Folder Guard User's Guide

Folder Guard^® User's Guide

Introduction

Legal notices

The software described in this guide is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WinAbility Software Corporation. WinAbility Software Corporation may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from WinAbility Software Corporation, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

NO WARRANTY

The technical information in this document is provided AS-IS and WinAbility Software Corporation makes no warranty as to its accuracy or use. Any use of the information contained herein is at the risk of the user. This document may include technical or other inaccuracies or typographical errors.

Copyright Notice

Trademarks

WinAbility, WinAbility.Com, Folder Guard, and "The Way Software Should Be!" are either registered trademarks or trademarks of WinAbility Software Corporation and/or its suppliers in the U.S.A. and/or other countries. Other product and company names mentioned in this document may be the trademarks or registered trademarks of their respective owners and are hereby acknowledged.

Folder Guard Overview

Thank you for choosing Folder Guard!

Folder Guard is a computer security software tool that lets you password-protect, hide, or restrict access to files and folders of your choice, and also restrict access to other Windows resources, such as Control Panel, Start Menu, Desktop, and more. You can configure the protection so that only specific users would be restricted, on both stand-alone and networked computers.

CAUTION: Folder Guard is a powerful tool that should be used with care. Please take time reading this User's Guide before protecting access to your important documents!

With Folder Guard you can:

Protect your private files and folders with passwords

You can protect virtually any folder or file with a password, allowing only the authorized users to open the protected files or folders. You can protect an unlimited number of files and folders, each with its own password, or you can use the master password of Folder Guard to unprotect them all at once.

Hide your personal folders from other users

You can set up Folder Guard to make your private folders invisible (or appear to be empty) to other users. The folder would be hidden from virtually any program, including Windows Explorer, Office, MS-DOS programs, etc.

Restrict access to Control Panel, Start Menu, Desktop, etc.

You can use Folder Guard to allow only certain users change the computer settings with Control Panel, while denying that to other users. You can control access to various settings of Start Menu, Desktop, Taskbar, and other Windows resources.

Restrict access to the floppy, CD-ROM and other removable drives

You can use configure Folder Guard to allow or deny access to the removable drives, restricting the user's ability to run or install unauthorized programs on your computer.

Protection without encryption

Folder Guard protects your files without encrypting them. It means that there is no danger of losing your documents if you lose your encryption key: with Folder Guard all your files remain intact, without modification of any kind.

Quickly enable or disable the protected folders via a "hot key"

You can choose a specific keyboard combination as the hot key of Folder Guard, to be able to quickly enable or disable the protection of your computer. Of course, the "hot key" is protected with your password, too, only you can use it!

Optional "stealth mode" of operation

You can set up Folder Guard to operate in the stealth mode, to hide its own files and shortcuts from being seen by other users. You would still be able to control Folder Guard via the "hot key".

Easy recovery in case of emergency

If you forget your password, or experience other problems, simply use the Emergency Recovery Utility (available for free download from our web site) to quickly restore access to your protected folder.

And more!

You will find Folder Guard indispensable if you share your computer with others and you don't want any changes made to your files. Or, if you allow your kids to play games on your system from time to time, and want to be sure that everything will be OK when they finish. Or, if you don't want your parents to see some of your files. Or, if you are a network administrator and your users give you a headache messing the files up all the time. However you use Windows, you may have concerns about the security, privacy, or confidentiality of your files. And now you have a single, effective solution - Folder Guard.

If you have not done so yet, visit our web site now and download a free no-strings-attached-no-obligation evaluation version of Folder Guard and see for yourself how Folder Guard can be of use to you:

Note: Folder Guard helps you protect files and folders from the prying eyes of most Windows users. This protection, however, is not intended to withstand attack by anyone who has sufficient time and expertise.

How Folder Guard works

Relax, you don't have to read or understand this section in order to use Folder Guard. We have provided this information only in case you are really curious. You can safely skip this section and go to the next one.

As you probably know, most Windows programs don't work with files and folders directly; they rely on the support provided by the Windows operating system to work with files and folders. (It makes each program able to work with wide range of the storage devices, letting Windows take care of the details). For example, if you use Windows Notepad to open a text document, the Notepad program first prepares a special request for the contents of the disk and sends this request to Windows. Having received the request, Windows searches its internal data structures and the contents of the disks, and returns the results back to Notepad, which in turn shows the files and folders to you in the Open File window. After you have selected the file and pressed OK, Notepad prepares another request for opening the file you have selected, and sends it to Windows, as well. Windows reads the appropriate bytes of data from the disk and returns them back to Notepad, that shows them to you in its window. In reality, the procedure is much more complex: even a simple operation like the one described above may take hundreds of different requests sent back and forth between the program and Windows, before you can see the results on the screen. All such requests and actions are performed by the programs transparently to you, and you don't even have to know what is going on under the Windows hood, unless you really want to.

Folder Guard works by intercepting the system requests that Windows programs and Windows itself exchange between each other. Folder Guard analyses the requests and the data they contain, and uses the attributes of the files and folders that you have set up with Folder Guard to allow or deny such requests. For example, if you designated a file to be read-only, and some program sends a request to read information from this file, Folder Guard allows such request to go through without intervention, and passes the results from Windows back to the program. If, however, a program sends a request to write some data into such file, Folder Guard intercepts it, and returns it back to the program without passing it to Windows. This prevents the file from being overridden (as per the read-only attribute), and makes the program display an error message such as "Access denied" or similar.

That's how Folder Guard works.

What's new in this version of Folder Guard

Version 8.2 (September 25, 2009)

A problem has been corrected that prevented the password prompts for the locked folders to appear after double-clicking on them in Windows 7.

Several other improvements have been made to make Folder Guard fully compatible with Windows 7.

The Export/Import Working Set commands have been replaced with the Administrator's Kit.

Version 8.1 (March 25, 2009)

A problem has been corrected that prevented entering upper-case characters in the passwords.

A problem has been corrected that prevented the option "Show password" from working when the option "Protect password prompts from the Password stealers" was disabled.

Several other minor improvements and corrections have been made.

Version 8.0 (January 31, 2009)

The separate editions have been combined into one installation package.

New images from icons-icons.com have been added.

The size of the toolbar buttons can now be selected by the user.

A new permission has been added: Allow Task Manager.

Several minor improvements and corrections have been made.

System requirements for Folder Guard

Folder Guard is for Windows 7, Vista, XP, and similar versions of Windows (such as Windows Media Center Edition). It is also backward compatible with Windows 2000. Both 32-bit and x64 editions of Windows are supported. Folder Guard is NOT compatible with Windows 95, 98, Me, Windows NT 4.0 or any older version of Windows.

There are no special requirements or recommendations except the obvious one: the better processor and more RAM your computer has, the better Folder Guard will perform.

How to install Folder Guard

Login to Windows as the administrator, or as a power user. If you login as a regular or limited user, you may not be able to install or use this software.
To begin the installation, simply run the installation file. If you do not have the installation file, please visit our web site to download the latest version:
http://www.winability.com/download/
Note that if you have a previous version of this software already installed on your computer, the installation utility may prompt you to restart the computer, in order to be able to replace the files currently in use by Windows.
The installation program will walk you through the process of setting up Folder Guard. You will be prompted to read and accept the End User License Agreement, and to select the installation options such as the folder where to copy the files.
After you press the Finish button, the installation program will copy the files into the specified folder and configure Windows for using Folder Guard. If the installation program detects that your version of Windows is 64-bit, it installs the 64-bit executables. Othrewise, it installs the 32-bit files.
IMPORTANT: Make a backup copy of the installation file of Folder Guard that you have downloaded from our web site, as well as a copy of the message with your license key, on a CD-R or other removable disk, because if you ever need to reinstall the software, you will need both, the installation file and your license information to install the program in the fully-licensed mode. It's not enough to store the files on your hard disk, because when (not if) it crashes, you will lose the files. (Yes, hard disks do crash, believe us!) We provide for download from our web site the latest versions of the installation files only. When we release an updated version, we remove the older version from the download area, so the installation file with the version that you have purchased may not be available for download in the future. Remember, it's your responsibility to backup your important files! If you do misplace your license key or the installation file that we no longer offer for download, please use this link to order a replacement:
http://www.winability.com/purchase/?lost_key

How to uninstall Folder Guard

To completely uninstall Folder Guard, it's not enough to simply delete its program files from the installation folder. To completely remove Folder Guard from your computer, follow the instructions below.

IMPORTANT: If your computer is configured for several user accounts, login into the same user account that you were logged in when you installed Folder Guard. If you use Windows Fast User Switching, log off from all other accounts before trying to uninstall Folder Guard.

NOTE: If you have enabled the stealth mode of operation of Folder Guard, it has hidden the Uninstall Folder Guard command from the Start menu, as well as from the Add/Remove Programs list of Windows Control Panel. To restore these commands, run Folder Guard and use its Tools - Advanced - Stealth Mode command the turn the stealth mode off, then exit Folder Guard before continuing.

Method 1

Open Windows Control Panel, open the Programs and Features (or Add/Remove Programs) item, and use it to uninstall Folder Guard.

Method 2

Run the Setup utility of Folder Guard with the command line switch /U. That is, choose Start - Run, and enter the following command:

If you use a 32-bit version of Windows:

"C:\Program Files\Folder Guard\Setup.exe" /U

If you use a 64-bit version of Windows:

"C:\Program Files\Folder Guard\Setup64.exe" /U

(This command assumes that you have installed Folder Guard into the folder C:\Program Files\Folder Guard; if not, please enter the correct path to Setup.exe (or Setup64.exe) in the command line above. Also note the double quotes around the path, as well as a space character in front of the /U switch, they are important parts of the command and necessary for it to work properly).

You will be prompted to enter your Master Password before the uninstalling could be continued. This is necessary to protect Folder Guard from being removed by unauthorized users. If you forget your password, use the Emergency Recovery Utility to reset it.

You may also be prompted to restart your computer, in order to deactivate Folder Guard and release the files that are currently in use by Windows, before they can be uninstalled.

Free vs. Continued use

You can use Folder Guard for the first 30 days FREE OF CHARGE, with no strings attached and absolutely no obligation to purchase anything!

During the 30 Free Days the operation of the software is not limited in any way, it is 100% functional. We make the software work without limitations so you can have a real look at it and decide whether or not it fits your needs. The only difference in the operation of the software during the free days is the Welcome screen that may be shown when you start Folder Guard:

Please remember that Folder Guard is NOT free or public domain software. It is free for the first 30 days only. If you want to use the software after that, you must either purchase a license for continued use of the program, or uninstall Folder Guard from your computer. For the complete terms of use, please refer to file License.txt that is installed along with other files of Folder Guard.

Specifying the protection attributes:

To protect a folder, you need to assign the desired protection attributes to that folder, using the commands of Folder Guard. For example, if you want to stop other users from opening the files from the folder, you would assign the No Access attribute to it. If you want the folder to appear empty, as if there were no files in that folder, you would assign the Empty attribute, and so on. (Read here the descriptions of all protection attributes you can use with Folder Guard.

Enabling the protection:

While you are configuring the protection using the commands of Folder Guard, no actual protection is taking place yet. To start protecting the folders and other resources, you need to enable the protection. You can do in several ways: by using the Tools - Enable Protection command of Folder Guard main program, or, if Folder Guard is not running, by pressing the hot key of Folder Guard, or by using the Start - Programs - Folder Guard - Toggle Protection command. You can also configure Folder Guard so that the protection would be enabled automatically for you at Windows startup.

Quick Start Wizard:

Folder Guard now includes Quick Start Wizard that can guide you through the steps necessary to protect your folders and configure the startup options properly. If you are not familiar with Folder Guard, it's highly recommended that you would to start using Folder Guard via the Quick Start Wizard: it can considerably reduce the time necessary to configure Folder Guard properly.

Quick Start Wizard

Folder Guard now includes Quick Start Wizard that can guide you through the steps necessary to protect a folder on your computer. It is not necessary to use Quick Start Wizard; you can achieve the same effect using the commands of Folder Guard directly. However, if you are not familiar with Folder Guard and want to get up to speed with it quickly, Quick Start Wizard could be a good starting point.

Quick Start Wizard is initially configured so that it automatically starts whenever you run Folder Guard:

The Welcome page of Quick Start Wizard

If you don't want it to start automatically, simply clear the Run Quick Start Wizard every time I start Folder Guard option on the Welcome page. You can run Quick Start Wizard anytime by choosing the Tools - Quick Start Wizard command from the main menu of Folder Guard.

When you press the Next button, Quick Start Wizard prompts you to select the folder you want to protect:

Select the folder to protect

Note that at this point no protection is actually taking place: the Quick Start Wizard is only gathering information about the folder you want to protect and how exactly you want to protect it. You will be prompted to enable the protection at a later point.

The next page lets you specify the protection method for the folder you've selected:

The folder protection method

If you want to lock the folder with a password, select the first option offered, and also click on the button to set up the unlocking password for the folder. In this case, Quick Start Wizard will apply the empty and no access attributes to the folder for you, to make it restricted.

The second option lets you specify the protections attributes of the folder, such as read-only, or hidden. If you want to hide the folder, or to make it read-only, then select this option and the following pages will let you to select the desired protection attributes for the folder.

At this point Folder Guard is ready to start protecting the folder according to the choices you have made. Or, you can choose to set up the protection for another folder (or even start over from scratch) before enabling the protection:

Enable protection of the folders

Finally, Quick Start Wizard asks you whether you want to configure your computer so that the protection will be enabled automatically for you each time Windows starts up:

Enable protection at Windows startup

Normally you would want to select the first option; however, if you want to enable the protection only temporarily, select the second option instead.

Note that you can run Quick Start Wizard again, after closing it, by choosing the Tools - Quick Start Wizard command from the main menu of Folder Guard.

Note also that Quick Start Wizard lets you perform only the most basic operations. For the more complex tasks, such as protecting files, setting up different protection settings for different users, configuring the filters, etc., use the commands of Folder Guard directly.

Main window

In order to protect files and folders with Folder Guard, you need to run it and use its main window to specify which files and folder you want to be protected, and how exactly you want to protect them:

The main window contains the following areas:

Title bar:

Like the title bars of most other windows, it shows the name of the application, and the name of the file currently opened (My Restrictions in this example). If you've made changes to the current configuration that have not been saved yet, a star character * is displayed next to the name of the file.

Menu bar:

The menu bar provides access to the commands of Folder Guard.

Toolbar:

The toolbar offer quick access to the frequently used commands of Folder Guard. You can change the size of the buttons displayed on the toolbar by right-clicking on it and selecting the desired size form the shortcut menu. You can also add to or remove buttons from the toolbar using the View - Customize Toolbar command.

User list:

The User List contains the login names of the users for whom you can set up user-specific restrictions. If it is not shown, you can turn it on using the View - User List command. You can also add to and remove user names from the User List using the User List command on the Protect menu.

View bar:

You can use the View bar to quickly switch between the Folders and Filters views of Folder Guard. The Folders view shows the drives and folders that your computer has, along with their attributes, as a tree-like structure. The Filters view displays the list of the filters.

Status bar:

Status bar is used to display information messages, as well as the name of the user currently logged in to the computer.

Visibility and access attributes

To protect a file or a folder, you need to assign the desired protection attributes to it, using the commands of Folder Guard. The attributes used by Folder Guard are divided into two groups - the access attributes and the visibility attributes:

Access attributes:

No Access: If assigned to a file, this attribute prevents opening the file, (or running the file, if it is a program). If assigned to a folder, it prevents opening the files this folder or any of its subfolders contain, unless you have allowed access to the specific files or subfolders, by assigning different access attributes to them. This attribute also prevents saving any modifications to the file(s) into the same folder, creating, deleting, or renaming files or subfolders. If the Don't allow to open folders with the 'No access' attribute option is enabled, this attribute will also prevent opening the folder it is assigned to.
Read-only: If assigned to a file or a folder, this attribute allows opening the file, or files in the folder, so that the contents of the file(s) may be viewed by the user, but prevents saving any modifications to the file(s) into the same folder. It also prevents creating, deleting, or renaming files or subfolders. If assigned to a folder, this attribute applies to all files and subfolders under that folder, unless you have assigned different attributes to specific files and/or subfolders of that folder.
Full access: If assigned to a file, this attribute allows full access to it. If assigned to a folder, it allows for full, unrestricted access to the folder itself, as well as to the files and subfolders it may contain, unless specific files or subfolders have been restricted by you with their own access attributes. All operations, such as opening and saving files, renaming or deleting them, modifying their properties, etc., are permitted, as if Folder Guard were not present in the system.

Visibility attributes:

Hidden: If assigned to a file or a folder, this attribute unconditionally hides the file or folder itself (and all files and subfolders the folder may contain).
Empty: If assigned to a folder, this attribute leaves the folder itself to be visible in an Explorer window, but hides all files and subfolders contained therein, unless you have explicitly set a file or a subfolder of this folder to be visible. This attribute cannot be assigned to a file.
Visible: If assigned to a file or a folder, this attribute makes the file, or all files and subfolders contained in the folder, as well as the folder itself, to be visible in an Explorer window, as if Folder Guard were not present in the system.

