Microsoft Retracts Private Folder Option 336
An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."
That could've been a good feature! (Score:5, Insightful)
Re:That could've been a good feature! (Score:5, Interesting)
Re:That could've been a good feature! (Score:5, Interesting)
I find it amusing that Mac OS has had filevault for what, several years now, with no resulting cataclysm. MS introduces it and half the PC IT flip their lids and MS runs scared. What is wrong with these people? Sorry if I sound like a BOFH but if the user puts data into a vault and then loses their password, they will get no pity from me. Do we cry for the neighbor that just locked his keys in his car while it was running? No, we laugh and point fingers. Some actions carry a built-in penalty for blatant stupidity, and this is one of them. If I put a hammer in the toolbox at work and Joe cracks his thumb trying to hang a picture in his cubicle, do we chase after me for leaving a dangerous object within reach of the monkeys? No, again we laugh and point fingers.
If your company is impossibly tilted toward the users, then just add a line to the AUP that states that filevault or whatever is not and cannot be supported by IT and if you have problems with it you should not expect any help.
In some organizations, the head of IT thinks he's god. More often though it seems, the users think they are the chosen ones and that IT can do the work of gods.
Re:That could've been a good feature! (Score:3, Insightful)
Though Mac OSX has some great features, and is a fine operating system, it does not support some of the niche software and does not have the capabilities to be deployed in a company of hundreds, or thousands of computers. There could very well been i
Re:That could've been a good feature! (Score:4, Informative)
Re:That could've been a good feature! (Score:5, Insightful)
Of course, we're talking about the enterprise here, so XP Home is an exception. In an Active Directory domain, using Group Policy I can pretty much lockdown whatever I need to. I could make your start menu have only a couple items, make your account use a predefined user profile (and a read-only profile at that so, that any changes you make are gone at next login). I can even set domain-wide everyone's home page in Internet Explorer (and I can change pretty much every other setting in IE as well). The point being here, is that as the original poster said, you can lock Windows down to disallow users installing updates from Microsoft.
Re:That could've been a good feature! (Score:3, Interesting)
I know this because the last time I received a new machine, that's exactly what the IT department (of another branch of the company - don't ask, it's a long and boring story) did. Of course, they reckoned without two facts:
1) We're not part of the corporate Active Directory
2) We all get local admin
That took about 5 minutes of googling to circu
Re:That could've been a good feature! (Score:5, Insightful)
The problems you cited are problems in Windows, not in Firefox. In fact, Firefox has a built-in auto-update feature. On Linux systems, it is included in in the distribution's auto-updates.
The problem is that MS Windows does nothing to provide a centralized auto-update feature. If anything, your argument is to mean that Windows has no place in the corporate world yet.. which, is true, but not in practice.
Re:That could've been a good feature! (Score:4, Insightful)
Windows has nothing to do with this. Program files go into, well, Program Files. That's a strictly read-only directory for the Users group. And that's why, to update Firefox, you have to run it as administrator. The same holds for all other software - except that MS software gets updated through WSUS, and to some extent, can be centrally controlled through AD group policies - something that's unavailable in Firefox.
What is your point?
Of course not [windowsupdate.com]. Oh, you were talking about The One True Repository; well, you're out of context here.
It's true in your delusional mind - hundreds of millions of corporate workstations running Windows without problems and hundreds of millions of users refute your insane claims.
Re:That could've been a good feature! (Score:3, Informative)
I just want to clarify something. On my linux system (which is debian btw,) The Firefox (and Thunderbird) binaries are installed via Apt updates. Any themes and extentions you install are in your own profile, th
Re:That could've been a good feature! (Score:3, Insightful)
>> auto-update feature. On Linux systems, it is included in in the distribution's auto-updates.
