microsoft"

    Hate it when that happens...
  • Sigh.. (Score:3, Insightful)

    by ChowRiit (939581) on Saturday July 15, 2006 @01:53PM (#15725092)
    Couldn't they have just put a warning message/dislaimer in?

    This sort of kneejerk reaction, removing a useful feature, is excedingly irritating. It's not users aren't aware of the fact that if you password something, you'll then need to REMEMBER the password...
    • Re:Sigh.. (Score:4, Insightful)

      by will592 (551704) on Saturday July 15, 2006 @02:53PM (#15725303)
      I'm sure people will flame for this, especially hard core IT types, but at some level the reason that users forget passwords lies with IT/Security types themselves. Forcing users to remember passwords on multiple, disparate systems that each have unique restraints (No passwords that have been used in the last X changes, 3 different character classifications, passwords must be X characters long, that must be changed every X days) almost forces users to write down their passwords somewhere that they can retrieve them easiy. The problem is further compounded when the users is locked out after only a very few attempts. I understand the reasoning behind every rule but it is unreasonable, in my opinion, to force some sort of data entry clerk or analyst to remember logins for 4 different, often times rarely used, accounts that all have different security parameters. If you can't provide single sign on for your users and you have DOD grade requirements, then I think you lose the justification for being upset when they forget their passwords.

      Just my humble opinion,
      Chris
      • Re:Sigh.. (Score:4, Insightful)

        by CastrTroy (595695) on Saturday July 15, 2006 @03:09PM (#15725353) Homepage
        There's nothing wrong with writing your password down and keeping it in your wallet. You keep your credit cards, money, social insurance card, and a lot of other important stuff in your wallet. Why wouldln't your passwords be safe in your wallet. Besides, if you write them in a secret code, then nobody else can read them.
  • how do I patch it back in?
  • I guess they are doing this 1/2 assed for windows vista, but it would be nice to have different home and enterprise OS versions. A decent amount of features have been cut or rolled back because of enterprise. For example, personal folder encryption, wifi synch over activsynch, and I'm sure at least a couple others.
  • incompetent? (Score:5, Insightful)

    by MustardMan (52102) on Saturday July 15, 2006 @01:55PM (#15725104)
    I'm really starting to wonder if windows administrators should be working at my local burger king instead of with computers. It seems an awful lot of MS policy is dictated by these neanderthols. Hey - nice encryption feature added, and admins freak because they don't know how to block it. Sounds like the administrator's fault - they can't keep their users from installing unauthorized software? Encrypted folders should be the LEAST of their worries.

    It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?
    • Re:incompetent? (Score:5, Insightful)

      by 93 Escort Wagon (326346) on Saturday July 15, 2006 @02:49PM (#15725291)
      "It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?"

      Ah, who says Microsoft doesn't know how to do PR? "Patch Tuesday" was indeed sold to us as being schedule friendly; but the actual intent was to improve Microsoft's security image. Microsoft realized that releasing patch after patch every few days was making people think (rightly) that their OS was riddled with bugs and holes - even the non-IT press was talking about it.

      It seems to have largely worked. What with the "express install" option and such, most folks don't even realize they're installing 18 separate patches for a given month. We even get people on here, who should know better, mouthing untruths like "Oh, no one even knew about those holes until Microsoft patched them - so it's the user's fault if they get hacked".

      • ...most folks don't even realize they're installing 18 separate patches for a given month...

        At least, those actually with broadband.

    • Re:incompetent? (Score:2, Insightful)

      by MissP (728641)
      The reason Windows is the dominate operating system in the solar system is because it allows the so-called neanderthols to accomplish a lot, without really understanding the hows or whys. The fact that this is also the source of a myriad of other problems is really pretty irrelevant from a strictly business point of view. Microsoft is a hugely successful company because of this approach, so it should not come as a surprise that "a lot of MS policy is dictated by these neanderthols".
    • Re:incompetent? (Score:3, Interesting)

      by Hobophile (602318)

      Sounds like the administrator's fault - they can't keep their users from installing unauthorized software? Encrypted folders should be the LEAST of their worries.