The "default" attributes:

If a folder has one of the above attributes, its name is displayed in the bold typeface. For example, after you have installed Folder Guard but before you've made any changes to its configuration, some of the system folders are automatically assigned the visible and full access attributes for you, that's why their names are bold.

Most other folders, however, don't have any attributes assigned to them yet, that is they have the default attributes. The names of such folders are displayed in Folder Guard window using the regular (not bold) typeface. The visibility of (and access to) such folders is determined by the attributes of their parent folders: if the parent folder is restricted, its files and subfolders become restricted, as well, unless you have assigned different attributes to the files or subfolders, which would override the attributes inherited from the parent folder.

Note that each folder can have different attributes assigned to it for different users of your computer, so that the folder would be protected differently for each user.

Hiding and restricting access to folders

The easiest way to set up a folder to be hidden is by using the Quick Start Wizard. You can also achieve the same result by using the commands of Folder Guard directly, as described below.

To hide a folder with Folder Guard, simply assign the hidden attribute to the folder in question. You can do that by selecting the folder in the main window of Folder Guard, and then choosing the Visibility - Hidden command from the Protect menu. (You can also use the toolbar or the right-click menu to use this command).

For example, if you want to hide the folder named A Private Folder located on the C: drive, select that folder, and click on the Hidden button on the toolbar:

Notice that after you have assigned the hidden attribute to the folder, its icon became dark, to indicate its hidden status. (If you decide to remove the attribute you have just assigned, simply click on the same toolbar button again, and the attribute will be removed from the folder, or use the Visibility - Default command on the Protect menu.)

In addition to the hidden attribute, it's also a good idea to protect the folder with the no access attribute as well, to make other users unable to open files from that folder even if they cannot see them (such as through the previously created shortcuts, for example). When you do that, the "stop sign" icon appears in front of the folder, as shown on the screenshot above, to indicate the access restrictions of the folder in question.

Now enable the protection, and the folder you've made hidden will become invisible to Windows Explorer, Windows applications, MS-DOS programs, command prompt, as well as to the Open/Save As dialogs used by the applications to open and save documents. All files and subfolders that might be located in that folder will be hidden, too, until you disable the protection.

Note that you can set up the folder to be hidden for some users and be visible to others: simply select the user account in question in the User List, and then apply the desired visibility attributes to the folder.

Protecting folders with passwords

To protect a folder with a password, use the Lock with Password command from the Protect menu. You can also use the toolbar or the right-click menu.

For example, if you want to protect the folder named A Private Folder located on the C: drive, select that folder in the Folder Guard window, and click on the Lock with Password button on the toolbar:

Password protect folder, lock folder with password

Enter the desired password into the box, and then confirm it. Notice that folders that have passwords are marked with the key images, shown next to their icons in the Folder Guard window.

Note that in addition to creating a password as described above, you should also assign the desired restricting attributes to the folder, to specify exactly how you want the folder to be protected. If the folder has no restricting attributes assigned, then Folder Guard automatically applies the most common restrictions to it when you use the Lock with password command: it assigns the No access and Empty attributes to the folder. The first one is to prevent users from opening files and documents from the locked folder. The second attribute makes the locked folder appear empty, without revealing its contents to the user, until the unlocking password is entered.

It is not the only way to restrict the folder, though. For example, if you want the folder to be read-only when it is locked with the password, assign the read-only attribute to it. This way, users who don't know the unlocking password will be able to open documents from that folder, but they will be prevented from saving modifications to such documents. Only someone who knows the password can unlock it, and thus make it possible to save changes to the documents located in that folder.

If you want to see how it works "for real", then enable the protection, then run Windows Explorer and try to open the folder you've protected with a password, as well as with the No access and Empty attributes. If you attempt to open the folder by double-clicking on it, a prompt for the password should appear on the screen:

Enter the password to unlock the folder

(Note: You can configure Folder Guard not to display such a prompt, by selecting the Don't show password prompts for the locked folders option on the Settings - Options dialog box of Folder Guard. You can also make Folder Guard to show the Lock or Unlock commands on the Windows right-click menu, if you want.) Only if you enter a valid password, the folder will be unlocked. All its files and subfolders will become unprotected, too, unless you have protected a subfolder with its own unlocking password: all such files and subfolders must be unlocked independently.

Note that the password prompt is displayed only when you attempt to open the protected folder by double-clicking on it in a Windows Explorer window, or in the Open/Save As dialog boxes. If you use some other means of opening a folder, such as via a shortcut, or by selecting the folder in the folder tree of Windows Explorer, or via some other program, an Access denied or similar message would be displayed instead of the password prompt.

How to lock the folder back?

Folder Guard offers you an option to automatically lock the folder back when you close the folder window or exit the program that you used to unlock the folder. (This is the default choice that Folder Guard uses when you install it.) When this option is enabled, Folder Guard "remembers" the folder window or program that you used to unlock the folder, and locks the folder back automatically for you when you close that window or program.

If you don't want Folder Guard to lock the folder back automatically as described above, you can deselect this option using the Settings - Options window of Folder Guard. In such a case, the unlocked folder will remain unlocked until you explicitly lock it back yourself.

To lock the folder back, you can use any of the following methods:

If the main Folder Guard application is running, use its Lock all folders or Enable Protection commands on the Tools menu to lock all previously unlocked folders.
Right-click on the folder and select the Lock command from Windows shortcut menu. Note that you must enable the Add the Lock/Unlock commands to the Windows shortcut menu option on the Settings - Options dialog box for the Lock command to appear on the menu.
If the main Folder Guard application is not running, press the hot key combination, or use the Start - All Programs - Folder Guard - Toggle Protection command, and select either Enable the protection or Lock all folders command. Either command will lock all previously unlocked folders and make them protected again.

You can also configure Folder Guard to enable protection and lock unlocked folders after a period of user inactivity, when the screensaver wakes up. (See the description of the Settings - Protection window for more information).

How to remove the password from the folder?

If at some point you've decided that you no longer want the folder to be protected by Folder Guard, you can do the following: in the Folder Guard window, right-click on the folder in question and choose the Unprotect command from the shortcut menu. This will remove the unlocking password from the selected folder, and also reset all restricting attributes of the folder to Default. In essence, this will return the folder into the state it was before you started protecting it.

If you don't want to remove the restricting attributes from the folder, and only want to remove the unlocking password, you can do it by assigning an empty unlocking password to it. That is, use the Lock with Password command on the Protect menu, or right-click on the folder and choose the Protect with a password command from the shortcut menu, to display the window asking you to enter a new password for the folder. Leave the new password box empty and press OK, and that will erase the existing unlocking password from the selected folder, while leaving other restricting attributes intact.

Can I password protect files and programs?

Yes, you can protect with passwords not only folders, but also documents and programs. First, use the Add file command on the Protect menu to add the file in question to the Folder Guard window, and then use the Lock with Password command, just like with folders. Note, however, that the password prompt would appear only if you attempt to open the protected file directly, by double-clicking it in a Windows Explorer window or in an "Open/Save As" dialog box. If you use some other way (such as through a toolbar button or a menu) to open the password-protected file, an Access denied or similar message would be displayed instead of the password prompt.

If you usually access the protected file or folder via a desktop shortcut, then you need to protect both the shortcut and the target file with the same password. After that, when you attempt to open the shortcut, the password prompt would be shown on the screen. If you enter the unlocking password for the shortcut correctly, both the shortcut and the target file or folder will be unlocked at the same time.

Does the password protection work over a network, too?

If your computers are connected into a network, you can lock a shared folder with a password, (by installing Folder Guard on the server where the shared folder is physically located), but unlocking such a folder over the network is not currently possible: if someone attempts to open the protected folder via the network, such a user would simply be denied access to the folder, the password prompt will NOT be displayed. To be able to unlock the folder, the user must login to the server locally or via some remote administration tool. Please refer to the Protecting networked computers page for more information.

Protecting files and programs

With Folder Guard, you can restrict access not only to folders, but also to individual files and programs. If you want to protect a file or a program, first use the Add file on the Protect menu to add the document file or program's executable file in question to the list of objects displayed in the main window of Folder Guard. After that, the procedure of protecting the file is virtually the same as with folders: just assign the desired protection attributes to it, set up an unlocking password for the file, if needed, and so on.

For example, suppose you want to protect access to Internet Explorer. First, use the Add file on the Protect menu to browse for its program file iexplore (or iexplore.exe), usually located in the folder C:\Program Files\Internet Explorer. This will add the file iexplore.exe to the main window of Folder Guard:

Now assign the appropriate protection attribute to this file. For instance, if you want the users to be able to use Internet Explorer, but not be able to delete it, assign the read-only attribute to the file iexplore.exe. Or, if you don't want users to be able to run Internet Explorer at all, assign the No access attribute to it (as shown on the screenshot above). Now enable the protection, and from now on any attempt to open Internet Explorer will be interrupted with the Access denied or similar message. To allow yourself to use Internet Explorer, simply press the hot key or disable the protection in some other way.

When protecting programs, be careful not to protect access to some system file used by Windows, because doing so may cause Windows not to work properly! For example, do not restrict access to the file explorer.exe, because this file is used by Windows not only to browse your hard disk, but also to display your computer desktop! If you don't want users to browse certain folders, protect the folders themselves, rather than Windows Explorer.

Keep in mind that if you want to restrict access to a program or a file that you usually open via a shortcut, then you should protect the target file, not the shortcut! If you only restrict access to the shortcut, then users would still be able to open the file or run a program directly, bypassing the shortcut.

User-specific restrictions

With Folder Guard, you can set up different restrictions for different users of your computer. For instance, you can make a folder visible when you log in to Windows, but remain hidden when some other user logs in. Folder Guard uses the built-in Windows user accounts, that is it distinguishes between different users by the names they enter when they log in to computer.

To control which restrictions should apply to which users, use the User List of Folder Guard. (If it is not visible when you open the main window of Folder Guard, choose the View - User List command from the menu to make it visible.)

The User List originally contains only one item: Default. This user name is used to set up the restrictions that would apply to all users for whom no user-specific restrictions have been set up. To create restrictions that would apply to specific users, first use the User list command on the Protect menu to add the user names to the User List. Then, to set up the restrictions for a user, simply select that user's name in the User List, and assign the desired attributes to the folders: they would be applied to the selected user only.

For example, if you want to hide the folder named A Private Folder located on the C: drive from all users except yourself, first select the Default name in the User List, and apply the hidden and no access attributes to this folder:

(More information on how to hide folders with Folder Guard is available here.) Now use the User list command on the Protect menu to add your login name to the User List. (In this example we assume that your login name is Admin.)

Finally, select your user name (Admin in this example) in the User List and assign the visible and full access attributes to the same folder:

That's it, the user-specific protection of the folder has been set up! To see how the folder will be protected for each user, simply select the user's name in question in the User List, and the images displayed next to the folders will show how each user will be able to see and access each folder.

Of course, if you have other users, you can set up restrictions specific to them, too. For instance, if you want some users to be able to see and open files from your private folder, but not to save any changes to them, you would assign the read-only attribute to the folder for such users. If you don't assign any user-specific attributes to a folder, then when such a user logs in to the computer, the restrictions specified for the Default user would apply.

Restricting access to other resources

With Folder Guard, you can restrict access not only to files and folders, but also to many other Windows resources, such as Start Menu, Control Panel, Desktop, etc. To set up such restrictions, use the Permissions command on the Protect menu of Folder Guard, which opens the Permissions dialog box:

For the detailed description of the permissions offered by Folder Guard, please refer to the description of the Permissions dialog box.

Note that if your computer is configured to use Group Policies or System Policies, the policies set up with such tools may contradict the permissions you set up with Folder Guard. For example, you might have used Folder Guard to allow the use of the Run command for a particular user, but the existing Group Policy for that user may still restrict the user from using that command. To avoid such problems, use either Folder Guard or another tool to manage the permissions, but not both. If you would rather use Group Policies or the System Policy Editor to manage the policies, you can instruct Folder Guard to ignore any permissions you have set up with it by clearing the Enable Permissions option on the Settings - Protection dialog box.

Enabling and disabling the protection

When you need to work with the files located in the folders protected with Folder Guard, you need to temporarily disable the protection. After you are all done working with the protected files, you need to turn the protection back on, to stop the unauthorized users from opening your private files.

If you have created an unlocking password for your personal folder, you can unlock that folder alone, while keeping the rest of the system protected. Or, you can enable or disable the protection of all your files and folders at once, using any one of the following methods:

If the main application of Folder Guard is currently running, you can use its Tools - Enable/Disable Protection command to turn the protection on and off, as needed.
When you are closing the main application of Folder Guard, it prompts you whether you want to start protecting the folders:
Alternatively, you can use the Start - Programs - Folder Guard - Toggle Protection command to change the status of the protection from on to off and back. Note that you must enter a valid master password before the Toggle Protection command lets you disable the protection.
If you have created a hot key, you can press the hot key combination, and after entering the master password, you can enable or disable the protection, too.
Yet another way of enabling or disabling the protection is via the taskbar icon, if you have enabled it and selected to add the Open command to its menu.
Finally, you can change the status of the protection, as well as lock and unlock individual folders by running the FGKey utility with the appropriate command line switches.

If you disable the protection, it will remain disabled until you enable it back on. You can also use the Enable protection at Windows startup option to make the protection to be enabled automatically whenever you restart Windows. Also, you can use the Re-enable protection after screen saver is active option of Folder Guard to make the protection enabled automatically after a period of user inactivity.

The Master Password

When you run Folder Guard for the first time, it prompts you to choose the Master password. This password is used to protect Folder Guard from being used by the unauthorized users: only users who know the Master password can run Folder Guard and change the protection settings of your computer:

You also need to enter this password when you upgrade or uninstall Folder Guard, again, to stop unauthorized users from removing Folder Guard from your computer without your permission. Finally, when you press the hot key or use the Start - All Programs - Folder Guard - Toggle Protection command, you are prompted to enter the Master password, as well.

If you forget the Master password, click on the Forgot your password? link to perform the Emergency Recovery procedure (that is, to erase the password and let you log in to Folder Guard).

Note that Folder Guard uses several other passwords, as well, such as the unlocking passwords that you can use to unprotect specific folders or files. If you forget any of such passwords, simply run Folder Guard and use its commands to set up new passwords for such objects.

When choosing the passwords, keep in mind that the length of a password must be between 1 and 64 characters (at least 6 characters is recommended). Any characters are allowed, including spaces and punctuation. The passwords are case sensitive: If, for example, you have chosen the word Apple as the password, Folder Guard will not accept the words APPLE or apple as the valid passwords.

Note that the passwords used by Folder Guard are stored on your computer in the hashed form only (based on the SHA-1 secure hash algorithm). In other words, it is virtually impossible for someone to discover the text of the passwords by analyzing the contents of your hard drive.

Protection from "password stealers"

Folder Guard can protect its passwords from malicious programs that intercept passwords by "stealing" the text you enter into the password prompts. You can enable or disable this protection by changing the Protect password prompts from the "password stealers" option. This option is enabled by default.

When this option is enabled, Folder Guard provides a visual indicator of the protection from the password stealers by showing the diagonal lines in the background of the password entry box:

When the anti-stealer protection is enabled, Folder Guard takes measures to stop the password stealers from obtaining the text of the password that you have entered into the password prompt. Keep in mind that such a protection is not absolute: for example, a spyware could install a dedicated device driver for your keyboard and intercept the keystrokes even before they reach the password prompt. The best way to ensure you are protected from such threats is to have a dedicated anti-virus/anti-spyware software installed and keep it up to date. The protection provided by Folder Guard should only be considered as a secondary (not the primary) line of defense.

Note also that Folder Guard protects from the password stealers only its own passwords, when you enter them into the password prompts displayed by Folder Guard itself. If you enter a password into any other program, or into a web page, Folder Guard does not perform any special protection of such a password. This is yet another good reason to keep your anti-virus software enabled and not to rely on Folder Guard alone to keep your passwords safe from spyware.

There may be a situation when the protection from the password stealers may interfere with other password tools you may be using. For example, if you use a software tool or a fingerprint reader that fills out the password forms for you automatically, then such a tool may not be able to enter your Folder Guard password for you. In this causes a problem, you can choose to either enter your Folder Guard password manually, or disable the Protect password prompts from the "password stealers" option to turn off such a protection. If the anti-stealer protection is disabled, Folder Guard uses the regular password prompt boxes (without the diagonal lines in the background) when you are entering its passwords.

Hot key

Folder Guard lets you create a hot key, that is, a combination of the keys that you could press at any time to quickly open Folder Guard or toggle the protection on and off.

To set up the hot key, run Folder Guard, choose the File - Settings command from its menu, select the Hot Key page, and enter the desired hot key combination there. Note that when the main window of Folder Guard is on the screen, the hot key is not functioning. However, if you press the hot key combination after you exit Folder Guard, you will be prompted to enter the Master password, and then one of the following screens will appear on the screen:

If the protection is not currently enabled, the following window is displayed:

This window lets you enable the protection that you have previously set up with Folder Guard. You can also choose to run Folder Guard, if you want to change the protection settings. If you press Cancel, the window will be closed leaving the protection disabled. (To enable the Remember the password option on this window, use the Options - Settings command of Folder Guard.)