> So are you suggesting that regular users get write access to Firefox' directory? That's a no-no. Do you
> give all users on your Linux/UN*X boxen write access to
> that users on Linux get to update the one and only copy of Firefox on the system, sans
Re:That could've been a good feature! (Score:3, Interesting)
He said the *users* couldn't update Firefox, which is true. Standard users don't have write access to the default installation directory of *any* program. Unless an admin does something monumentally stupid, users cannot install or update apps.
Hell, a Windows admin with half a clue will disable ActiveX (or allow only ActiveX controls to function on internal/approved sites) and block the installation of even certified drivers, so the OP's comment about kind-of-sort-of fudging an inst
Re:That could've been a good feature! (Score:3, Insightful)
> Be knowledgeable before criticizing. You make open source advocates look like ignorant, frothing
> zealots when you blow up into a clueless rant. Google for Software Update Services (or SUS). It is
> exactly what you claim does not exist, and it works for all of the mainline MS products (Windows,
> Office, IE, and their server products).
Last I checked, "Windows Update" and "SUS" will not lo
Re:That could've been a good feature! (Score:3, Insightful)
Actually we do allow PGP, under the premise 'if you hose it, your data is gone'.
Re:That could've been a good feature! (Score:4, Insightful)
Suuuure. That will work when the CEO comes a-knockin' on the door... "uh, Nurb, I had my speech to the local Chamber of Commerce in this folder, I sweated bullets on it for six weeks, the speech is in three hours, and [I forgot the password|the password doesn't work]."
we do allow PGP
My point exactly. It's doubtful the CEO will know enough to PGP encrypt a file, but they do know how to get to that context menu quickly enough...
Not that I'm espousing deleting the functionality, mind you; it's pretty cool. But the premise of "making the user responsible" seems credible in inverse proportion to the level at which the person is in the company.
Re:That could've been a good feature! (Score:3, Interesting)
It worked...
As others have said, these things don't apply to CEOs.. that get local admin because.. well.. are you going to refuse someone who can fire your ass?
Nothing for you to see here. Please move along. (Score:5, Informative)
Oh great, they retracted the article too!
But more seriously... you can still download it here: http://fileforum.betanews.com/detail/Microsoft_Pri vate_Folder/1152200243/1 [betanews.com] (redirects to download.microsoft.com) all that was removed was the HTML download page.
On a related note, are the legions of ZIP tool companies going to retract ZIP encryption or password protection? Other archive format encryption schemes? How about general encryption programs? Oh f***, I wrote a DES implementation once, I'm screwed now aren't I?
Walled Garden? (Score:2, Interesting)
Re:Nothing for you to see here. Please move along. (Score:3, Interesting)
A policy blocking the use of the Folder lock application would be 'easy' to implement as easy as creating a local or AD Recovery Agent.
The people yelling about this the most are the 'least' likely to be running with well defined AD policies with EFS Agents set or might not even be running under a AD environment. (Think mom and pop organizations too.)
BTW, you do realize that the EFS Recovery Agent 'does not' require AD? It can be
Why didn't MS see this coming? (Score:2, Insightful)
I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea. Good stuff :)
http://religiousfreaks.com/ [religiousfreaks.com]Re:Why didn't MS see this coming? (Score:2, Insightful)
"this looks good, let's release it." "oh noez i can't keep my users from installing this and then forgetting their passwords! arrrrrrgh m$ is teh evils!" "damn, these idiots managed to mess up a good thing once again, pull it back until the clowns managing networks can catch up to the rest of us or get fired and replaced with people who didn't go to Burger King Tech Institute."
Re:Why didn't MS see this coming? (Score:3, Interesting)
At most companies the closest developers (and PM's if you're MS) at come to IT is when they have a problem with their office workstation. They call/email IT and someone swings by to fix the problem.
Sure, there are companies where the IT people think up & implement features in key products. MS is not one of them.