      I understand the temptation to blame this all on incompetent Windows administrators, but depending on how the company is structured, IT may have little clout in enforcing policies on limited user rights. And sometimes the economic costs of such policies is difficult for the company to swallow. Take the following somewhat fictionalized examples.

  • I tried this out on my personal computer and the most annoying thing about it is that you have to store it on the desktop.

    There are far better third party folder encrypters out there than MPF.
    • Yo can delete the icon from your desktop. Then you can access it from explorer under Desktop... want it somewhere else? That's why we have shortcuts. :)

      Or if you want to be slicker about it you can get the NTFSLink tool and make a Junction to C:\Documents and Settings\\My Private Folder.
  • See this thread: EFS [slashdot.org] is Microsoft encryption that is also poorly implemented.

    I have heard no complaints about TrueCrypt [truecrypt.org], which is free, open source, developed by people with serious intelligence and dedication, and supports both Windows and Linux.
  • by dfloyd888 (672421) * on Saturday July 15, 2006 @02:04PM (#15725136)
    Windows Private Folders was released with the best of intent, but I can see 3-4 things that would have made it not so controversial.

    First, document how it stores/encrypts files. Does it sit on a front-end of an archiver or is it a pass-through encryption similar to what CFS does? What encryption algorithms does it use? WPF needs a lot more documentation.

    Second, release a group policy add-on that domain admins can use to restrict or block its use. MS should have released a domain policy add-on a couple weeks before the utility is available, so companies can push out a policy denying use of this utility on their network, or specifying a "master" password using a password or an EFS key for recovery reasons. This utility is good, but on computers owned by a business, this utility can create major liability and regulation issues.

    Third, it needs to be written with security in mind. How is the password stored? Is the password hashed, or is the password stored by decrypting part of the file similar to what TrueCrypt does so a hash algorithm failure doesn't compromise security? What mode (ECB, CBC) is the encryption running in? Is the decrypted password stored in secure memory, or can it be swapped to disk?

    Windows Private Folders isn't a bad utility, and I wish MS would release a version 2.0 of it that addresses concerns of business domains and some more documentation on how it works -- it is made for an easy to use place for home users to stick files in they don't want others to read. WPF just needed a little more planning behind its release.
  • by nuggz (69912) on Saturday July 15, 2006 @02:05PM (#15725141) Homepage
    MS seems to have forgotten who their real customer is.
    They didn't make controlling this easy enough for that customer.

    Security solutions need to be thought out a bit more carefully.
    What about using backdoored crypto with corporate issued keys? Wouldn't this make most everyone happy?
  • I am not the world's foremost Windows licensing guru, but I have an option on my XP Pro laptop which lets me encrypt files and directories.

    How is the retracted update different from the functionality which I have seen in-place since I bought the machine a year ago?

    • Re:Er. Uh. Uhm... (Score:3, Informative)

      by Planesdragon (210349)
      How is the retracted update different from the functionality which I have seen in-place since I bought the machine a year ago?

      Log on as a user. "encrypt" a file.

      Log on as an administrator. Go try and read that file.

      With MS's new toy, that wouldn't happen.
  • Fsck IT (Score:4, Insightful)

    by Detritus (11846) on Saturday July 15, 2006 @02:12PM (#15725154) Homepage
    It's a shame that Microsoft caved in to the whining of the IT control freaks. There are legitimate reasons to encrypt sensitive information, even in the corporate setting. If you think that the possession of the Administrator password means that you should have unfettered access to every scrap of data on the network, you need to see a psychiatrist about your delusions.
    • Why shouldn't it? If I'm in charge of managing, controling, supporting and securing a companie's machines then I damn well better be privy to every scrap of data on the machines. Whether I will use that is irellevant, I should indeed have access. Any one who charges you with securing something and doesn't give you full access to it is only looking for a security blanket. If you can't trust your IT guys with your sensitive data, then you need to get your data out of the IT guys domain or hold the IT guys inn
      • Agreed.

        If one is going to keep certain data out of sight of administrators, then one may as well not HAVE administrators at all, because the long term consequences are bound to be the same.