If the protection is already enabled when you press the hot key combination, the following window is displayed:

You can choose to disable the protection, lock all folders that you might have previously unlocked, or run Folder Guard. If you press Cancel, the window will be closed leaving the protection enabled, as it was before you've pressed the hot key combination.

Note that in order for the hot key to keep operating after you reboot Windows, you must check the Enable protection at Windows startup option. If this option is not checked, then neither the protection, nor the hot key will be active after you restart Windows.

Note: To enable the option Remember the password for ... minutes shown on the images above, you must first enable the option Remember the most recently used password on the Settings - Options window.

Taskbar icon

You can configure Folder Guard to display a small icon in the Windows taskbar notification area (next to the system clock), that would serve as a visual indicator of the status of the protection, and/or to give yet another way to quickly run Folder Guard, or to toggle the protection:

To set up the taskbar icon, run Folder Guard, choose the File - Settings command from its menu, select the Taskbar icon page, and choose the desired options offered there. You can select whether to display the icon or not, to hide the icon if the protection is in effect or make the icon image flash if the protection is disabled, select whether to display the full-color or the low-color image. Please see the description of the Taskbar icon dialog box for more information about the available options.

Note that in order for the taskbar icon to appear after you reboot Windows, you must check the Enable protection at Windows startup option. If this option is not checked, then neither the protection, nor the taskbar icon will be active after you restart Windows.

Folder Guard data files

The files to keep the restrictions

Folder Guard uses the files with the extension .FGA (that stands for Folder Guard Attributes) to store the protection settings that you have set up. The information stored in such files includes the protection attributes you have assigned to the files, folders and filters, the list of users you have added to the User List, the permissions you have set up for each user, as well as other related information.

When you run Folder Guard for the first time, it creates an FGA file for you in the common application data folder on your hard disk. When you run Folder Guard next time, it opens the previously used restrictions file. The name of the current restrictions file is displayed in the title bar of the main window of Folder Guard.

In most cases it is sufficient to have just one such file to store the restrictions, but you may create several FGA files, containing different restrictions, to be used on different occasions, if you wish. Note, however, that only one such file can be active at any given time: the last file that you have saved to the disk with Folder Guard. If you want a different FGA file to become active, open it with Folder Guard and choose the Save command from the menu. That will make that file active and use its restrictions to protect your computer.

Other files

When you save changes to the restrictions file, Folder Guard creates several other files in the local application data folder, such as Default.FGD, FGuard.FGP, etc. Folder Guard uses these files while protecting your computer; do not delete or modify them, because doing so may disrupt the operation of Folder Guard.

Folder Guard Advisor

Folder Guard Advisor is designed to assist you while you are using Folder Guard. It detects some common situations that may require your attention and displays messages related to them. For example, the following message is displayed when you attempt to hide or restrict access to your Desktop folder:

The window displayed by Folder Guard Advisor contains the Don't show this message again checkbox. If you check this box before closing the message window, this particular message will not be displayed again. If you decide later on that you want to see the messages that you have previously chosen not to show, use the Reset the Advisor messages command on the Help menu of Folder Guard.

Each message displayed by Folder Guard Advisor has the default reply button associated with it. This button is indicated by a dashed rectangle when the message is initially displayed on the screen. If you have chosen the Don't show this message again option for a particular message, the default reply will be assumed to be chosen by you for this message thereafter.

Note: Pressing the Enter key while a Folder Guard Advisor message is displayed is equivalent to choosing the first reply button (such as Do It or Yes). Pressing the Escape key has the same effect as choosing the second reply button (such as Ignore or No). Pressing the Space key is equivalent to choosing the button that currently has the focus (indicated by a dashed rectangle).

When you first run Folder Guard, it asks you whether you want to enable or disable Folder Guard Advisor:

If you are not familiar with Folder Guard, it's strongly recommended to press the Yes button to enable the messages. However, if you already know how to use Folder Guard, you can press the No button and Folder Guard Advisor will not show any of its messages anymore. If you don't want to be prompted again the next time you start Folder Guard, check the Remember my choice option on this window. If you later want change you selection, use the Enable/Disable the Advisor command on the Help menu of Folder Guard.

Using Folder Guard

To protect or not to protect?

When deciding which folders you want Folder Guard to protect, consider the following issues:

The folder in which Windows is installed (usually C:\Windows) must NOT be restricted with the No access or Hidden protection attributes. The same applies also to the folders where the user profiles are stored (usually it is C:\Documents and Settings or C:\Windows\Profiles). As a matter of fact, Windows needs to be able to write data into the files located in such folders to operate properly; if you restrict access to such folders, it may cause Windows to display error messages or even fail to boot. Make sure you know how to reboot Windows in the "safe mode" before trying to protect such folders! Also, see below for some hints on how to protect such folders.
Most subfolders of the folders C:\Windows and C:\Documents and Settings must have their access attribute set no stronger than Read-only. You can try assigning the No access and/or Hidden attributes to such folders, but first make sure you have backed up your system and know how to use the "safe mode" of Windows.
Many Windows applications on your computer are installed into subfolders of the C:\Program Files folder. If you hide or restrict access to this folder or its subfolders, the applications installed there may become inaccessible.
If you assign the Empty attribute alone to a folder, it does not make the folder inaccessible. The contents of such a folder will be invisible for Explorer, but the user will still be able to access files in the folder by other means, such as shortcuts. To make the contents of a folder inaccessible, use the no access attribute as well.

Protecting the C:\Windows and C:\Documents and Settings folders

Special care must be exercised when protecting these folders. DO NOT apply the no access or hidden attributes to them, because this will prevent Windows from working! (Windows is just designed so that these folders must be accessible and visible, at least partially).

If you need to restrict other users from tampering with files located in these folders, then, first of all, backup your entire hard drive, if you have not done so before installing Folder Guard. It will save you hours of your time if anything goes wrong (and believe us, there are things that may go wrong when you are trying to protect these folders).

You may try to make the C:\Windows folder read-only, however keep in mind that Windows and some other programs need to be able to write information into the files kept in this folder in order to operate properly. You may need to set up filters to allow other programs full access to their configuration files in the C:\Windows folder.

In addition, Windows uses some of the subfolders of the C:\Windows and C:\Documents and Settings folders to store its data, so you will need to mark such subfolders with the full access attribute. Examples of such subfolders are: Spool, Application Data, Cookies, Downloaded Program Files, History, msdownld.tmp, TASKS, TEMP, Temporary Internet Files, and others, depending on your configuration of Windows.

You may try to restrict the visibility of the contents of the C:\Windows folder by marking it Empty with Folder Guard. This may or may not work well for you, depending on Windows components and other software installed on your machine, so you will need to test your protection configuration well.

When restricting the visibility of the Windows folder, keep in mind the following:

Some subfolders of the Windows folder that are used by Windows itself (System, System32, Fonts, Profiles, Temp, etc.) must remain visible. You may try to mark some of them as read-only, though, but whether it works depends on other settings of Windows.
If you mark the C:\Windows folder with the Empty attribute, you may not be able to access the programs kept in this folder (including Explorer.exe, Notepad.exe, etc.). You should review the contents of this folder with Explorer before restricting it, and move the files that you want to be used into some other folder. If you do so, you may need to update the shortcuts pointing to those files, too.
If you restrict the C:\Windows folder for the default user, and Windows fails to work, you may try to restrict this folder for the non-default users instead.

Giving your computer "bullet-proof" protection

The following recommendations will help you prevent others from bypassing the protection of folders performed by Folder Guard:

Restrict access to the Registry editing tools. A user can disable the protection by editing the Registry and then rebooting Windows. You can deny access to the Registry Editor by using permissions provided by Folder Guard, or by restricting access to the file RegEdit.exe directly. If you have third-party registry editing tools, you will need to restrict access to them, too.
Restrict access to the system tools. A user can disrupt the operation of Folder Guard by using the Msconfig.exe tool and other similar programs. You can restrict access to such tools with Folder Guard.
Restrict access to the direct drive access tools. A user can see the files protected with Folder Guard by using the tools that access the contents of the disks directly (that is, by bypassing the usual operating system services that most regular programs use). If you have such tools installed on your computer, you can restrict access to them with Folder Guard.
Enable the stealth mode of Folder Guard. This will hide Folder Guard files from other users. If operating in the stealth mode is not desirable for some reason, assign the read-only attribute to the installation folder of Folder Guard, to prevent other users from deleting or modifying Folder Guard files. (Note that when you create a new file with restrictions, Folder Guard assigns the read-only attribute to its folder for you automatically).
Prevent users from booting the computer with a system floppy disk. Most modern computers allow you to change the booting preferences by modifying the BIOS settings. You may also be able to protect the BIOS settings with a password to prevent others from changing them. The exact procedure of making changes to the BIOS depends on the model of the computer; please contact your computer manufacturer for the instructions specific to your system.
Prevent users from booting Windows in the "safe mode" or "command prompt only" mode. Because the protection is not normally enabled at Windows startup in either of these cases, it is important to restrict a user's ability to boot Windows in any of these modes.
Prevent modifications to the system files in the root folder on the boot drive (usually C:\). Mark the system files such as AUTOEXEC.BAT, BOOT.INI, Msdos.sys, with the read-only attribute, otherwise users can modify or delete them!
Prevent access to the System Restore tool. When you install Folder Guard on Windows Vista or XP, the Setup utility creates a system restore point. To stop other users from using the System Restore utility to remove Folder Guard through its system restore point, assign the no access attribute and (optionally) an unlocking password to the file rstrui.exe, usually located in the folder C:\Windows\System32\Restore.

Protecting networked computers

Folder Guard can be used to extend the built-in security and access control capabilities of Windows networking. For example:

If you have a folder that you share on your network, you can configure Folder Guard to restrict access or even hide some of its subfolders from the networked users.
If your network configuration allows for that, you can set up user-specific access rights to the subfolders of the shared folders (see below for more information).
You can configure the protection on both the server- and client-side of the network. That is, instead of specifying the restrictions to the shared folders on the server, you can configure such a protection on the client computers directly.

Below we use the following terms:

Server - the computer that hosts the shared files or folders that you want to be protected from other computers on the same network. In other words, server is the computer that contains the physical disk on which the shared files and folders are located.
Client or workstation - the computer (or any one of such computers) on the same network that you want to have restricted access (or no access at all) to its local resources, or to the shared files or folders located on the server.

Note that our use of these terms (server and client) does not mean that you must have a client-server type of the network in order to use Folder Guard on it. Even if your computers are connected into a simple peer-to-peer network, any pair of the computers may be considered as the client-server pair. For example, if you share a folder located on your computer, and a user of some other computer attempts to open a document from your shared folder, then in this situation your computer is the server, and that other computer is the client. If, on the other hand, you are trying to open a document located in a shared folder on another computer, then your computer is the client, and that other computer is the server.

Protecting shared folders on the servers

Although Windows networking lets you set up access rights to the shared folders, you can use Folder Guard for a greater flexibility of such control. For example, on a peer-to-peer network, if you use Windows networking to share one of your local folders and allow access to it for other network users, all files and subfolders of such a folder will be accessible to the network users as well. With Folder Guard, however, you can make some of the subfolders not accessible and/or not visible to other network users, thus letting them see and/or open only the documents that you want them to.

You can use Folder Guard to control access to and visibility of the shared folders in the same way as with the local folders, by assigning the desired attributes to such files and folders, for different user accounts, just like you would do it on a stand-alone computer with multiple user accounts. You should remember, however, that if you set up a restriction to the folder other than the original restriction set up with the built-in Windows networking, then the stronger of the two restrictions would be use by Windows as the result. For example, if you have shared a folder with the read-only access, and then used Folder Guard to apply the full access attribute to such a folder, the folder will remain read-only. If, however, you assign the no access attribute to it with Folder Guard, the folder will become not accessible. (This is because the no access restriction is stronger than read-only, which in turn is stronger than full access).

Note also that Folder Guard does not currently support unlocking the folders over the network: if you protect a shared folder with an unlocking password, you must login to the server locally (or via a remote administration tool) to be able to enter the unlocking password on the server and unlock access to the folder. If someone attempts to open the protected folder via the network, such a user would simply be denied access to the folder, the password prompt will NOT be displayed to such a user.

Installing Folder Guard on the server

You can choose to install Folder Guard directly on the server if you want to set up user-specific restrictions for the network users. However, Folder Guard does not currently support Active Directory or user groups, only the local user accounts existing on the server can be used. To specify the protection settings for the network users, first add the user names to the User List of Folder Guard, and then assign the desired protection attributes to the files and folders for each such user. These attributes will determine how the files should be restricted and/or visible to the network users connecting to the server.

Note that your network can be configured in a way that may complicate the configuration of Folder Guard, or make it appear not to protect the computer according to your settings. For example, if you have configured your computer to use the Simple file sharing protocol (if you use Windows XP Home edition, this is the only option available, you cannot turn it off!), then any user accessing your computer over the network will appear as if it were the Guest user. In such a situation, you would not be able to set up different folder restrictions for different users, you would be able to create restrictions for the Guest account only, which would apply to all networked users.

If you have disabled the Simple file sharing protocol, but the networked users are still authenticated as the Guest user, run the Start - Computer Management - Local Security Policy command, navigate to the Local Policies - Security Options list, find the Network access: Sharing and security model for local accounts policy, and set it to Classic - local users authenticate as themselves.

Note that your network can be configured so that Windows would use a separate COMPUTER$ account (where COMPUTER is replaced with the actual name of the computer; for example, if the name of the server FILESERVER1, the name of this special account would be FILESERVER1$) for the network users connecting to the server. When such configuration is used, you should set up the appropriate visibility attributes of the folders for the user name COMPUTER$ (again, replace COMPUTER with the actual name of the server). Please contact your server administrator for information whether this situation applies to your network.

Note also that due to the internal design of the Windows NT-based versions of Windows, it is currently not possible to set up the user-specific restrictions of the visibility of the folders and files over the network. It is so because Windows does not use the original user account when browsing the folders over the network; instead, it uses the built-in SYSTEM account to do that. (The access attributes are still used on the user-by-user basis, provided that the conditions described above are met.) This means, for example, that you cannot hide a shared folder from some network users and allow other network users to see that folder at the same time; you can only hide a folder from all network users or from no one. As a workaround, you may want not to restrict the visibility of the folders from the networked users, but set up the user-specific access restrictions instead. This way, even though the users would be able to see the restricted folders over the network, they would not be able to open them.

Restricting the network access/Allowing the local access to the server

You may need to configure the protection of the server in such a way that only the network users would be restricted from accessing the server's files and folders, but any user logged in to the server locally, or any program running on the server as a service, would be exempt from the restrictions. To set up such protection, you can use the fact that when a user is accessing the server via the network, the server is seeing such access as if it were coming from a program named SYSTEM. (This is true no matter what program the user is actually using on the workstation, it can be Internet Explorer, or a database client, or any other program - all such programs appear as SYSTEM to the server). You can use this fact to configure Folder Guard to apply its restrictions only to the SYSTEM program, and that would make them apply only to the network users only.

To set up such protection, use the Trusted Programs dialog box to enable the All programs are trusted except the listed ones option, and make the list contain only one program name: SYSTEM. This way, all programs running on the server locally will be treated by Folder Guard as the trusted programs, and no restrictions would apply to them. If, however, a user is accessing the server via the network (that is, via the SYSTEM program), that would make Folder Guard to apply its restrictions to such a user.

Installing Folder Guard on the client computers connecting to the server

An alternative way of protecting network resources with Folder Guard is installing it directly on the client computers (rather than on the servers), and restricting the client computers themselves. To use Folder Guard in this way, first you should map the shared folders to local drive letters on the client computers, because Folder Guard cannot currently protect network folders without drive letters associated with them. After the drive letters for the shared folders are set up, run Folder Guard and assign the desired access and visibility attributes to the files and folders located on the network drives. You can set up the unlocking passwords for the folders on the network drives, too. After you have restricted access to the shared folders through the drive letters, Folder Guard will restrict access to them even if the user uses the UNC paths to open or browse the documents located in the shared folders.

The advantage of this method of protecting access to the shared folders is that all features of Folder Guard that are available for the local drives can be used with the network drives, as well. For instance, you could protect the folders on the network drives with the unlocking passwords, and the users of the client computers would be able to unlock the folders for their use by entering the appropriate passwords. The user-specific restrictions would work even if the Simple file sharing protocol were enabled on the client computer. The disadvantage of this approach, however, is that only the client computers that have Folder Guard installed and configured on them would be restricted from accessing the shared folders of the server. If someone connects to your network from a computer without Folder Guard installed on it, such user would not be restricted from accessing the shared folders. In such a case you should install Folder Guard on the server as well and set up the user-specific restrictions so that only the known users would be allowed to access the shared folder.

Installing Folder Guard on both the client computers and on the server

In such a case the restrictions set up on the server take precedence over the restrictions existing on the client computers. For example, if the server is configured so that the user Jim is not allowed to access the shared folder, then even if Folder Guard on the Jim's computer is configured to allow such access, Jim would not still be able to access the shared folder.

Another rule that applies to such a situation is that the restricting attributes take precedence over permissive ones. For example, if Folder Guard on the server is configured to allow access for the user Jim, but Folder Guard on the Jim's computer is configured to deny such access, Jim would not be able to access the shared folder. Only if Jim connects to the server from another computer that does not have Folder Guard configured to deny such access, only then Jim would be able to access the shared folder on the server.