Private Folders, harsh admins, and common sense (Score:4, Insightful)
Many IT administrators are barely-in-the-closet fascists. They enjoy making sure that their user bases have no privacy, cannot use their organizations phones or computers for anything that isn't "strictly business", are constantly under surveillance at the workplace, etc. These admins are usually on power trips -- they are usually hated by the users of the systems they (supposedly) support and those users often take pleasure in working against them in subtle (or at least anonymous) ways. These "Users versus IT Gestapo" situations are often entertaining to observe, as long as one isn't part of the problem.
At the other extreme are the system and network administrators who allow (even encourage) users to do (or install) whatever they damn well please on their workstations (unless the action is obviously malicious or illegal). These admins must be masochistic -- the more computer illiterate the user base, the more likely it will figure out ways to create problems which require a week's worth of IT's time to correct, on a daily or even hourly basis. These nearly anarchistic computing environments are a lot of fun while they last -- which is rarely for longer than it takes for an oh-so-clever user to crash a server, delete someone else's files, sell organizational secrets, buy a drop-in pr0n site package and run it on the facilities at the workplace, make (what she thinks are) anonymous death threats, etc.
Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.
As someone who has tried to fall into that third, loosely defined group of IT administrators/managers when I've held such positions, I find it to be worth the effort to do the balancing/juggling act. Then again, I'm a practical libertarian and not a compulsively anal authoritarian by nature.
Re:Private Folders, harsh admins, and common sense (Score:4, Interesting)
I work at a small company, where my role only requires me to spend part of my time as an IT admin. I take this same approach, and find it's mutually beneficial. Users don't have install rights, but I also will install things on individual workstations that people ask for. (They actually used to have install rights on their personal workstations - not if they logged into others - but I had to take it away because they'd blindly install some web background program that would install 30 spyware applications. They were understanding when I removed that right after they saw the damage it caused). I've helped people setup their personal email accounts in thunderbird.
I've read articles talking about how if you don't allow people time to do personal tasks at work, that instead of taking 5 or 10 or even 30 minutes of work time, they'll take a sick or vacation day to catch up on errands, and I can see this happening. Personally I don't really mind fixing a server issue on the weekend or late at night, because I'm afforded this flexibility at work. At some offices, as soon as it hits 5:00pm, everyone drops what they're doing and goes home.. that's just a sad situation. It's not that people should be expected to work late, or work exactly their 8 hours per day, but if, for example, a task will take 20 minutes to finish before you go home, versus 45 minutes if you have to start in the morning when it's no longer fresh in your mind, it's better to stay the 20 minutes. In a company where workers are prohibited from doing anythink but work on company time, they're obviously not going to be willing to go the other way, and sacrifice their personal time for work.
Re:Private Folders, harsh admins, and common sense (Score:3, Interesting)
Pointing out to a user that her favorite screensaver or wallpaper image comes from an external (to the organization)
Re:Why didn't MS see this coming? (Score:5, Funny)
By the way, the folders are fucking ENCRYPTED. You can't decrypt data by saying "THIS IS YOUR ADMINISTRATOR, OPEN UP!"
Key escrow? (Score:3, Insightful)
Unless all decryption keys are registered on the domain controller.
Re:Key escrow? (Score:5, Insightful)
Re:Key escrow? (Score:5, Insightful)
This is like saying the Postal Service is responsible if a letter I write in Sanskrit arrives at its destination in Sanskrit instead of English.
The sysadmin should preserve the data just fine, the encrypted data. If employees keep losing their work to encryption, treat the employees the same way you would treat them if they keep inadvertantly shredding important documents. You wouldn't complain to the shredder company because the shredder doesn't have an undo button.
Re:Key escrow? (Score:5, Funny)
> have an undo button.
I wouldn't, but my users probably would.
Re:Why didn't MS see this coming? (Score:5, Funny)
Re:Why didn't MS see this coming? (Score:5, Funny)
Re:Why didn't MS see this coming? (Score:3, Insightful)
IMO, most of the "But we need to be able to stop the admin seeing stuff" comments are probably from kids still in school, who would rather the affected data was lost than be readable by the admin in the event of something bad happening. (They generally give themselves away when they say "My school blocked this...")