      • Re:Fsck IT (Score:5, Insightful)

        by Kadin2048 (468275) <slashdot DOT kadin AT xoxy DOT net> on Saturday July 15, 2006 @03:02PM (#15725330) Homepage Journal
        I think you're viewing the issue too narrowly.

        In any large company, there is a lot of information floating around that you are probably better off not having access to.

        While it doesn't make sense to have every secretary and general low-level peon be able to encrypt stuff in such a way that nobody can ever recover them, I would not want to have automatic access to extremely sensitive high-level stuff stored on the executive's systems. Why? Because if somehow it gets leaked, and you have the root password, you have zero plausible deniability. In other words, you become quite easy to scapegoat.

        If you work someplace where there isn't any internal backstabbing, and nobody above you would ever consider hanging their poor sysadmin out to dry in order to save their own pillowtalking ass, then great. Let me know where to send my resume.

        Generally speaking, while I would want to be sure that I had admin/override rights to all the people below me in a chain of command, I wouldn't want to have those rights to people above me in the chain of command. Not because I'd find the idea of reading my boss' email particularly tempting, but because when something Bad Happens, I want to be able to say with absolute candor, not only didn't I do anything, but I couldn't possibly have done anything.

        It's like having the keys to a file cabinet which contains information way above your security clearance level. I wouldn't want to have them, because I don't want to be the guy in the hot seat when somebody way above my pay grade fucks up and decides to find someone expendable to take the blame.

        Let the executives have their personal encrypted folders, with a nice big warning sign that says "If you forget your password, NOBODY ELSE WILL BE ABLE TO ACCESS THIS." If they forget their passwords, then it's their problem, or if they maliciously encrypt things as they're tendering their resignation, then it's Legal's problem. The last thing I'd want to do is make it my problem.
        • I would not want to have automatic access to extremely sensitive high-level stuff stored on the executive's systems. Why? Because if somehow it gets leaked, and you have the root password, you have zero plausible deniability. In other words, you become quite easy to scapegoat.

          But if you _don't_ have the root password, and security somehow got breached anyways and stuff put on the system that an administrator cannot access, there is no facility for effective damage control. It doesn't really matter that

    • Do you tell your Finance department to fuck off, that you'll do your own accounts better than they will?

      Do you tell your HR department to fuck off, that you know employment law better than they do?

      Do you tell your janitor to fuck off, because if they clean your toilet they might see the stains you left?

      Do you tell your product marketing manager to fuck off, that the product you designed is bound to have people who want to buy it?

      Do you tell your CEO to fuck off, that new merger negotiation is something you'
    • Not on the whole network... just on the actual machines to which you have the administrator password.

      Without that ability, it is very possible for a potentially malicious program to be sitting on a computer's hard drive in such a way that even an administrator could not do anything about.

    • Re:Fsck IT (Score:5, Insightful)

      by jimicus (737525) on Saturday July 15, 2006 @02:52PM (#15725300)
      Being able to access the data and actually doing so are two different things.

      I need to be able to access the data, if only for backup purposes. The person in the company with the password might be run over by a bus tommorow. Or if you prefer something less dramatic, they may regularly change their password (good!), forget their old one (who cares?) and then need to restore from an old backup to prove what was on the system 6 months ago (Ah....).

      But at the same time, with that power comes responsibility. If I was found to be accessing the data for any purpose other than "to provide a copy to give people who have a legitimate need to access it", I'd be sacked so fast....
    • Earlier this month a user forgot the password for their PST file. It was apparently full of personal e-mails. (Lots of FW: FW: FW: FW: FW: FW: FW: FW: type subject lines).

      Anyway, who gets called? IT. Our response was that she was pretty much on her own since it wasn't anything business related. So sure, the "we can't help you answer" works sometimes, but what about the case where you have an ex-employee who you have to press legal charges against? Yup, had this too not log ago.

      The long and short of it is th
    • Exactly. In most of the serious government/corporate places, giving data access to admins would be unimaginable.

      Most mainframes above C classification clearly separate data and system.