The Folder Guard Administrator's Kit

If you plan on protecting a large number of computers with Folder Guard, you may want to order the Folder Guard Administrator's Kit, that contains the tools to help you automate the installation and licensing of Folder Guard on a large network.

Protecting removable drives

If your computer has removable drives attached to it (such as CD-ROM, SCSI or ZIP drives, the floppy drive, etc.), you can use Folder Guard to protect access to such drives. For example, if you don't want other users to be able to use your CD-ROM drive, simply assign the no access attribute to its root folder (just like you would restrict access to any other folder), and that would make the users unable to use the CD-ROM drive:

You can also create an unlocking password for the CD-ROM drive, if you want to be able to unlock the drive while keeping the rest of the restrictions in effect.

Keep in mind, however, that in some cases Windows uses tricks that bypass the CD-ROM drive letter. For example, if you have a rewritable (CD-RW) drive, when you add the files to be written to a CD-R, Windows XP makes it appear as if you are adding the files directly to the CD-RW drive, while in reality it stores such files in a temporary folder on your hard disk (usually it is "C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\CD Burning"). As a result, even if you configure Folder Guard to restrict access to the CD-RW drive, users would still be able to add files to the CD-RW disc. To solve this problem, apply the restrictions directly to the "CD Burning" folder instead of the CD-RW drive.

Note also that there is an alternative way of preventing the users from using the removable drives, using the Permissions - Drives command of Folder Guard.

Protecting subfolders on the removable drives

When you install Folder Guard, it is initially configured so that the removable drives can be protected as a whole. However, Folder Guard offers you an option that lets you protect folders on the removable drives (such as CD-ROM, SCSI or ZIP drives, but not the floppy ones), as well.

To use this option, first make sure the removable disk you would like to protect is inserted into the drive. (Below we refer to this particular disk as the original one, that is the disk that you use when you are setting up the attributes of its folders.) Run Folder Guard, choose the File - Settings command, go to the Protect page, and select the Allow protection of folders on removable drives option. Then choose the File - New command to create a new file to keep the restrictions. Now set up the attributes of folders on the removable disk as desired, in the same way as you would do it for a regular, fixed, drive.

From that time on, whenever the protection is enabled, and the same (original) disk is inserted into the drive, its folders are protected by Folder Guard, as usual. If you insert some other disk into the same drive, however, that has a different structure of folders than the original disk, the folders on such disk will not be protected, unless they happen to have the same paths as the folders on the original disk.

A problem may occur if you run Folder Guard and some other disk (not the original one) is inserted into the removable drive. In such a situation, while reading the restrictions file and not finding the protected folders on the disk, Folder Guard assumes that you might have renamed or moved the folders and prompts you to specify their new locations. To deal with this problem, when the first such prompt appears on the screen, remove the wrong disk from the drive, and insert the original disk into the drive instead. Then press the OK button on the prompt, to let Folder Guard continue reading the file. At the end of the initializing, use the View - Refresh command (or simply press F5) to force Folder Guard to re-initialize its information, this time using the correct, original disk.

Will the removable disk be protected on other computers, too?

No! The protection of Folder Guard is effective only on your computer, where Folder Guard is installed and configured accordingly. If you configure Folder Guard to protect access to a removable disk, the access will be protected on your computer only. If you take the disk to some other computer (without Folder Guard installed on it), the access to the disk will NOT be protected. If you need the disk to be protected on any computer, use encryption software to protect the information stored on the disk.

Protecting dual-boot systems

If your computer is configured to boot more than one version of Windows, and you want Folder Guard to protect the resources of the computer for each of such versions, then you need to install and configure Folder Guard under each version of Windows that your computer is able to boot with.

For example, if you can boot your computer with either Windows 32-bit or Windows x64, then you need to install and configure one copy of Folder Guard after booting with Windows 32-bit, and then reboot with Windows x64 and install another copy of Folder Guard, into a separate folder, and configure it separately.

Using the filters

Folder Guard lets you control access not only to individual files and/or folders, but also to the whole classes of files. For example, if you need to set up some general access rights to the Excel files, you can use Folder Guard to create a filter that would apply to the Excel files only (that, to the files with the extension .XLS), and then assign the desired access attribute to such a filter, that would make the attribute to apply to any Excel file, no matter where it is located.

Let us explain in more detail. A filter is a set of data that defines which files it applies to (according to the names of the files, the folders they are located in, and programs that are accessing the files). You may define several different filters, or have no filters at all, depending on how exactly you want your computer to be protected.

After you have set up the filters and enabled the protection, Folder Guard begins to monitor the events of accessing the files on your computer. Whenever a program attempts to access a file, Folder Guard users the list of filters you've set up to determine whether the file name, the name of the folder where the file is located, and the name of the program that is accessing the file match any of the filters. If Folder Guard finds such a filter, it uses its attribute (full access, read-only, or no access) to allow or deny access to the file. It no match is detected, the access attribute of the folder where the file is located is used to determine whether to allow or deny the access to the file.

Folder Guard comes with a pre-loaded set of filters (discussed below). To see the currently defined filters, use the command View - Filters. When you choose this command, Folder Guard hides the list of folders, and shows the list of filters instead:

You can create new filters or modify the existing ones using the commands on the Filter menu. (This menu appears on the menu bar only when the filter list is displayed in the main window of Folder Guard). To return back to the list of folders, use the command View - Folders.

Note that only the access attributes may be applied to the filters; the visibility of the files defined by the filters is always determined by the visibility attributes of the appropriate folders where the files are located.

Folder Guard comes with several pre-configured filters, some of which are discussed below. You can use them as they are, or you can modify them to better suit your needs, delete them or create the new ones. If you don't want the filters to be used, you can reset their attributes with the Attributes - Reset command.

Example 1: Windows files.

This is a very simple filter that is designed to restrict access to the files system.ini and protocol.ini, located in the Windows folder (which is usually C:\Windows).

If you don't want users to modify these files (directly, or by installing other programs that may modify these files), assign the read-only attribute to this filter:

If you want only some of your users to be restricted from modifying these files, select each user's name in the User List of Folder Guard and apply the read-only attribute to this filter for each such user, one user at a time.

Note that if you want to restrict access to specific files (as in this case), you could also do so by adding the files in question to the folder list of Folder Guard (using the Protect - Add File command) and assigning appropriate attributes to such files.

Example 2: Restrict Install.

Suppose you don't want other users to install any new software on your computer without your permission (assuming that users have access to the floppy disk drive (A:) and to the CD-ROM drive (E:)). One solution could be to assign the no access attribute to the root folders of the A: and E: drives with Folder Guard, however that would also prevent the users from saving their work on the floppies, and from using any CD-ROMs.

This is a typical situation where filters provided by Folder Guard offer a more effective solution. Since installing new software usually involves running the Setup.exe or Install.exe program (and using the autorun.inf files from CD-ROMs), you want to prevent users from running such programs while allowing them to access other files on the floppy and CD-ROM drives.

To achieve this result, consider the Restrict Install filter. This filter would be applied only to the files named Setup.exe, Install.exe, or autorun.inf, and only if they are located on the A: or E: drives (in the root folders or any of the subfolders). Assign the no access attribute to this filter for all users whose access to these files you want restrict.

If you want yourself to be able to run Setup.exe and Install.exe, assign the full access attribute to this filter while your user name is selected in the User List.

Example 3: Restrict run from floppy.

Suppose you don't want other users to run programs from the floppy drive. Yet, you would like them to be able to open from and save their documents to the floppy disks.

To achieve this result, consider the Restrict run from floppy filter. This filter would apply only to the program files (since their file names have the extensions .exe, .com, and .bat), and only if they are located on the A: drive (in the root folder or any of its the subfolders). Now assign the no access attribute to this filter for all users whose access to these files you want to be restricted. If you want yourself to be able to run programs from the floppy disks, assign the full access attribute to this filter while your user name is selected in the User List.

Example 4: Run only allowed applications.

Suppose you don't want other users to run any programs other than MS Word and Excel. You could use the Run only allowed applications filter that would apply to all program files (that is the files with extensions .exe, .com, and .bat), but not to the files winword.exe (MS Word) and excel.exe (MS Excel). Also, this filter would not apply to the files located in the folders that begin with C:\Windows (since these folders contain system files, which should always be accessible in order for Windows to work properly). The programs located in the folder "C:\Program Files\Folder Guard" would also be exempt from this filter, since you want to be able to run Folder Guard files to change or disable the protection as needed.

Now, if you assign the no access attribute to this filter for a particular user, that user would not be able to run any programs other than MS Word and Excel, and the programs located in the Windows folder, or its subfolders.

Example 5: Internet Explorer data.

Suppose you want your users to be able to use Internet Explorer (IE), however you don't want then to be able to delete their Internet cookies. An obvious approach to set this up would be to assign the read-only attribute to the folder where IE stores the cookie files (such as C:\Windows\Cookies), but that may cause IE to fail, since it expects such a folder to be fully accessible.

The solution is also set up a filter that would grant IE fill access rights to the files in these folders. If you assign the full access attribute to this filter, then Folder Guard would allow IE to write data into the cookie files, (because they would be accessed by the IE program, iexplore ). If a user uses some other program to delete the cookie files, the filter would not be applied to such operations, and the read-only attribute you have assigned to this folder would restrict such operations.

Note: The Trusted Programs list has a higher priority than the list of the filters. That is, a trusted program can access all files unconditionally, even if you have set up a filter that restrict access to certain files for that program.

Example 6: Restricting Internet Explorer downloads.

If you want your users to be able to use Internet Explorer (IE) for web browsing, but not to be able to download the executable files onto your computer, you could create a filter that would enforce such a restriction.

The idea of the protection is based on the fact that when Internet Explorer is downloading a file, it stores it in its Temporary Internet Files folder, along with the images and other files necessary to display the web pages when browsing. Only after the file has been successfully downloaded into the temporary folder, Internet Explorer moves it to the destination folder for your choice. This gives us an idea of how to prevent the downloads: we need to prevent Internet Explorer from being able to create program files (such as the EXE and ZIP files) in the temporary folder. However, we must still allow Internet Explorer to store files of other types (such as image files), to be able to display the web pages properly when browsing the Internet. This is just the type of a problem that can be easily solved using the filters of Folder Guard.

To achive this, we need to set up a filter that would apply to the *.exe and *.zip files, to the Temporary Internet Files folder, and to the Internet Explorer module iexplore. If you assign the no access attribute to this filter, it will prevent IE from writing EXE and ZIP files to its temporary folder, and that would effectively stop it from being able to download such files. Note that we have entered the masks of only two most popular file formats for the programs, *.exe and *.zip. There are, however, other formats for distributing programs via the Internet, for example, *.rar, *.arc, *.cab, and so on. If you are concerned that users may download and use such software packages, you should add the appropriate masks to the Apply to files area, as well.

Note: Folder Guard also offers an alternative method of restricting the downloads with Internet Explorer: via the Allow to download files with Internet Explorer permission. If you don't want to use the filter described above for some reason, you can simply revoke this permission to achieve a similar result.

Designating the "trusted" programs

The protection of folders performed by Folder Guard may confuse some of the system utilities, such as backup or disk managing software. For example, if your backup software allows you to specify which folders to backup, and you leave the protection in effect during the backup, the folders you've made Hidden or Empty with Folder Guard may not be backed up. (On the other hand, if the backup software stores a complete image of the disk disregarding its folder structure, it may be safe to leave the protection on, since Folder Guard does not prevent the direct access to the disk sectors.)

To avoid such problems, you could add your backup and disk utilities to the Trusted Programs list of Folder Guard. When performing the protection, Folder Guard intercepts the requests from programs to open files, list the contents of folders, etc. If such a request comes from a program that is designated by you as a trusted one, Folder Guard passes the request on to the operating system without any intervention, thus allowing the program to have full access to all folders on your computer. If the name of the program is not in the Trusted Programs list, Folder Guard allows or denies such request according to the attributes of the files and folders set up by you.

Originally, the trusted modules list contains the names of several system modules (such as REGSVR32, MSGSRV32, etc.) that must have full access to all files and folders on your computer in order for Windows to operate properly. You may change the set of the trusted modules by using the Protect - Trusted Modules command.

Note that only Windows applications (32 bit or 16 bit) can be designated as the trusted ones. You may add a name of a DOS program or a console application to the Trusted Programs list, but it will be ignored by Folder Guard.

Which programs should or should not be made "trusted"?

You may wish to add to the Trusted Modules list the names of the system tools such as anti-virus utility, disk defragmenter, disk scanner, backup utility, etc. If you do so, you won't have to manually disable the protection before running such tools, since they will have full access to all your folder and files anyway, as if Folder Guard was not present in your system at all.

The following programs should NOT be made trusted:

Explorer: If you add this module to the trusted modules list, Windows Explorer will be allowed full access to all files and folders, even to those you have marked as hidden or empty with Folder Guard!

KERNEL32: If your computer is connected to a network and you share some of your drives or folders, this module is used by Windows to provide information about your files and folders on the shared drives over the network. If you make it trusted, all your files and folders will be accessible to other network users.

Command line switches

Command line switches supported by the file FGKey.exe

You can control the operation of Folder Guard by running the file FGKey.exe (or FGKey64.exe if you use Windows x64) with the command line switches described below:

/UNPROTECT
/DISABLE
Either of these switches disables the protection of your computer. You can also specify the /PASSWORD:master-password switch on the same command line, to suppress the prompt for the Master Password that this command would otherwise display.

/PROTECT
/ENABLE
Either of these switches enables the protection of your computer according to the settings your have previously set up with Folder Guard. You can also specify the /PASSWORD:master-password switch on the same command line, to suppress the prompt for the Master Password that this command would otherwise display.

/UNLOCK:path-to-file-or-folder
This switch unlocks the specified file or folder, if you have previously set up an unlocking password for it. If the path contains spaces, it must be enclosed in the double-quotes. You can also specify the /PASSWORD:unlocking-password switch on the same command line, to suppress the prompt for the unlocking password that this command would otherwise display.

/LOCK:path-to-file-or-folder
This switch locks the specified file or folder, if you have previously set up an unlocking password for it. If the path contains spaces, it must be enclosed in the double-quotes. You can also specify the /PASSWORD:unlocking-password switch on the same command line, to suppress the prompt for the unlocking password that this command would otherwise display.

/LOCKALL
This switch locks all previously unlocked files and folders, for which you have previously set up the unlocking passwords. You can also specify the /PASSWORD:master-password switch on the same command line, to suppress the prompt for the Master Password that this command would otherwise display.

/LOAD
This switch loads the driver of Folder Guard into the computer memory without enabling the protection. You can also specify the /PASSWORD:master-password switch on the same command line, to suppress the prompt for the Master Password that this command would otherwise display.

/UNLOAD
This switch disables the protection, if necessary, and then unloads the driver of Folder Guard from the computer memory. You can also specify the /PASSWORD:master-password switch on the same command line, to suppress the prompt for the Master Password that this command would otherwise display.

/PASSWORD:the-password
This switch can be used in addition to any switch listed above, to supply the password required by the operation. If the password contains spaces, it must be enclosed in the double quotes. Note that /LOCK and /UNLOCK switches require the unlocking password for the file or folder you want to lock or unlock, while other switches expect the Master Password.

Command line switches supported by the file Setup.exe

You can also use the following command line switches with the file Setup.exe (or Setup64.exe if you use Windows x64) of Folder Guard:

/U
Use this switch to uninstall Folder Guard from your computer.

Note that the Setup.exe file does NOT support the /PASSWORD switch.

Examples

Suppose that you have installed Folder Guard in the folder C:\Program Files\Folder Guard, and that you have chosen the word Apple as the Master Password of Folder Guard. Also, you have used Folder Guard to restrict access to the folder C:\My Private Files, and you have set up the word green as the unlocking password for this folder. You can use the following commands to perform the following actions:

"C:\Program Files\Folder Guard\FGKey.exe" /PROTECT
This command will prompt you for the Master Password, and then enable the protection of your computer.

"C:\Program Files\Folder Guard\FGKey.exe" /UNLOCK:"C:\My Private Files" /PASSWORD:green
This command will unlock the folder C:\My Private Files without prompting your for the password (because you have already entered the correct password in the command line).

"C:\Program Files\Folder Guard\FGKey.exe" /UNLOAD /PASSWORD:Apple
This command will unload the driver of Folder Guard from the computer's memory without prompting your for the password (because you have already entered the correct password in the command line).

"C:\Program Files\Folder Guard\Setup.exe" /U
This command will start uninstalling Folder Guard from your computer. It will prompt you to enter the Master Password before continuing.

Protecting files in the "safe mode"

"Safe mode" is a special diagnostic mode of Windows, which you can use to troubleshoot problems with your computer. (You can find more information about the safe mode and how to use it in Windows Help.) When you reboot your computer in the safe mode, only the core Windows components are loaded and activated, leaving most extra software modules (including Folder Guard) in an inactive state. This means that when your computer is restarted in the safe mode, your computer is not protected by Folder Guard.