It would be interesting to see how many of them retain this view the first ti
Re:Why didn't MS see this coming? (Score:5, Insightful)
Companies with "Big Brother" policies also come to mind. Things like your personal resume (which we should always keep up to date), or contact lists might be construed as someone job-shopping and lead to retribution. Seen it happen.
Lastly, there is the legitimate issue of controlling data access at a more granular level. All kinds of HR information need to be eyes-only, and not subject to the SysAdmin's probing eyes. One old job, the system administrator found the spreadsheet with everyone in the company's salary, coming bonus (2 months), and raise (3 months out) information. This led to several people jumping ship or demanding more money, and created a lack of trust of management. Personnel disciplinary letters should also be protected in some organizations.
Without the facility, many of these documents become "sneaker-netted", which doesn't help the organization any.
Re:Why didn't MS see this coming? (Score:5, Funny)
By the way, the folders are fucking ENCRYPTED. You can't decrypt data by saying "THIS IS YOUR ADMINISTRATOR, OPEN UP!"
Not unless it was the password the user chose to encrypt the data with.
Who cares... (Score:5, Informative)
Re:Who cares... (Score:4, Funny)
Re:Who cares... (Score:2)
fix (Score:4, Funny)
Re:fix (Score:5, Funny)
Something about the fact that this was modded "informative" is frankly scary.
Re:Who cares... (Score:5, Funny)
Re:Who cares... (Score:5, Funny)
Re:Who cares... (Score:5, Funny)
Re:Who cares... (Score:5, Funny)
Re:Who cares... (Score:3, Insightful)
You know, I see this a lot on
I don't know if you people have no gfs or wives, or if you live in the US, or what. If you can't tell your gf/wife what porn you like you have a bigger problem than how to encrypt it. How the fuck do you think you can have a satisfying relationship if you can't reveal intimate desires?
Get out into the real world or, respectively, move to a place where the christian
Re:Who cares... (Score:3, Funny)
Re:Who cares... (Score:5, Funny)
Re:Who cares... (Score:3, Funny)
Re:Who cares... (Score:3, Insightful)
If you have an Empornium account, this this [empornium.us] is it.
What an example of technology outpacing function.. (Score:4, Funny)
I recognize that there may be some degree of opprobrium as a result of pointing this out, as most of us here believe in bringing the newest and fastest technology to bear on a given problem. I don't disagree with this approach; indeed, given Moore's Law and costs not dramatically increasing, one would be a fool not to recommend the regular upgrade of hardware and software every two to five years, depending on circumstances.
Irregardless, news such as this points out that sometimes blindly following technology without carefully measuring its implications on IT and data processing can create issues. In the interest of bettering our approach to systems analysis and design, I feel it is important to quote: approximately 90% of the typical activities on 1/3rd of the computer systems out there can take 10-15% longer than performing their equivalents using a 50/50 methodology of planning the computing tasks first, computing the planned tasks second. In other words, you have to know where you are and where you want to be before you purchase and implement new systems; otherwise you not only run the risk of a wasted investment in extra or unnecessary technology (such as private folders when you only need and want public ones) but of having to backtrack and start again to purchase new technology to meet current, previous and future uses.
Unfortunately this seems intuitive but it's not; in fact, in many ways it can actually be seen to be counterintuitive. In other words, it's a balance -- one of considering the importance of keeping pace with current technology while retaining past and projected compatability with previous and anticipated data storage and processing needs.
Re:What an example of vocabulary outpacing functio (Score:3, Informative)
Speaking of which (Score:4, Funny)
"...but it's a bit of a sloppy release by Microsoft"
Hate it when that happens...
Sigh.. (Score:3, Insightful)
This sort of kneejerk reaction, removing a useful feature, is excedingly irritating. It's not users aren't aware of the fact that if you password something, you'll then need to REMEMBER the password...