      I'd like to see some IT admin demand access to government secrets because he needs it to administer the system, or demanding access to banking details just because he administers the system. He'd get escorted out of the building and probably get imprisoned. Of course no systems use Windows where data - system separation is
  • I haven't used Windows in a couple of years. Could someone please enlighten me as to the difference between this and the NTFS encrypted files / folders that have been available since Windows 2000?
    • I believe the difference is that with the existing system, any encrypted folder can be accessed using an admin password. Not so with private folders. I have a certain sympathy with MS on this one. I can think of occasions where a business manager (say the CFO) would like to encrypt data without the IT staff having access to it.

      No wonder the It staff kicked up a fuss.
  • by Opportunist (166417) on Saturday July 15, 2006 @02:16PM (#15725171)
    I might be no expert in this area, but ... let's see...

    1. Patch for data encryption feature.
    2. User using data encryption.
    3. Patch for removial of data encryption.
    4. User accessing his encrypted data ... how?
  • by Anonymous Coward
    But why are enterprise end users installing software? Dont blame Microsoft for your problems.

    Why are you frantically trying to block something you dont know about - why dont you solve that problem by only allowing the software that has been approved? Why are there people that still dont understand that if a user can install appX, they can install virusX too? I mean really, you do understand this right?

    This was a home user product. IT wasnt intended for businesses.
  • by petard (117521) * on Saturday July 15, 2006 @02:17PM (#15725174) Homepage
    Instead of pitching a fit about new Microsoft software, why don't "I.T. Managers" do their jobs and manage the damn I.T.? Really. There are complex problems in I.T. for large businesses, but this is absolutely not one of them. Microsoft has given them the ability to manage software isntallations for years now. It's very simple, really. Users who cannot be trusted to install software like "Private Folder" without exposing the enterprise to increased risk of data loss should not have permission to install software. Full stop.

    Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.
  • > IT managers hit the roof when the option was added

    All you pr0n are belong to us!
  • Poor Windows admins, someone else is in control of their computers. My updated operating system has this new feature I don't want, and now I'm having a hard time trying to make it go away! Insane.
  • by CyberSlugGump (609485) on Saturday July 15, 2006 @02:59PM (#15725322)
    I was not impressed.
    Machine locked up when trying to change password. Apparently Symantec AntiVirus 9's AutoProtect feature was the problem. (Disabling AutoProtect lets you change the password.) Because Private Folder 1.0 is not officially supported by Microsoft, there is no way to report this isssue.

    Microsoft Private Folder 1.0 has an option to export encrypted files. The files remain encrypted, but the password must somehow be embedded in the exported files since you can go to a different computer with Private Fodler 1.0 installed to decrypt the files. HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password. Boot a machine with BartPE to look at the "My Private Folder" directory and the encrypted files look different than exported files (which leads me to think the password is embedded in the exported files). If you copy and paste encrypted files to that directory from BartPE/WinPE, you can make the data "unrecoverable"....
    • HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password.

      Data loss can be really painful, if the data were encrypted. Normally, the decryption key is embedded into the encrypted file itself, but the encryption key (let's denote it with k_E) itself is encrypted with something, a password for example, or the password's hash. So, even though k_E resides inside the encrypted file,

  • The one new Windows feature of that last 10 years that I was interested in, and it lasts all of a week.

    Maybe I need to look closer at Vista Home. At this rate it will have better privacy than the Professional version.
  • in otherwords (Score:3, Insightful)

    by geekoid (135745) <dadinportland@yBLUEahoo.com minus berry> on Sunday July 16, 2006 @04:28AM (#15727267) Homepage Journal
    Microsoft forgot that other companies treat there users like dumb shits and don't want to face up to the facts.

    People, stop being fucking elite about the computers. I have worked with people who are scared to do anything with the computers becasuse of IT's attitude.

    Here is a clur, tell the people if they use it and loose the password the data is gone. Most people will get that. If they don't and they loose valuable data too bad. They'll catch on, or they will be shown the door.

Take care of the luxuries and the necessities will take care of themselves. -- Lazarus Long

Working...