However, it is possible to configure Folder Guard to protect your computer even in the safe mode. Before you do that, though, be sure to create an emergency system floppy disk and learn how to use the troubleshooting tools it contains, to be able to restore access to your computer should a conflict between Folder Guard and some other software or device on your computer occur. Please note that we DO NOT provide technical support regarding the use of the safe mode or the troubleshooting tools; please contact the manufacturer of your computer regarding such issues.

The instructions on how to configure Folder Guard to perform the protection in the safe mode are provided to the licensed users of Folder Guard only. If you have not purchased your license yet, please click here for the instructions. If you have already purchased a license, please contact us (be sure to include your order number in the message!), and we will reply with the instructions on how to set up Folder Guard to operate in the safe mode.

NOTE: We DO NOT recommend enabling the protection in the safe mode, because if a conflict between Folder Guard and some other software you have on your computer occurs, you may not be able to use the safe mode to troubleshoot the problem, until you disable the operation of Folder Guard in the safe mode. Before you enable the protection in the safe mode, at the very least, you should have an emergency disk available and know how to use the troubleshooting tools it contains. We do NOT provide support regarding such issues.

Operating in the Stealth Mode

If you don't want other users to see the files of Folder Guard on your computer, you can configure Folder Guard to operate in the "stealth mode". To enable or disable this mode, use the Tools - Stealth Mode command of Folder Guard.

When you enable the stealth mode, Folder Guard performs the following actions for you:

It assigns the hidden attribute to the shortcuts to Folder Guard, if they appear on the Start menu, on the All Programs menu, and on the Desktop. Note that only the shortcuts named Folder Guard, as created by the Folder Guard installation utility, get hidden in the stealth mode. If you rename the shortcuts, they will NOT be hidden when you enable the stealth mode. To hide such shortcuts, assign the hidden attribute to them manually.
It assigns the hidden attribute to the installation folder of Folder Guard. This way, other users would not be able to see the files of Folder Guard or disrupt its operation by deleting its files.
It hides Folder Guard from the Add/Remove Programs command of Windows Control Panel. This way, other users would not be able to see the presence of Folder Guard in the list of the programs installed on your computer.

Important:

Many commands of Folder Guard are not available in the stealth mode:

When attempting to open a locked folder, the password prompt is not displayed. Instead, an "Access denied" message is shown to the user. The only way to gain acces to the protected folders in the stealth mode is by running the Emergency Recovery Utility.
The hot key and the taskbar icon may become inactive after you restart the computer (or just log off and then log back on).
The permissions do not have effect in the stealth mode.
The re-enable protection option may not work in the stealth mode.
... and more. Basically, the only protection that is available in the stealth mode is the protection of files and folders according to their restricting attributes and the filters.

Since all files and shortcuts to Folder Guard are hidden in the stealth mode, you cannot use them to run Folder Guard or to disable the protection of your computer! The only way to control Folder Guard in the stealth mode is by using the Emergency Recovery Utility.)

Emergency Recovery Utility

The Emergency Recovery Utility is a small program that can help you restore control of Folder Guard if you ever forget its Master Password or the hot key combination. It is especially important to have the Emergency Recovery Utility available if you are going to configure Folder Guard to operate in the stealth mode, because you will have no way of disabling the protection or running Folder Guard without the Emergency Recovery Utility!

In order to be able to use the Emergency Recovery Utility, you need to create it first. When you run Folder Guard for the first time after installing Folder Guard, the following prompt to create the Emergency Recovery Utility is displayed automatically for you:

You can also open this window by using the Emergency Recovery command on the Tools menu of Folder Guard.

To actually create the Emergency Recovery Utility, press the Create... button on the window shown above, and then navigate to the folder where you want to store the file of the Emergency Recovery Utility. This should be a folder separate from the installation folder of Folder Guard, because when the stealth mode is enabled, the installation folder will be hidden from you, and you will not be able to run the Emergency Recovery Utility from it! A better choice would be to store the file on a floppy or some other removable disk, and store that disk in a safe location.

The Emergency Recovery Utility is also available for free download from our web site:

http://www.winability.com/folderguard/eru.htm

You may find this option useful if you cannot locate the copy of the Emergency Recovery Utility that you yourself have created as described above. However, even though we make the Emergency Recovery Utility available for download from our web site, we still strongly recommend to create and store a local copy of it by yourself, because when the need to use the emergency recovery procedure arises, you may not have handy access to the Internet available to download the file from our web site.

To use the Emergency Recovery Utility, simply locate and run the file you have previously created with the Create the Emergency Recovery Utility command described above. If the utility detects that a copy of Folder Guard is operating on your computer, and the protection is in effect, it first asks you to enter your password as you would normally do when you need to disable the protection:

If you no longer remember your password, you can click on the Forgot your password link to beging the Emergency Recovery procedure. First, it asks you to enter your licensing information into the form:

This step is necessary to stop other users from using the Emergency Recovery Utility to remove protection without your permission. If you have not purchased a license yet, and your copy of Folder Guard is operating in the evaluation mode, simply press the Continue button, and it will perform the Emergency Recovery procedure: the Master Password will be erased, and the protection of your computer will be disabled.

If you don't want anyone to be able to use the Emergency Recovery Utility to erase your password and disable the protection, simply purchase a license for continued use of Folder Guard, and enter your license key into the program. This way, only you will be able to use the Emergency Recovery Utility, since it will not proceed unless a valid license key is entered into it first.

Administrator's Kit

The Folder Guard Administrator's Kit is a set of tools designed to help system administrators with the deployment and management of Folder Guard on a large network.

The kit contains the following files:

The "enterprise build" of Folder Guard that does not require license validation over the Internet.
The client installation packages of Folder Guard in the MSI format, to be used with the x86 (32-bit) and x64 Windows clients.
The Administrative Template file that contains the Group Policies supported by Folder Guard.
The text of Folder Guard Volume License Agreement.
The document describing the kit and how to use it.

You can use the MSI packages to quickly deploy Folder Guard to a large number of computers on your network. You should use the x86 file to install Folder Guard on the 32-bit clients, and the x64 package (that contains the native 64-bit executables) to install it on the clients with the x64 versions of Windows.

The Administrative Template (.adm) file can be used with the Group Policies to deliver the license key of Folder Guard to the client computers without having to enter the license key manually on each computer.

The Folder Guard Administrator's Kit is available as a separate download. Please contact us if you are interested in ordering the kit.

Troubleshooting

Solving problems with applications failing to start or operate properly

If some application that you have on your computer started to display errors or does not start at all after you have enabled protection with Folder Guard, it could be because you have configured Folder Guard to restrict access to a file or folder that the applications uses during its operation. For example, many programs need to be able to save files into their installation folders, and if you assign the read-only or no-access attributes to such folders, it may cause such applications to fail. Other applications may need to be able to write information into the files located in the C:\Windows folder. Again, if you restrict access to the C:\Windows folder, such applications may start displaying errors. To solve such problems, review the folder restrictions you have set up with Folder Guard, and remove protection from the folders that you suspect may be causing the errors. You may also find the To protect or not to protect section of this guide of use.

Solving problems with Windows failing to start properly

If Windows cannot start properly after you have enabled protection with Folder Guard, it could be because you have configured Folder Guard to restrict access to some system file or folder that Windows uses during its work. For example, if you assign the no-access attribute to the C:\Windows folder, or to the C:\Documents and Settings folder, or to the whole C: drive, it will most probably cause Windows to fail. If that happens, simply reboot Windows in the "safe mode" (see below), run Folder Guard in that mode, and remove protection from the folders in question, then restart your computer as usual.

How to restart your computer in the "safe mode"

If you use Windows XP/2000: restart your computer and when the restart begins, press F8 several times until the "startup menu" appears on the screen.

If you use Windows Me/98: restart your computer, and keep the Ctrl key depressed while Windows restarts.

If you use Windows 95: restart your computer, and press F8 when the text "Starting Windows 95..." appears on the screen.

As a result, the "startup menu" should appear on the screen. Choose "safe mode" from it and press Enter. (Please refer to your computer's manual for more information on the safe mode.)

Once in the safe mode, run Folder Guard and turn off the stealth mode, if you enabled it before. Then choose Start - Programs - Folder Guard - Uninstall to remove the program. Then restart your computer as usual.

Performing a clean test of Folder Guard

If you suspect that the error you see is caused by a restriction you have configured with Folder Guard, try the following: completely uninstall Folder Guard from your computer, and then install it back and configure it to protect just one test folder, such as C:\Test, as described in the Quick Start Wizard section of this guide. If the problem does not occur in this case, try to restrict other folders, as needed, one at a time, testing the condition that previously resulted in an error after each significant change. This could give you an idea of what restriction is causing the problem.

Solving problems caused by incompatibility between Folder Guard and some other program

If the problem persists even when you protected just one test folder as described above, then another reason could be an incompatibility between Folder Guard and some other program you have (such as anti-virus, disk utilities, programs that install icons in the taskbar next to the system clock, etc.) You may want to try to temporarily disable such programs, one at a time, and see if that corrects the situation. If you discover what other program is causing the conflict, please let us know and we will investigate.

Commands

File menu

The File menu of Folder Guard offers the following commands:

New

Creates a new file to store the restrictions.

Open

Opens an existing file with the restrictions you have previously created.

Save

Saves the changes to the restrictions on the disk, and also builds other files necessary to perform the protection of the computer.

Save As

Saves the restrictions into a new file.

Settings

Lets you change the settings of Folder Guard by displaying the Folder Guard Settings dialog box.

Master Password

Lets you change the Master Password of Folder Guard.

Exit

Exits Folder Guard.

Protect menu

The Protect menu of Folder Guard offers the following commands:

Access

Commands to change the access attributes of the selected file, folder, or filter.

Visibility

Commands to change the visibility attributes of the selected file or folder.

Attributes - Modify

Opens the Attributes dialog box for the selected file, folder, or filter.

Attributes - Reset File/Folder/Filter

Resets the attributes of the selected file, folder, or filter to default for all users.

Attributes - Reset User Attributes

Resets the attributes of all files, folders, and filters to default for the user currently selected in the User List.

Attributes - Copy User Attributes

Copies the attributes of all files, folders, and filters between different users in the User List.

Unlocking Password

Creates or changes the Unlocking Password for the selected file or folder.

Permissions

Lets you change the permissions to use many Windows resources, such as Start Menu, Desktop, Control Panel, etc. This command opens the Permissions dialog box.

User List

Opens the Modify User List dialog box.

Trusted Programs

Opens the Trusted Programs dialog box.

Add File

Adds one or more files to the list of object displayed in the main window of Folder Guard.

Remove File

Removes the selected file from the list of objects displayed in the main window of Folder Guard. (The file itself is NOT deleted when you use this command!)

Go to Special Folder

Opens the Go to Special Folder dialog box.

Filter menu

The Filter menu of Folder Guard appears only when you switch its window into the Filters view mode. It offers the following commands:

New

Creates a new filter of Folder Guard.

Rename

Lets you rename the currently selected filter.

Delete

Deletes the currently selected filter from the list.

Properties

Lets you change the properties for the currently selected filter by opening the Filter Properties dialog box.

Move Up
Move Down

Let you change the position of the currently selected filter in the list.

Reset list

Let you reset the list of the filters as it was when you first installed Folder Guard.

View menu

The View menu of Folder Guard offers the following commands:

Folders

Switches to the folder view (Hides the list of filters and shows the list of folders instead).

Filters

Switches to the filter view (Hides the list of folders and shows the list of filters instead).

Toolbar

Shows or hides the toolbar.

Status Bar

Shows or hides the status bar.

User List

Shows or hides the User List.

Customize Toolbar

Lets you change the set and order of buttons on the toolbar.

Expand/Compact

Collapses all branches which have only subfolders with default attributes; also expands all branches which have subfolders with non-default attributes.

Refresh All

Updates the main window of Folder Guard. Use this command after you have renamed or create a new folder or file, to make Folder Guard display the updated names of the files and folders.

Tools menu

The Tools menu of Folder Guard offers the following commands:

Quick Start Wizard

Runs Quick Start Wizard.

Emergency recovery

Lets you create the Emergency Recovery Utility for Folder Guard.

Windows tools - Policy Editor

Runs the Windows Policy Editor (PolEdit.exe) or opens the Group Policies management window. Note that your computer may not have either of these tools installed.

Windows tools - Registry Editor

Runs the Windows Registry Editor (RegEdit.exe).

Windows tools - Control Panel

Opens the Control Panel.

Windows tools - Windows Explorer

Runs Windows Explorer.

Stealth Mode

Lets you enable or disable the stealth mode of operation of Folder Guard.

Clear password cache

Makes Folder Guard "forget" your most recently entered password. This command is available only if the Remember the most recently used password option is checked on the Options page of the Settings dialog box.

Lock all unlocked folders

Locks all folders that you might have previously unlocked with the unlocking passwords. This command is available only if the protection is enabled.

Enable/Disable Protection

Toggles the protection on and off.

Help menu

The Help menu of Folder Guard offers the following commands:

User's Guide

Opens the User's Guide of Folder Guard (the one you are reading now).

Enable/Disable the Advisor

Lets you enable or disable all Folder Guard Advisor messages with a single command.

Reset the Advisor Messages

Resets Folder Guard Advisor in its original state, by enabling back the messages which you have previously turned off by selecting the Don't show this message again options on them.

Is this copy legal?

Lets you check the validity of your Folder Guard license.

Enter License Key

Lets you enter or display your licensing information for Folder Guard.

Buy now!

Takes you to the Online Store at the WinAbility.Com web site.

Upgrade

Takes you to the Upgrade Center at the WinAbility.Com web site.

Support

Takes you to the customer support center at the WinAbility.Com web site.

WinAbility.Com

Opens WinAbility.Com web site in your default web browser.

About Folder Guard

Displays the version number and copyright notice of Folder Guard.

Dialog boxes

Folder Guard Settings dialog box

Use this dialog box to change the way Folder Guard operates to suit your requirements. To display this dialog box, use the Settings command on the File menu. This dialog box contains the following pages:

Protection

Settings determining how Folder Guard should protect your computer.
Options

Settings affecting the way Folder Guard protects your computer.
Hot key

Settings related to the hot key of Folder Guard.
Taskbar icon

Settings related to the taskbar icon of Folder Guard.
Misc

Miscellaneous settings of Folder Guard.

Folder Guard Settings dialog box: Protection page

Use this page to select Folder Guard protection settings. This page contains the following areas:

Enable protection at Windows startup

If checked, this option configures Windows so that it loads the Folder Guard driver during its boot process, and enables the protection at Windows startup.

Note: If you change this option, you must reboot Windows in order for the new setting to take effect.

Re-enable protection after screen saver is active for .. seconds

Check this box if you want the protection to be re-enabled automatically after a period of user inactivity. (See below for more information on how to use this option).

Note: If you change this option, you must reboot Windows in order for the new setting to take effect. (After that, you can change the "seconds" value without rebooting the computer.)

Add the Lock/Unlock commands to Windows shortcut menu

If checked, this option causes Folder Guard to add the Lock/Unlock commands to the Windows shortcut menu for the folders protected with the unlocking passwords . Note that if you enable the stealth mode, the Unlock command may not be shown on the shortcut menu even if you select this option.

Protect driver from Task Manager

If checked, this option causes Folder Guard to protect itself from being shut down by Windows Task Manager. You may want to enable this option if you don't want other users to be able to use Task Manager to disrupt the operation of Folder Guard. Note, however, that enabling this option can cause Windows to become unstable. If it happens with your system, you may want to prevent other users from using Task Manager at all, by revoking the Allow Task Manager permission.

Protect password prompts from the "password stealers"

If checked, this option causes Folder Guard to protect its password prompts from the software viruses that silently extract the passwords from the boxes where you enter them. This option is enabled by default. If you disable this option, then Folder Guard uses the regular password boxes without any special protection. More information...

Allow protection of folders on removable drives

If checked, this option causes Folder Guard to display subfolders of the removable drives (such as SCSI or ZIP drives, but not the floppy one), and thus lets you protect folders on such drives. If this option is not checked, only the root folders of the removable drives can be protected with Folder Guard.

Enable Permissions

If checked, this option allows you to use the Permissions command of Folder Guard. If not checked, Folder Guard ignores any permissions you might have set up. You may want to clear this option if you use other tools such as System Policy Editor to control the restrictions and don't want Folder Guard to interfere with such tools.

Enable protection even if Windows is restarted in the "safe mode"

Click here for more information on configuring Folder Guard to protect your computer in the "safe mode".

Enabling the protection automatically after a period of inactivity

You can use the Re-enable protection after screen saver is active option of Folder Guard to make the protection enabled automatically after a period of user inactivity.

First, configure your computer to display a screensaver (it does not matter which screensaver you choose, any one will do). You can use the Control Panel - Display - Screen Saver command of Windows to set up the screensaver.

Second, run Folder Guard, choose File - Settings from the menu, select the Protection page, and check the Re-enable protection after screen saver is active for ... seconds option. (Note that in order to select this option, you must also select the Enable protection at Windows startup option first.)

Finally, if the Enable protection at Windows startup option was not in effect before, restart the computer for the new settings to take effect.