Re:Sigh.. (Score:4, Insightful)
Just my humble opinion,
Chris
Re:Sigh.. (Score:4, Insightful)
Re:Sigh.. (Score:3, Funny)
Okay, so they patched it out ... (Score:2)
Separate enterprise (Score:2)
incompetent? (Score:5, Insightful)
It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?
Re:incompetent? (Score:5, Insightful)
Ah, who says Microsoft doesn't know how to do PR? "Patch Tuesday" was indeed sold to us as being schedule friendly; but the actual intent was to improve Microsoft's security image. Microsoft realized that releasing patch after patch every few days was making people think (rightly) that their OS was riddled with bugs and holes - even the non-IT press was talking about it.
It seems to have largely worked. What with the "express install" option and such, most folks don't even realize they're installing 18 separate patches for a given month. We even get people on here, who should know better, mouthing untruths like "Oh, no one even knew about those holes until Microsoft patched them - so it's the user's fault if they get hacked".
Re:incompetent? (Score:2)
At least, those actually with broadband.
Re:incompetent? (Score:2, Insightful)
Re:incompetent? (Score:3, Interesting)
I understand the temptation to blame this all on incompetent Windows administrators, but depending on how the company is structured, IT may have little clout in enforcing policies on limited user rights. And sometimes the economic costs of such policies is difficult for the company to swallow. Take the following somewhat fictionalized examples.
Re:incompetent? (Score:2)
there's a big difference between
A: "i just pushed the EasyButton(tm) and then the lights went out, EasyButton was not supposed to have that postcondition"
and
B: "i repeatedly ran that custom script i made for getting rid of last year's september worm on our brand new heisenberg compensator and then suddenly the lights went out, no idea how it could lead to that"
B guy would probably be more competent and achieve a longer average system uptime if he is good enough,
i tried this out... (Score:2, Insightful)
There are far better third party folder encrypters out there than MPF.
Re:i tried this out... (Score:3, Informative)
Yo can delete the icon from your desktop. Then you can access it from explorer under Desktop... want it somewhere else? That's why we have shortcuts. :)
Or if you want to be slicker about it you can get the NTFSLink tool and make a Junction to C:\Documents and Settings\\My Private Folder.EFS is very poorly documented. Limits & failur (Score:2)
I have heard no complaints about TrueCrypt [truecrypt.org], which is free, open source, developed by people with serious intelligence and dedication, and supports both Windows and Linux.
WPF was released with good intentions (Score:5, Insightful)
First, document how it stores/encrypts files. Does it sit on a front-end of an archiver or is it a pass-through encryption similar to what CFS does? What encryption algorithms does it use? WPF needs a lot more documentation.
Second, release a group policy add-on that domain admins can use to restrict or block its use. MS should have released a domain policy add-on a couple weeks before the utility is available, so companies can push out a policy denying use of this utility on their network, or specifying a "master" password using a password or an EFS key for recovery reasons. This utility is good, but on computers owned by a business, this utility can create major liability and regulation issues.
Third, it needs to be written with security in mind. How is the password stored? Is the password hashed, or is the password stored by decrypting part of the file similar to what TrueCrypt does so a hash algorithm failure doesn't compromise security? What mode (ECB, CBC) is the encryption running in? Is the decrypted password stored in secure memory, or can it be swapped to disk?
Windows Private Folders isn't a bad utility, and I wish MS would release a version 2.0 of it that addresses concerns of business domains and some more documentation on how it works -- it is made for an easy to use place for home users to stick files in they don't want others to read. WPF just needed a little more planning behind its release.
Customer, ease of use, security (Score:3, Interesting)
They didn't make controlling this easy enough for that customer.
Security solutions need to be thought out a bit more carefully.
What about using backdoored crypto with corporate issued keys? Wouldn't this make most everyone happy?