To test the configuration, first disable the protection or unlock a folder protected with an unlocking password. Then don't move the mouse and don't press any key until the screen saver comes up. If you entered 0 as the number of minutes when configuring the Re-enable protection after screen saver is active option, then the protection should be enabled back right when the screensaver starts to work. Otherwise, wait for the number of minutes you have previously entered in the Re-enable protection after screen saver is active box. Move the mouse to dismiss the screensaver, and the protection should be enabled now, and all previously unlocked fodlers should be locked again. If you dismiss the screensaver before the additional delay passed, the protection should remain disabled.

Folder Guard Settings dialog box: Options page

Use this page to control the way Folder Guard protects your computer. This page contains the following areas:

Prompt to lock folder when closing the browsing window or program

If checked, this option causes Folder Guard to prompt you to lock the folder protected with an unlocking password when you close the browsing window or another program that you used to unlock the folder. If this option is cleared, then the unlocked folder remains unlocked until you explicitly lock the folder back, or reenable the protection in some other way.

Note that this option applies only to folders protected with passwords. It does not apply to the password-protected programs or other files. To lock back a password-protected file, please use one of the other available commands, such as the hot key. Note also that this option is not available if the next option is checked.

Auto-lock folders when closing the browsing window or program

If checked, this option causes Folder Guard to automatically lock the folder protected with an unlocking password when you close the browsing window or another program that you used to unlock the folder. If this option is cleared, then the unlocked folder remains unlocked until you explicitly lock the folder back, or reenable the protection in some other way.

Unlock folders for all user accounts

If this option is checked, then when you unlock a folder protected with an unlocking password, Folder Guard will make the folder accessible to all users, including those connecting to your computer via a network. If this option is cleared, then when you unlock a password-protected folder, Folder Guard will provide access to it for your local user account only. If the password protected folder contains only your personal documents that only you want to be able to open locally on the computer you are logged in, then clear this option. If the folder contains the documents that you want to share with other users, or if you want to be able to access them via the network, then enable this option to allow other user accounts (including the network ones) to get into the protected folder when you unlock it.

Don't show password prompts for the locked folders

If checked, this option causes Folder Guard NOT to prompt for the password when someone attempts to open a folder protected with an unlocking password . You may want to enable this option if you don't want other users to discover that the folder is protected with Folder Guard. You would still be able to unlock the folder by entering its password with the hot key, or by using the Lock/Unlock commands on Windows shortcut menu (see above).

Don't ask for password when locking folders or enabling protection

If checked, this option causes Folder Guard NOT to prompt for the password when you want to enable the protection or lock the previously unlocked folder. If this option is cleared, you will be prompted to enter your master password not only when you want to unlock a folder or disable the protection, but also when you want to lock a folder or enable the protection.

Don't allow opening of folders with the 'No access' attribute

This option affects the protection of folders with the No access attribute. If checked, this option prevents opening any such folder. (This is the default behavior on Windows XP/2000/2003 versions of Windows). If cleared, it allows the user to open such a folder (and see its contents), but prevents opening any files or documents from the folder. (This is the only behavior supported under Windows Me/98).

You may find this option useful if you want to protect access to a folder that has many files, and you want only a few of them to be accessible to the user. To set up such protection, clear this option, apply the No access attribute to the folder, then apply the Full access attribute only to the files in the folder that you want to remain accessible; the rest of the files would remain inaccessible.

Note that this option affects protection of all folders protected with the No access attribute, you cannot apply it to only some of the folders. Also, the folders protected with the unlocking passwords must still be unlocked first before you can open them, even if this option is cleared.

This option can be used under Windows XP/2000/2003 only. It is always cleared and disabled under Windows Me/9x. To simulate the effect of the checked option under Windows Me/9x, apply the Empty attribute to the folder (in addition to No access), to make the contents of the folder invisible while it is protected.

Clean up the system history lists when enabling the protection

If checked, this option causes Folder Guard to clear the lists of the recently used documents and programs, displayed by Windows on Start menu, every time you enable the protection. You may want to check this option if you don't want other users to be able to see the traces of your private documents on the Start menu.

Remember the most recently used password for ... minutes

If checked, this option causes Folder Guard to remember the last password you've entered into one of its password prompts for the specified number of minutes, so that if it must ask you for the same password again, you would not have to type it in. You may want to enable this option if you find that you are entering the password of Folder Guard too often.

Folder Guard Settings dialog box: Hot key page

Use this page to select a hot key of Folder Guard. This page contains the following areas:

Use the following key combination as the "hot key":

If checked, this option causes Folder Guard to use the keyboard combination you have entered in the box below as the hot key.

Folder Guard Settings dialog box: Taskbar icon page

Use this page to control the taskbar icon of Folder Guard. This page contains the following areas:

Show icon on taskbar

If checked, this option causes Folder Guard to display an icon on the system area of the Windows task bar (near the clock).

Flash icon while folder is unprotected

If checked, this option causes Folder Guard to periodically flash the image of the taskbar icon to indicate that the computer is currently unprotected.

Hide icon when the folder is protected

If checked, this option causes Folder Guard to hide the taskbar icon when the protection is in effect. You may want to check this option if you don't want other users to see the icon while they use your computer.

Use low-color image for the icon

This option causes Folder Guard to display a low-color icon on the taskbar. You may want to use this option if your version of Windows does not display the high-color image of the icon correctly.

Add these commands to the icon's menu

You can use these options to specify which commands should be shown on the menu of the taskbar icon (that is, the menu that is displayed next to the icon when you click it with the mouse). If you don't select any commands to be displayed on the menu icon's menu, then the menu will not be shown at all, and the icon can only be used as an indicator of the status of the folder protection, assuming you have enabled the appropriate options listed above.

Folder Guard Settings dialog box: Misc page

Use this page to select miscellaneous options of Folder Guard. This page contains the following areas:

Show "splash screen" at startup

If checked, this option allows Folder Guard to display the splash screen with information about Folder Guard at its startup. If you don't want to see the splash screen at startup, clear this option.

Show full path in the title bar

If checked, this option forces Folder Guard to display the full path of the FGA file being edited in its title bar. If cleared, only the name of the file is displayed in the title bar.

Expand folders at startup

If checked, this option forces Folder Guard to automatically expand the folders that have items with non-default attributes on Folder Guard startup (or when opening an FGA file). This option has the same effect as the View - Expand/Compact command.

Preset system folders when creating a new file

If this option is checked, then whenever you create a new active FGA file, Folder Guard automatically assigns the Visible and Full access attributes to the system folders on your computer. You may wish to turn this option off to prevent Folder Guard from scanning the root folders of the drives and thus speed up the startup process of Folder Guard.

Check for software updates automatically

If checked, this option causes Folder Guard to periodically connect to our web site to check for the availability of a newer version. If this option is not selected, then Folder Guard will display a message reminding you to check for the updates manually.

Permissions dialog box

Use this dialog box to control permissions to access various Windows resources. The dialog box contains the following pages:

Common

Common permissions to use various elements of the Start Menu, Desktop, Control Panel, etc.
Advanced

More permissions to use various Windows resources.
Internet Explorer

Permissions to use various resources of Internet Explorer.
Drives

Permissions to see and browse the drives.

Each page contains a list of permissions, one permission per line. (For the detailed descriptions of the permissions, please refer to the descriptions of the pages.) Each line in the list starts with an image showing whether the current user is permitted to access the resource or not:

The user should be denied access to the resource.
The user should be allowed to access the resource.
Folder Guard should not control access to this resource. (In most cases it has the same effect as the green check mark image above).

To change a permission, click on its image with the mouse one or more times. As with the folder protection attributes, the permissions you set up for the Default user apply to all users of your computer. If you want a user to have different permissions, simply select that user's name in the User list, and then change the permissions, as needed, to apply for the selected user only. If a user "inherits" a permission from the Default user, the cross or check mark for such a permission is shown in gray color. You can override each such permission for any user, if you want to, by clicking on the image of the permission until the desired image appears on it.

When setting up the permissions, it's important to understand how and when they take effect. Unlike the protection of folders and files, which takes effect as soon as you enable the protection of Folder Guard, most permissions take effect only when the user logs on to the computer. That is, when you enable the protection, Folder Guard sends a command to Windows that specifies which resources must be restricted according to the permissions you have set up. However, Windows does not react to such a command immediately: instead, it takes note of the command, and processes it only when the user logs on to Windows next time. (This is because Windows had been designed by Microsoft that way, we have nothing to do with it, sorry.)

There are exceptions to this rule: some permissions (such as Allow to run the registry editing tools on the Common page) do take effect immediately. Some other restrictions take a partial effect when you enable the protection: for instance, if you revoke the Allow the Run command permission for your user account, you will be blocked from using the Start - Run command as soon as you enable the protection, however, the Run command will still appear on the Start menu, until you log off and then log back on. However, most other restrictions take effect only when the user logs on to the computer.

Turning off the restrictions imposed by the permissions is not immediate, either. For instance, if the Allow the Run command permission was revoked for you when you logged on to the computer, then if you disable the protection, you will no longer be stopped from running programs, but the Run command will not appear on the Start menu at the same time, until you log off and then log back on.

Considering these properties of the permissions, it's recommended that you use them only for the users who are not supposed to change the status of the restrictions dynamically, without logging on and off. For example, if you want to revoke the Allow the Run command permission from the Guest user account, because you probably don't want your guest to run arbitrary programs on your computer without your permission, then using the permissions for such purpose is appropriate. If, however, you want to restrict the Run command for your own user account, and expect to quickly turn it on and off at will, then using the permissions is not a good choice.

Note also, that in order for the permissions to take effect when the user logs on, the protection must be in effect when the user logs on, too. In other words, you must select the Enable protection at Windows startup option. If you have just checked this option, you need to restart your computer, to make the driver of Folder Guard to initialize properly. This is necessary only the first time after you have enabled the Enable protection at Windows startup option. If you have disabled this option and then enabled it back, then again, you need to restart the computer for the changes to take effect. You don't need to restart your computer after that, as long as you keep the Enable protection at Windows startup option checked.

Permissions dialog box: Common page

Use this page to control the common permissions to access Windows resources:

Allow the Run command

If you revoke this permission, the Run command will be removed from the Start menu, Internet Explorer, and Task Manager. Also, the user will be blocked from entering the following into the Internet Explorer Address Bar:

A UNC path: \\server\share
Accessing local drives such as C:
Accessing local folders such as C:\temp
Accessing local file system using the "file://" links on a Web page.

Note: This setting affects the Run command only. It does not prevent users from using other methods to run programs.

Allow the Search menu

If you revoke this permission, the Search item is removed from the Start menu of the user and from the context menu that appears when the user right-clicks the Start menu. It also removes the Search button from the Windows Explorer toolbar and disables the F3 and the Windows logo + F key combinations. This setting does not affect Internet Explorer and does not prevent the user from using other methods to search.

Allow the Help command on the Start menu

If you revoke this permission, the Help command is removed from the Start menu of the user. This setting only affects the Start menu. It does not remove the Help menu from Windows Explorer and does not prevent the user from running Help.

Allow the Windows Update command

If you revoke this permission, the user is blocked from accessing the Windows Update Web site. This setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.

Allow the My Documents icon on the Start Menu

If you revoke this permission, the My Documents icon is removed from the Start menu and its submenus. This setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the My Documents folder. Note: To make changes to this setting effective, you must log off and then log on.

Allow the Recent Document menu

If you revoke this permission, the Documents menu is removed from the Start menu of the user. (The Documents menu contains links to the nonprogram files that users have most recently opened.) It will also prevent Windows and other programs from creating and displaying shortcuts to recently opened documents. It will also clear history of recently opened documents then the user logs off from Windows.

Show the Settings commands on the "classic" Start menu

If you revoke this permission, the Control Panel, Printers, and Network and Connection folders are removed from Settings menu on the Start menu, and from My Computer and Windows Explorer. It also prevents the programs represented by these folders from running. However, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking My Computer to start System.

Allow the Network Connections command

If you revoke this permission, the Network Connections folder is blocked from opening. It also removes Network Connections from Settings menu on the Start menu. Network Connections still appears in Control Panel and in Windows Explorer, but if the user tries to start it, a message appears explaining that a setting prevents the action.

Allow the Favorites menu on the Start menu

If you revoke this permission, the Favorites item does not appear on Start menu, and also the Display Favorites item does not appear in the Advanced Start menu options box. This setting only affects the Start menu. The Favorites item still appears in Windows Explorer and in Internet Explorer.

Allow the Logoff command

If you revoke this permission, the Log Off command is removed from the Start menu and prevents the user from logging off. It also disables or removes all menu items and buttons that log the user off the system.

Show the Shut down and Restart commands on the Start menu

If you revoke this permission, Shut Down option is removed from the Start menu and disables the Shut Down button on the Windows Security dialog box, which appears when you press CTRL+ALT+DEL. This setting prevents the user from using the Windows user interface to shut down the system, although it does not prevent them from running programs that shut down Windows.

Allow the context menu for the Start menu items

If you revoke this permission, the context menus are removed from the Start menu items. It also prevents the user from using the drag-and-drop method to reorder or remove items on the Start menu. This setting does not prevent users from using other methods of customizing the Start menu or performing the tasks available from the context menus.

Allow to change the Taskbar and Start menu properties

If you revoke this permission, the user is blocked from opening the Taskbar Properties dialog box.

Allow the Taskbar context menu

If you revoke this permission, the menus that appear when you right-click the taskbar and items on the taskbar, such as the Start button, the clock, and the taskbar buttons, are removed. Note: This setting does not prevent users from using other methods to issue the commands that appear on these menus.

Allow the system to keep track of the programs used by the user

If you revoke this permission, the system is blocked from tracking the programs the users run, the paths they navigate, and the documents they open. The system uses this information to customize Windows features, such as personalized menus.

Allow to change the location of the Taskbar

If you revoke this permission, the user is blocked from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties. This setting also locks the Quick Launch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.

Save changes to the Desktop on exit

If you revoke this permission, the user can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when the user logs off. However, shortcuts placed on the desktop are always saved.

Allow to change the Active Desktop settings

If you revoke this permission, the user is blocked from enabling or disabling Active Desktop or changing the Active Desktop configuration. This locks down the configuration you establish for Active Desktop. It removes the Web tab from Display in Control Panel. As a result, the user cannot enable or disable Active Desktop. If Active Desktop is already enabled, the user cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components. It also prevents the user from manipulating desktop toolbars.

Allow to use the Control Panel

If you revoke this permission, all Control Panel programs become unavailable. It removes Control Panel item from the Start menu.

Allow to add or delete printers

If you revoke this permission, the user is blocked from adding or deleting local and network printers. This setting also removes the Add Printer option from the Start menu and from the Printers folder in Control Panel. However, this setting does not prevent the user from using the Add Hardware Wizard to add a printer, nor does it prevent the user from running other programs that add or delete printers.

Allow to customize the toolbar of Windows Explorer and IE

If you revoke this permission, the user is blocked from changing the buttons that appear on the Internet Explorer and Windows Explorer standard toolbars. It also removes the Customize command from the Toolbars submenu of the View menu of Windows Explorer and IE.

Allow to change the toolbar band of Windows Explorer and IE

If you revoke this permission, the user is blocked from manipulating the toolbars displayed on the toolbar bands of Internet Explorer and Windows Explorer.

Allow to run the registry editing tools

If you revoke this permission, the Windows registry editors, Regedit.exe and Regedt32.exe become unavailable. If the user tries to start a registry editor, a message appears explaining that a setting prevents the action.

(XP+) Allow the My Pictures icon on the Start menu

If you revoke this permission, the My Pictures icon is removed from the Start Menu.

(XP+) Allow the My Music icon on the Start menu

If you revoke this permission, My Music icon is removed from the Start Menu.

(XP+) Allow the My Network Places icon on the Start menu

If you revoke this permission, the My Network Places icon is removed from the Start Menu.

(XP+) Allow the All Programs menu on the Start menu

If you revoke this permission, the "All Programs" item is removed from the Start menu.

(XP+) Allow to use the Show the clock option of the Taskbar

If you revoke this permission, the user is blocked from changing the Show the clock on the Taskbar Properties dialog box.

Allow to use the command prompt window (CMD.EXE)

If you revoke this permission, the user is blocked from running the interactive command prompt, cmd.exe. This setting also blocks the batch files (.cmd and .bat) from running on the computer. Note: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Terminal Services.

Allow Task Manager

If you revoke this permission, the user is blocked from running Windows Task Manager.

Permissions dialog box: Advanced page

Use this page to control the advanced permissions to access Windows resources:

Show icons on the Desktop

If you revoke this permission, the icons, shortcuts, and other default and user-defined items are removed from the desktop of the user, including Briefcase, Recycle Bin, My Computer, and My Network Places. Note that removing such icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent.

Allow to make network folders available offline

If you revoke this permission, the user is blocked from making network files and folders available offline. This setting removes the Make Available Offline option from the File menu and from all context menus in Windows Explorer. As a result, the user cannot designate files to be saved on their computer for offline use. However, this setting does not prevent the system from saving local copies of files that reside on network shares designated for automatic caching.

Allow to change the Folder options

If you revoke this permission, the Folder Options item is removed from all Windows Explorer menus and from Control Panel. As a result, the user cannot use the Folder Options dialog box.

Show the File menu on the shell window menus

If you revoke this permission, the File menu is removed from My Computer and Windows Explorer. This setting does not prevent the user from using other methods to perform tasks available on the File menu.

Allow to map or disconnect the network drives

If you revoke this permission, the user is blocked from using Windows Explorer or My Network Places to map or disconnect network drives. This setting removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in Windows Explorer and My Network Places and from menus that appear when you right-click the Windows Explorer or My Network Places icons. It also removes the Add Network Place option from My Network Places. This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.

Allow the shortcut menu in shell windows

If you revoke this permission, the shortcut menus are removed from the Desktop and Windows Explorer. Shortcut menus appear when the user right-clicks an item. This setting does not prevent users from using other methods to issue commands available on the shortcut menus.

Allow the Hardware configuration pages

If you revoke this permission, the Hardware page is removed from the Mouse, Keyboard, and Sounds and Audio Devices items in Control Panel. It also removes the Hardware page from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, the user cannot use the Hardware page to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.

Show the contents of the user's workgroup

If you revoke this permission, the computers in the user's workgroup and domain are removed from the lists of network resources in Windows Explorer and My Network Places. This setting removes the Computers Near Me option and the icons representing such computers from My Network Places. This setting does not prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box.

Show the contents of the network outside of the user's workgroup

If you revoke this permission, all computers outside of the user's workgroup or local domain are removed from lists of network resources in Windows Explorer and My Network Places. This setting removes the Entire Network option and the icons representing networked computers from My Network Places. This setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box.

Show the shortcut bar on the Open/Save As dialog boxes

If you revoke this permission, the shortcut bar is removed from the Open dialog box. This setting only affects programs that use the standard Open/Save As dialog boxes.

Show the Properties command on the My Documents' shortcut menu

If you revoke this permission, the Properties command is removed from the My Documents context menu. It also prevents the user from changing the path to the My Documents folder.

Show the Properties command on the My Computer's shortcut menu

If you revoke this permission, the Properties command is removed from the context menu for My Computer.

Allow to remove the Logoff command from the Start menu

If you revoke this permission, the user is blocked from removing the Log off command from the Start menu.

Show the My Network Places icon on the Desktop

If you revoke this permission, the My Network Places icon is removed from the desktop. This setting only affects the desktop icon. It does not prevent the user from connecting to the network or browsing for shared computers on the network.

Show the Internet Explorer icon on the Desktop

If you revoke this permission, the Internet Explorer icon is removed from the desktop and from the Quick Launch bar on the taskbar. This setting does not prevent the user from starting Internet Explorer by using other methods.

(XP+) Show the Undock PC button on the Start menu

If you revoke this permission, the Undock PC button is removed from the simple Start Menu, and the computer cannot be undocked.

(XP+) Show the Taskbar Notification area

If you revoke this permission, the notification area (also known as the system tray) is removed from the taskbar. The notification area is located at the far right end of the taskbar and includes the icons for current notifications and the system clock.

(XP+) Show the Quick Launch and other toolbars on the Taskbar

If you revoke this permission, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the Toolbars menu command and submenu are removed from the context menu of the taskbar.

(XP+) Show the Frequently Used Programs list on the Start menu

If you revoke this permission, the frequently used programs list is removed from the Start menu.

(XP+) Allow to use the System Restore

If you revoke this permission, the user is blocked from using System Restore. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. Important: This setting only refreshes at boot time. Note: This setting is only available in the Home Edition and Professional versions of Windows XP.

(XP+) Allow to change the System Restore configuration

If you revoke this permission, the user is blocked from changing the configuration of System Restore. Note: This setting is only available in the Home Edition and Professional versions of Windows XP.

(XP+) Allow to run Windows Messenger

If you revoke this permission, the user is blocked from running Windows Messenger. It also blocks Windows Messenger from loading automatically when the user logs on to Windows.

(XP+) Allow to create or modify the rewritable CDs

If you revoke this permission, the user is blocked from using Windows Explorer to create or modify rewritable CDs, if you have a CD writer connected to your computer. This setting does not prevent the user from using third-party applications to create or modify CDs using a CD writer.

(XP+) Show the Shared Documents folder

If you revoke this permission, the Shared Documents folder is removed from My Computer.

Allow to open the Microsoft Management Console (MMC) in author mode

If you revoke this permission, the user is blocked from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default. As a result, the user cannot create console files or add or remove snap-ins. This setting does not prevent the user from opening MMC user-mode console files, such as those on the Administrative Tools menu. However, the user cannot open a blank MMC console window.

Allow to install programs as other user

If you revoke this permission, the user is blocked from submitting alternate logon credentials to install a program. This setting suppresses the Install Program As Other User dialog box for local and network installations.

Allow the Security configuration pages

If you revoke this permission, the Security page is removed from Windows Explorer. This setting blocks the user from using the Security page on the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives.

Show the common programs on the Start menu

If you revoke this permission, the items in the All Users profile are removed from the Programs menu on the Start menu. By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.

Show the Manage command on the context menu of My Computer

If you revoke this permission, the Manage command is removed from the Windows Explorer context menu that appears when you right-click Windows Explorer or My Computer. This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.

Allow the non-approved shell extensions

If you revoke this permission, the user is blocked from using Windows shell extensions that have not been approved by the administrator.

Permissions dialog box: Internet Explorer page

Use this page to control the permissions to access various Internet Explorer resources:

Allow to use the Internet Options command

If you revoke this permission, the user is prevented from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer. Caution: This policy does not prevent users from viewing and changing Internet settings by clicking the Internet Options icon in Control Panel.

Allow to change the Home page settings

If you revoke this permission, the user is prevented from changing the home page of the web browser. The home page is the first page that appears when the user starts the browser.

Allow to change the General settings

If you revoke this permission, the General page is removed from the Internet Options dialog box.

Allow to change the Security settings

If you revoke this permission, the Security page is removed from the Internet Options dialog box.

Allow to change the Privacy settings

If you revoke this permission, the Privacy page is removed from the Internet Options dialog box.

Allow to change the Content settings

If you revoke this permission, the Content page is removed from the Internet Options dialog box.

Allow to change the Connection settings

If you revoke this permission, the Connections page is removed from the Internet Options dialog box.

Allow to change the Programs settings

If you revoke this permission, the Programs page is removed from the Internet Options dialog box.

Allow to change the Advanced settings

If you revoke this permission, the Advanced page is removed from the Internet Options dialog box.

Allow to customize the Search Assistant

If you revoke this permission, the user is prevented from using Customize button in Search Assistant. The Search Assistant is a tool that appears in the Search bar to help users search the Internet. This setting blocks users from changing their Search Assistant settings, such as setting default search engines for specific tasks.

Allow to import or export the Favorites list

If you revoke this permission, the user is prevented from exporting or importing favorite links by using the Import/Export Wizard. The user can still view the screens of the wizard, but when the user clicks Finish, a message appears that this feature has been disabled.

Allow to use the Internet Connection Wizard

If you revoke this permission, the user is prevented from running the Internet Connection Wizard.

Allow to use the Identity Manager

If you revoke this permission, the user is prevented from using Identity Manager.

Allow the File - Save As command of IE

If you revoke this permission, the user is prevented from saving web pages from the browser File menu to the hard disk or to a network share.

Allow the File - New command of IE

If you revoke this permission, the user is prevented from opening a new browser window from the File menu. Caution: This setting does not prevent users from opening a new browser window by right-clicking, and then clicking the Open in New Window command.

Allow the File - Open command of IE

If you revoke this permission, the user is prevented from opening a file or web page from the File menu in Internet Explorer. Caution: This setting does not prevent the user from right-clicking a link on a web page, and then clicking the Open or Open in New Window command.

Allow to close Internet Explorer

If you revoke this permission, the user is prevented from closing Microsoft Internet Explorer and Windows Explorer.

Allow to view source of the web pages

If you revoke this permission, the user is prevented from viewing the HTML source of web pages by clicking the Source command on the View menu. Caution: This policy does not prevent users from viewing the HTML source of a Web page by right-clicking a Web page to open the shortcut menu, and then clicking View Source.

Allow to modify the Favorites menu

If you revoke this permission, the user is prevented from adding, removing, or editing the list of Favorite links.

Allow to use the web context menu

If you revoke this permission, the shortcut menu is blocked from appearing when the user clicks the right mouse button while using the browser. This setting can be used to ensure that the shortcut menu is not used as an alternate method of running commands that have been removed from other parts of the interface.

Allow to use the Open in New Window command

If you revoke this permission, the user is prevented from using the shortcut menu to open a link in a new browser window.

Allow to download files with Internet Explorer

If you revoke this permission, the user is prevented from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.

(IE6+) Allow OutlookExpress to open executable email attachments

If you revoke this permission, the user is prevented from using Outlook Express to save or open attachments that can potentially contain a virus.

(IE6+) Allow to use the Media Explorer Bar

If you revoke this permission, the user is prevented from using the Media Explorer Bar and its auto-play feature.

Allow the channel user interface

If you revoke this permission, the user is prevented from viewing the Channel bar interface.

Allow changes to channels and channel subscriptions

If you revoke this permission, the user is prevented from adding or removing channels. It also prevents channel synchronization in Microsoft Internet Explorer. Note: This policy does not prevent users from removing active content from the desktop.

Allow changes to site subscriptions

If you revoke this permission, the user is prevented from specifying that web pages can be downloaded for viewing offline. It also prevents the user from clearing or editing the preconfigured settings for web pages to be downloaded for offline viewing.

Permissions dialog box: Drives page

Use this page to control the permissions to see and browse the drives your computer has:

Allow browsing

If you revoke a permission to browse a drive, then the following restrictions will take effect:

The icon of the restricted drive is removed from the My Computer folder, from Windows Explorer, and from the standard Open/Save As dialog boxes. The user is also restricted from browsing the contents of the restricted drive. However, this setting does not prevent users from using other programs to access the drive or its contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.

Attributes dialog box

You can use this dialog box as an alternative method of changing the protection settings (such as the attributes and the unlocking password) of files, folders, and filters with Folder Guard. To display this dialog box, select a file, folder, or filter in the Folder Guard window, and press Alt+Enter or choose Attributes - Modify command from the Protect menu. For files and folders (but not for filters) you can also display this dialog box by pressing the Enter key or by double-clicking the file or folder with the mouse. The Attributes dialog box contains the following areas:

User

Shows the user for whom the attributes of the item are displayed in the Attributes area. You may select any user in this list to modify the attributes of the selected item for a particular user.

Attributes

Shows the access and visibility attributes of the selected item for the user selected in the User area. The changes to the attributes you make using this dialog box have the same effect as the appropriate commands on the Protect menu. Note that the visibility attributes are not available for the filters.

Create/Change Unlocking Password

Press this button to create or change the unlocking password for a file or folder. This command has the same effect as the Unlocking Password command on the Protect menu. Note that this button is not available for filters, or for the My Computer folder.

Reset attributes

Press this button to assign the default attributes to the selected item for all users, as well as to erase the unlocking password), if any, for the selected file or folder. This command has the same effect as the Attributes - Reset Folder/File/Filter command on the Protect menu.

Filter properties dialog box

You can use the Filter properties dialog box to modify the properties of the filters of Folder Guard. To display this dialog box, select the filter you want to change in the Folder Guard window, and press Enter or choose Properties command from the Filter menu. (You can also double-click the filter with the mouse or press the Enter key to display this dialog box).

This dialog box contains the following areas:

Apply to files

A mask that specifies the names of the files to which this filter should apply. If a file has a name that matches the mask entered in this box, this filter would apply to that file, unless the name of the file matches the mask entered in the Except for files box. (See below for the examples). Empty box means ALL (the same as *), that is all files match the filter.

Except for files

The mask that specifies the file names the filter should NOT be applied to. Empty area means NONE, that is no files are excluded from the filter. If a file name matches the mask entered in this area, the filter will not be applied to such a file, even if its file name matches the Apply to files mask.

Apply to folders

The mask of the folders to which the filter should applied. Only files located in the folders listed in this box would be subject to this filter. (See below for the examples). Empty area means ALL (the same as *), that is all folders match the filter.

Except for folders

The folders the filter should NOT be applied to. Empty area means NONE, that is no folders are excluded from the filter. If a file is located in a folder that matches the mask entered in this area, the filter will not be applied to such a file, even if its folder matches the Apply to folders mask.

Apply to modules

The mask specifying the names of the executable modules to which this filter should apply. Only files accessed by the modules defined by this mask would be subject to this filter, unless the name of the module matches the mask entered in the Except for modules box. (See below for the examples). Empty area means ALL (the same as *), that is files opened by any module would match the filter.

Except for modules

The modules this filter should NOT apply to. Empty area means NONE, that is no modules are excluded from the filter. If the module name matches the mask entered in this area, the filter will not be applied to the files accessed by that module, even if the module name matches the Apply to modules mask.

Comments

Any text (such as explanatory notes) may be entered here. The content of this box is not used by Folder Guard when restricting access to files with the filters.

Note: The name of a filter can be changed using the Filter - Rename command. Folder Guard does not use the name while performing the protection; it is just a label to help you identify the filter.

How Folder Guard applies the filters

Whenever a program attempts to access a file, Folder Guard takes a note of the following information:

The file name of the file being accessed;
The full path to the folder where the file in question is located;
The module name of the program that is accessing the file.

Folder Guard then walks through the list of filters, in the order they are listed in the Folder Guard window, and attempts to match the noted information with each filter that has a non-default access attribute for the user currently logged on to the computer. The match occurs if all of the following conditions are met:

The name of the file being accessed matches the mask of the Apply to files field of the filter, but does not match the Except for files field, AND
The name of the folder where the file is located matches the specification of the Apply to folders field of the filter, but does not match the Except for folders field, AND
The name of the program module accessing the file matches the specification of the Apply to modules field of the filter, but does not match the Except for modules field.

If all three conditions above are met, Folder Guard uses the access attribute assigned to the filter to allow or deny access to the file. If at least one condition listed above is not met, Folder Guard skips the filter and continues to search for the matching filter until the end of the list is reached. If no matching filter is found, Folder Guard uses the access attribute of the file, as it was assigned with Folder Guard and displayed in the Folder view. If the file was not added to the folder list, or has a default access attribute, the access attribute of the folder where the file is located is used.

Remarks

All masks are case-insensitive. For example, *.exe, *.Exe, and *.EXE all have the same effect. When describing the masks of the filters, the following terms are used:

path, full path, complete path
The full DOS path, usually beginning with a drive letter, used to specify the exact location of files and folders on the computer disks. For example, C:\Docs\Personal\Letter to mom.doc is the path to the file named Letter to mom.doc, located in the subfolder Personal of the folder Docs on the drive C:. The full path to the folder where this file is located is C:\Docs\Personal.

folder part of a path
The full path to the folder where the file in question is located. In the previous example, C:\Docs\Personal is the folder part of the full path to the file Letter to mom.doc.

full file name, complete file name
The name of the file that uniquely identifies the file within the folder where it resides. In the previous example, Letter to mom.doc is the full file name of the file.

file name
the part of the full file name that does not include the file name extension. In the previous example, Letter to mom is the file name of the file Letter to mom.doc.

extension, file name extension
The part of the complete file name, following the last dot in the name, if any. The extension is used by Windows to identify the type of the file. In the previous example, doc is the complete file name of the file Letter to mom.doc.

Note: Window Explorer may not show the file name extensions. To make the extensions visible, run Explorer, choose View - Folder Options in the menu, select the View page, and clear the ''Hide file extensions for known file types'' option.

wildcard
The star (*) character used as a placeholder for zero, one or more of arbitrary characters. Note the question mark character (?) is NOT used as a wildcard in the filter masks.

module name
The name of the module that is accessing a file. For more information about the modules see Trusted Programs.

Examples of masks for the Apply to/Except for files boxes

*.txt
All files that have the file name extension txt, such as Test.txt, ABC.TXT, foo123.tXt, match this mask. Test.txt1, ABC.doc, T.toc are some of the names that do NOT match this mask.

abc.*
All files that have the file name abc, such as abc.txt, ABC.doc, AbC.exe, match this mask. Abc1.txt, ABCDEF.doc, A.exe, abc (without any extension) are some of the names that do NOT match this mask.

abc*
All file names that begin with abc, such as abc.txt, ABC1.doc, AbCdEfG.exe, abc (without any extension) match this mask. Ab.txt, B.doc, CBA.exe, are some of the names that do NOT match this mask.

*.t*
All files that have the file name extension beginning with t, such as Test.txt, ABC.TOC, foo123.t, match this mask. Test.123, ABC.doc, T.exe are some of the names that do NOT match this mask.

*.*
All files match this mask, except the file names that don't have the dot in the name (and, therefore, don't have the file name extension).

*
All files match this mask.

abc.txt
(No wildcard is used). Only the files with the full file name abc.txt (case-insensitive) match this mask. All other names do NOT match this mask.

If a mask must include spaces, it should be enclosed in double quotes. For example, to specify all files that begin with white paper, use the mask "white paper*", including quotes.

Several masks may be separated with spaces, semicolons (;), or commas (,). For example:

*.txt;"white paper*";*.EXE,*.doc

Any file that have the file name extension txt, or exe, or doc, or if its file name begins with white paper, would have matched such a composite mask.