Re:Customer, ease of use, security (Score:3, Insightful)
Dell, the RIAA and the DVD Forum.
KFG
Er. Uh. Uhm... (Score:2)
How is the retracted update different from the functionality which I have seen in-place since I bought the machine a year ago?
Re:Er. Uh. Uhm... (Score:3, Informative)
Log on as a user. "encrypt" a file.
Log on as an administrator. Go try and read that file.
With MS's new toy, that wouldn't happen.
Fsck IT (Score:4, Insightful)
Re:Fsck IT (Score:2)
Re:Fsck IT (Score:2)
Agreed.
If one is going to keep certain data out of sight of administrators, then one may as well not HAVE administrators at all, because the long term consequences are bound to be the same.
Re:Fsck IT (Score:5, Insightful)
In any large company, there is a lot of information floating around that you are probably better off not having access to.
While it doesn't make sense to have every secretary and general low-level peon be able to encrypt stuff in such a way that nobody can ever recover them, I would not want to have automatic access to extremely sensitive high-level stuff stored on the executive's systems. Why? Because if somehow it gets leaked, and you have the root password, you have zero plausible deniability. In other words, you become quite easy to scapegoat.
If you work someplace where there isn't any internal backstabbing, and nobody above you would ever consider hanging their poor sysadmin out to dry in order to save their own pillowtalking ass, then great. Let me know where to send my resume.
Generally speaking, while I would want to be sure that I had admin/override rights to all the people below me in a chain of command, I wouldn't want to have those rights to people above me in the chain of command. Not because I'd find the idea of reading my boss' email particularly tempting, but because when something Bad Happens, I want to be able to say with absolute candor, not only didn't I do anything, but I couldn't possibly have done anything.
It's like having the keys to a file cabinet which contains information way above your security clearance level. I wouldn't want to have them, because I don't want to be the guy in the hot seat when somebody way above my pay grade fucks up and decides to find someone expendable to take the blame.
Let the executives have their personal encrypted folders, with a nice big warning sign that says "If you forget your password, NOBODY ELSE WILL BE ABLE TO ACCESS THIS." If they forget their passwords, then it's their problem, or if they maliciously encrypt things as they're tendering their resignation, then it's Legal's problem. The last thing I'd want to do is make it my problem.
Re:Fsck IT (Score:2)
But if you _don't_ have the root password, and security somehow got breached anyways and stuff put on the system that an administrator cannot access, there is no facility for effective damage control. It doesn't really matter that
Re:Fsck IT (Score:2)
Do you tell your HR department to fuck off, that you know employment law better than they do?
Do you tell your janitor to fuck off, because if they clean your toilet they might see the stains you left?
Do you tell your product marketing manager to fuck off, that the product you designed is bound to have people who want to buy it?
Do you tell your CEO to fuck off, that new merger negotiation is something you'
Re:Fsck IT (Score:2)
Not on the whole network... just on the actual machines to which you have the administrator password.
Without that ability, it is very possible for a potentially malicious program to be sitting on a computer's hard drive in such a way that even an administrator could not do anything about.
Re:Fsck IT (Score:5, Insightful)
I need to be able to access the data, if only for backup purposes. The person in the company with the password might be run over by a bus tommorow. Or if you prefer something less dramatic, they may regularly change their password (good!), forget their old one (who cares?) and then need to restore from an old backup to prove what was on the system 6 months ago (Ah....).
But at the same time, with that power comes responsibility. If I was found to be accessing the data for any purpose other than "to provide a copy to give people who have a legitimate need to access it", I'd be sacked so fast....
Re:Fsck IT (Score:2)
Anyway, who gets called? IT. Our response was that she was pretty much on her own since it wasn't anything business related. So sure, the "we can't help you answer" works sometimes, but what about the case where you have an ex-employee who you have to press legal charges against? Yup, had this too not log ago.
The long and short of it is th
Re:Fsck IT (Score:2)
Most mainframes above C classification clearly separate data and system.
I'd like to see some IT admin demand access to government secrets because he needs it to administer the system, or demanding access to banking details just because he administers the system. He'd get escorted out of the building and probably get imprisoned. Of course no systems use Windows where data - system separation is
NTFS? (Score:2)
Re:NTFS? (Score:2)
No wonder the It staff kicked up a fuss.
Erh.. could this lead to MORE inaccessable data? (Score:3, Insightful)
1. Patch for data encryption feature.
2. User using data encryption.
3. Patch for removial of data encryption.
4. User accessing his encrypted data
why are enterprise end users installing software (Score:2, Insightful)
Why are you frantically trying to block something you dont know about - why dont you solve that problem by only allowing the software that has been approved? Why are there people that still dont understand that if a user can install appX, they can install virusX too? I mean really, you do understand this right?
This was a home user product. IT wasnt intended for businesses.
IT Managers should try doing their jobs instead (Score:5, Insightful)
Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.
Pr0n (Score:2)
All you pr0n are belong to us!
Ho hey for a customizable OS! (Score:2)
I decided to try this software (Score:4, Informative)
Machine locked up when trying to change password. Apparently Symantec AntiVirus 9's AutoProtect feature was the problem. (Disabling AutoProtect lets you change the password.) Because Private Folder 1.0 is not officially supported by Microsoft, there is no way to report this isssue.
Microsoft Private Folder 1.0 has an option to export encrypted files. The files remain encrypted, but the password must somehow be embedded in the exported files since you can go to a different computer with Private Fodler 1.0 installed to decrypt the files. HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password. Boot a machine with BartPE to look at the "My Private Folder" directory and the encrypted files look different than exported files (which leads me to think the password is embedded in the exported files). If you copy and paste encrypted files to that directory from BartPE/WinPE, you can make the data "unrecoverable"....
Re:I decided to try this software (Score:3, Informative)
Data loss can be really painful, if the data were encrypted. Normally, the decryption key is embedded into the encrypted file itself, but the encryption key (let's denote it with k_E) itself is encrypted with something, a password for example, or the password's hash. So, even though k_E resides inside the encrypted file,
Oh great. (Score:2)
Maybe I need to look closer at Vista Home. At this rate it will have better privacy than the Professional version.
in otherwords (Score:3, Insightful)
People, stop being fucking elite about the computers. I have worked with people who are scared to do anything with the computers becasuse of IT's attitude.
Here is a clur, tell the people if they use it and loose the password the data is gone. Most people will get that. If they don't and they loose valuable data too bad. They'll catch on, or they will be shown the door.
Re:Why do i get the feeling its about lost control (Score:2, Insightful)
Re:Who's threatened? (Score:4, Insightful)
Re:Who's threatened? (Score:3, Insightful)
You already have a level of trust with your users. Why doesn't that trust extend to a new techology with the same level of associated potential concequences (data loss)?
The only possible answers to that question are that you don't really trust your users at all (in which case you're a moron for giving them any access before giving them training), or that you don't understand the new techno
Re:Who's threatened? (Score:2)
Because every time data is lost, regardless of the cause, IT is expected to wave its magic wand and bring the data back. Sooner or later, the person losing the data is going to be high enough in the pecking order to get someone in IT sacked because the data wasn't recoverable.
Re:Who's threatened? (Score:2)
Anyhow, back on topic, let me ask you some questions: your work machine, did you buy it yourself? Did you pay for it out of your own pocket? Did the company give it to you to put your own private stuff on? The data your produce, did the company tell you to keep it yourself, that they don't want it? Has your company lawyer told you that it's fine to keep anything you want on that machine, that being sued is fun? Did you sign a contract sa
Re:Who's threatened? (Score:2)
Companies pay fees for specific work; they don't own souls.
Re:Who's threatened? (Score:2)