Examples of masks for the Apply to/Except for folders boxes

C:\Docs
All files located in the C:\Docs folder, such as C:\Docs\Test.txt, C:\Docs\ABC.TXT, C:\Docs\foo123.toc, match this mask. If a file is located in any other folder (including any subfolders of C:\Docs), such as C:\Temp\Test.txt, C:\Docs\Personal\Test.txt, D:\Archive\ABC.TXT, do NOT match this mask.

C:\Docs\*
All files located in any subfolder of the C:\Docs folder (but not those located in the C:\Docs folder itself), such as "C:\Docs\Business\white paper.txt", "C:\Docs\Personal\Letter to mom.doc", match this mask. If a file is located in any other folder (including the folder C:\Docs), such as C:\Temp\Test.txt, C:\Docs\Test.txt, D:\Archive\ABC.TXT, do NOT match this mask.

C:\Docs*
All files located in any folder which path begins with "C:\Docs", such as "C:\Docs\Business\white paper.txt", "C:\Docs\Personal\Letter to mom.doc", C:\Docs\Test.txt, C:\DocsOld\1998.txt, match this mask. If the path of the folder does not begin with C:\Docs, such as C:\Temp\Test.txt, C:\Doom\Game.exe, D:\Docs\ABC.TXT, do NOT match this mask.

*
Files in all folders match this mask.

If a mask must include spaces, it should be enclosed in double quotes. For example, to specify all files that reside in subfolders of C:\Program Files, use the mask "C:\Program Files\*", including quotes.

Note that some applications and Windows components use the short (a.k.a. MS-DOS-style) names for the folders. (For example, C:\PROGRA~1 refers to the same folder as C:\Program Files.) To protect access from such applications, add a mask to match the short name of the folder as well (for example, C:\PROGRA~1\* ).

Several masks may be separated with line breaks, spaces, semicolons (;), or commas (,). For example:

"C:\Program Files\*", C:\PROGRA~1\*, C:\Windows*

Examples of masks for the Apply to/Except for folders boxes

notepad
The files accesses by Windows Notepad match this mask. Files accessed by any other module do not match this mask.

win*
Only module names that begin with win, such as winfile or winword, match this mask.

*
All module names match this mask.

Several masks may be separated with spaces, semicolons (;), or commas (,). For example:

notepad winword winfile

Go to special folder dialog box

You can use this dialog box to quickly locate one of the special folders of Windows and select it in the main window of Folder Guard. A special folder is a folder used by Windows for special purposes. For example, the Desktop folder is used to store the items displayed on the Desktop, the Start Menu folder is used by Windows to keep the shortcuts that appear on the Start Menu, and so on. This dialog box contains the following areas:

Special folders

The list of the special folders defined for the current user account, as well as the common special folders (used for all user accounts). Note that the content of this list depends on the version of Windows that you use, as well as on the configuration of the user's accounts that you have set up.

Path

Displays the full path of the currently selected special folder.

Modify User List dialog box

You can use this dialog box to manipulate the list of the user accounts that appear in the User List of Folder Guard. You can use the User List to restrict access to your files and folders differently for different users. Note that Folder Guard maintains a special Default user account that always exists in the user list and cannot be removed. This dialog box contains the following areas:

Users

The list of users currently included in the User List, in addition to the Default user account.

Add

Click this button to add a new name to the User List.

Add Existing

Click this button to add a new name to the User List by choosing the name from the list of known users of your computer.

Remove

Click this button to remove the selected name from the User List. (It will NOT delete the user account itself!)

Rename

Click this button to rename the selected name in the User List.

Move Up
Move Down

Use these buttons to change the order of names displayed in the User List.

Trusted Programs dialog box

You can use this dialog box to modify the list of the trusted programs. This dialog box contains the following areas:

Names

Shows the module names of the programs that are currently chosen to be trusted. A module name is usually the same as the file name (without the .exe extension) of the appropriate executable file. For example, the executable file of Microsoft Word application is winword.exe, therefore its module name is winword. The module names are case-insensitive, that is REGSVR32 and Regsvr32 are the names of the same module.

Interpretation of the list

This option lets you control how the list of the programs should be treated by Folder Guard while performing the protection. Normally, you should use the first option offered, The listed programs are the trusted ones. In some cases, however, you may find more suitable the second option, All programs are trusted except the listed ones. For example, you may make the list to contain only one entry, EXPLORER. In such a case, Folder Guard will protect the files and folders only if Windows Explorer is used by the user to browse the contents of the disks. If the user uses any other program, Folder Guard will NOT protect the folders.

Add to the list

This group of buttons lets you add new module names to the list. (Note that only Windows programs, 32-bit or 16-bit, can be made trusted. If you add a name of a DOS program or console application to the list, it will be ignored by Folder Guard.)

Task

Press this button to choose a name from the list of the currently running programs. (This is the recommended method of adding new entries to the Trusted Programs list.) When you press this button, a menu appears on the screen that contains the names of all the currently running modules that may be added to the list.

File

Press this button to browse for the executable file of the program you want to designate as a trusted one. Use this method to add the name of a module that is not currently running.

Name

Press this button if you know the module name of a program and want to type it in directly into the box. Note that Folder Guard does not verify that the name you have typed in is a valid module name. If you type in a name that does not correspond to the module that you would like to be trusted, it will be ignored by Folder Guard. To avoid possible errors while typing in the names, we recommend using the other two methods, Task or File, instead of this one.

Modify

Use this button to modify the name currently selected in the list.

Delete

Use this button to delete the currently selected name from the list.

Reset

Use this button to reset the contents the trusted modules list.

Move item

Lets you change the order of modules in the list.

Copy User Attributes dialog box

You can use this dialog box to quickly copy the protection attributes of all items (folders, files, and filters) between different users listed in the User List of Folder Guard. To display this dialog box, use the Attributes - Copy User Attributes command of the Protect menu. This dialog box contains the following areas:

From User

The name of the user account which protection attributes should be copied to another user account.

To User

The name of the user account the attributes should be copied to.

This operation makes the attributes of all folders, files, and filters for the user specified in the To User field identical to those of the user specified in the From User field.

To copy the permissions between users as well, use the Copy Permissions button on the Permissions dialog box.

Customize Toolbar dialog box

You can use this dialog box to change the set of buttons displayed on the toolbar of Folder Guard window. To display this dialog box, use the Customize Toolbar command of the View menu. This dialog box contains the following areas:

Available buttons

The list of buttons that can be placed on the toolbar.

Current Toolbar buttons

The list of buttons that the toolbar currently contains.

You can also use the mouse to drag buttons between these lists. Pressing the Reset button restores the toolbar to its original state - just as it was when you first installed Folder Guard.

Note also that you can change the size of the toolbar buttons by right-clicking on the toolbar (on the main window of Folder Guard) and selecting the desired size from the popup menu.

FAQ (Frequently Asked Questions)

Can I use the same license key to install Folder Guard on several computers?

Yes, you can use the same license key, provided that you are installing it on no more computers than included in your license. Please refer to the file License.txt (installed along with other files of Folder Guard) for the detailed description of the terms of using this software on more than one computer. For information on our site license and quantity discounts, please visit our Online Store.

How do I enter the License Key?

Folder Guard prompts you to enter your license key when you run it: simply press the Enter License Key button on the Welcome screen and enter your licensing information into the form.

Alternatively, you can run Folder Guard, choose the Help - About command from its menu, and click on the Enter License Key button.

IMPORTANT: When entering your licensing information, make sure you enter your name and the license key exactly as they are shown on your license certificate, including all capitalization and punctuation. Otherwise, Folder Guard may not accept the license key or may not register your information properly. You may wish to copy and paste the name and key from our message into the form, to avoid typos.

What happens when the evaluation period expires?

This software comes with a built-in license that allows you to use it for free for the first 30 days after the installation. When this initial evaluation period expires, Folder Guard continues to operate as usual, except that it starts to display a reminder message informing you that the evaluation period has expired.

Note that if another user is using your computer while the reminder message is displayed, the user can click on the message and that would disable the protection of folders that you have set up. To prevent other users from being able to access your protected files and folders, please purchase a license for the continued use before the expiration of your evaluation period.

I've lost Folder Guard password. What should I do?

If you have lost the Master Password of Folder Guard, you can reset it by running the Emergency Recovery Utility.

If you have forgotten an unlocking password for a folder, or some other password used by Folder Guard, simply run Folder Guard and use its appropriate command to set up a new password.

I've reinstalled Windows and cannot access my protected folders. What should I do?

If you have not installed a fresh copy of Folder Guard yet and you still cannot access your protected folders, it means that the problem is not related to Folder Guard: when Folder Guard is not installed, it is not protecting anything. Most probably, the NTFS permissions of Windows prevent you from accessing your files and folders. To restore access, you need to "take ownership" of your files and folders. Please refer to Windows Help for more information or for the instructions on how to do that.

Will Folder Guard encrypt my files?

No, Folder Guard does NOT encrypt or otherwise modify your files in ANY WAY. Folder Guard protects your files dynamically, that is, it intercepts requests from other programs to open files or list the contents of folders, and then rejects such requests for the files in the folder you have chosen to protect. The files and folders themselves remain undisturbed during this process, in their original condition.

As a result of such design, there is no danger of losing your documents if you lose your encryption key. On the other hand, your secret folder is protected only on your computer, where Folder Guard is installed and configured. If you require your private files to be protected even when taken to another computer, or when Windows or Folder Guard are not running, then you need an encryption program.

Please visit the following web page for more information about our encryption products:

http://www.winability.com/encryption/

Can I protect the "virtual" folders such as My Computer?

No, Folder Guard does not currently protect such folders, only the "real" folders (that is, the folders that actually exist on your hard disk and which you can use to store arbitrary files) can be protected with it. However, you may want to use the permissions of Folder Guard to restrict many aspects of the functionality related to the "virtual" folders.

Can I password-protect the shared folders?

You can password protect a shared folder, but entering the password over the network to unlock it is not currently possible, it can only be unlocked from the same computer where the shared folder is physically located. There are other ways to control access to the shared folders, though.

You may also want to use the built-in Windows security to protect the shared folders, instead of Folder Guard. Please refer to Windows Help for information on how to configure the security of the shared folders.

How do I protect icons on my Desktop?

You can hide or prevent access to your desktop icons in the same way as you would protect any other file or folder. The only trick when protecting the desktop items is to determine the correct locations of these items on your hard disk. (Use the Go to Special Folder command to locate such folders.) Keep in mind that if you use Windows XP or Windows 2000, there are two physical folders which are used by Windows to display icons on your desktop: one is your personal desktop folder, and the second one is the "common" desktop folder, used to store the items common to all users of your computer. The Go to Special Folder command of Folder Guard lets you locate either of these folders easily.

How do I protect my Start Menu?

Windows stores the Start Menu items in a special folder on your hard disk. (You can use the Go to Special Folder command to locate this folder.) Keep in mind that if you use Windows XP or Windows 2000, there are two physical folders which are used by Windows to display icons on your Start Menu: one is your personal folder, and the second one is the "common" folder, used to store the items common to all users of your computer. You can restrict access to the Start Menu items by restricting access to such folders, or to the shortcuts they contains.

An alternative way of restricting users from using the Start Menu commands is by setting up the permissions of Folder Guard.

How do I protect Control Panel of Windows?

One way is to use the permissions of Folder Guard.

An alternative method is to restrict access to the CPL files, located usually in the C:\Windows\System or C:\Windows\System32 folder. Each of the CPL files is a module responsible for one or several groups of settings of Control Panel:

Module Control Panel icons

ACCESS.CPL Accessibility Options

APPWIZ.CPL Add/Remove Programs

DESK.CPL Display

HDWWIZ.CPL Add/Remove Hardware

INETCPL.CPL Internet settings, user accounts on Windows 95,98,Me

INFRARED.CPL Infrared

INTL.CPL Regional settings

JOY.CPL Game Controllers

MAIN.CPL Fonts, Keyboard, Mouse, PC Card (PCMCIA), Printers

MMSYS.CPL Sounds

MODEM.CPL Modems

NCPA.CLP Network connections

NETCPL.CPL Network settings

NUSRMGR.CPL User manager on Windows XP

ODBCCP32.CPL ODBC Data Source Administrator

PASSWORD.CPL Passwords

POWERCFG.CPL Power Management

SYSDM.CPL System

TELEPHON.CPL Telephony

THEMES.CPL Desktop Themes

TIMEDATE.CPL Date/Time

(You may have other CPL files, or not all of the files listed above, depending on the software installed on your computer).

To restrict access to Control Panel, use Folder Guard to restrict access to the appropriate CPL files, by assigning the no access attribute to them.

How do I protect Outlook Express?

You can protect access to Outlook Express by restricting access to its executable file, msimn.exe, which is usually located in the C:\Program Files\Outlook Express folder.

You can also protect individual folders used by Outlook Express by restricting access to the appropriate message files, located in the Store Folder of Outlook Express. (You can find out the location of this folder by choosing the Tools - Options command from the main menu of Outlook Express, selecting the Maintenance page, and pressing the Store Folder button).

Note that if you use Outlook (not Express), you can protect its whole message store, but not the individual folders, because, unlike Outlook Express, Outlook keeps all its folders in a single message file.

Why does Search show the protected files?

If you've just protected a folder that you used to have for some time, then it's quite possible that if you use Windows Search command to search for the files in that folder, the search results would display the protected files. The problem is, the search results are displayed from the search index that Windows builds and keeps separate from the original files. That's why the file names of the protected files may appear in the search results even though the files themselves are protected with Folder Guard.

To solve this problem, you need to configure the search command of Windows not to index the protected folders. The procedure depends on the version of Windows that you have. Please refer to Windows Help for the specific instruction on how to exclude the protected folders from the search indexing.

Can I protect folders on the removable drives, such as USB flash drives and others?

You can use Folder Guard to restrict access to folders located on the removable drives, but such protection will be in effect only on your computer, where Folder Guard is installed and configured properly. If you connect the removable drive to some other computer (that does not have FolderGuard on it), the folders on the removable drive will NOT be protected.

If you need your removable drives to be protected on other computers as well, you need to use an encryption program. Please visit the following web page for more information:

http://www.winability.com/encryption/

Can I use Folder Guard to create password-protected CD/DVD discs?

You can use Folder Guard to restrict access to the CD/DVD drive of your computer, but such protection will be in effect only on your computer, where Folder Guard is installed and configured properly. If you insert a disc in the CD/DVD drive of some other computer (that does not have FolderGuard on it), the disc will NOT be protected.

If you need to create password-protected CD/DVD discs, you need to use an appropriate encryption program. Please visit the following web page for more information:

http://www.winability.com/encryption/

Will my anti-virus program protect files in the restricted or hidden folders?

If you restrict access of hide a folder with Folder Guard, then virtually no program, including the anti-virus one, will see or be able to open the files in the protected folder. To allow your anti-virus program check all files for viruses, you need to either disable the protection before scanning your hard drive for viruses, or add your anti-virus program to the Trusted Programs list.

Will my backup program back up the files located in the protected folders?

It depends on the backup program you have. If the backup is performed in the DOS mode, or some other mode when Windows is not operating, then Folder Guard will not be protecting your files, and the backup program should be able to backup all your files, as usual. If, however, your backup program runs under Windows, when folder protection is in effect, then it will have no access to your protected files, and it will not back them up! To allow your backup program to backup your protected files, you need to either disable the protection before starting the backup program, or add your backup program to the Trusted Programs list of Folder Guard. Don't forget to test your backup set of files to make sure your protected files have actually been backed up! To prevent other users from running the backup program and being able to access your protected documents that way, you may want to protect the backup program itself with a password.

How to make the protected folders keep their custom icons?

If you have set up a custom icon for a folder and then protected it with the no access attribute, then when you enable the protection, the custom icon of that folder may be reverted back to the regular one.

In order to keep the custom icon of a folder, you need to configure Folder Guard to allow access to the file desktop.ini that the folder contains. That is, run Folder Guard, select the folder in question, then choose Protect - Add file from the menu, and double click on the file desktop.ini to add it to the list.

(If you don't see the name desktop.ini in the list, you may need to adjust your file view options: choose Start - Control - Folder Options from the Windows Start Menu, select the View page, select the Show hidden files and folders option, and also clear the Hide extensions for known file types option. Then repeat the Protect - Add file command of Folder Guard, now you should see the desktop.ini file in the list.)

After you have added the desktop.ini file to the list of objects that could be protected with Folder Guard, select the desktop.ini file in the Folder Guard window and assign the full access attribute to it. Save the changes and enable the protection, as usual, and now its custom icon should remain intact.

May I give a copy of Folder Guard software to a friend?

Yes, you may give the installation files of our programs to your friends and associates. However, you may NOT share your license key, if any, with anybody else. Please remember that the license key we provide you with are for your own use only. If your friends like our programs, please let them purchase their own license keys. To avoid possible confusion, please give out the original installation files that you may download from our web site.

There are several other simple, but important conditions which we impose on further redistribution of our products. Please refer to the file License.txt in the folder where you have installed Folder Guard for the complete description of our distribution requirements.

How can I get a printed version of this guide?

This user's guide is available online in the printed-friendly format:

http://www.winability.com/folderguard/users-guide-printable.htm

Simply open the link above in your web browser and use the web browser's Print command to print it out on your printer.