The software described in this guide is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WinAbility Software Corporation. WinAbility Software Corporation may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from WinAbility Software Corporation, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

NO WARRANTY

The technical information in this document is provided AS-IS and WinAbility Software Corporation makes no warranty as to its accuracy or use. Any use of the information contained herein is at the risk of the user. This document may include technical or other inaccuracies or typographical errors.

Copyright Notice

© 2008 WinAbility Software Corporation. All rights reserved.

Trademarks

WinAbility, WinAbility.Com, Folder Guard, and "The Way Software Should Be!" are either registered trademarks or trademarks of WinAbility Software Corporation and/or its suppliers in the U.S.A. and/or other countries. Other product and company names mentioned in this document may be the trademarks or registered trademarks of their respective owners and are hereby acknowledged.

Thank you for choosing Folder Guard!

Folder Guard is a computer security software tool that lets you password-protect, hide, or restrict access to files and folders of your choice, and also restrict access to other Windows resources, such as Control Panel, Start Menu, Desktop, and more. You can configure the protection so that only specific users would be restricted, on both stand-alone and networked computers.

Note: There are several editions of Folder Guard available at this time. Throughout this User's Guide, we use the name Folder Guard to refer to any of such editions.

CAUTION: Folder Guard is a powerful tool that should be used with care. Please take time reading this User's Guide before protecting access to your important documents!

With Folder Guard you can:

Protect your private files and folders with passwords

You can protect virtually any folder or file with a password, allowing only the authorized users to open the protected files or folders. You can protect an unlimited number of files and folders, each with its own password, or you can use the master password of Folder Guard to unprotect them all at once.

Hide your personal folders from other users

You can set up Folder Guard to make your private folders invisible (or appear to be empty) to other users. The folder would be hidden from virtually any program, including Windows Explorer, Office, MS-DOS programs, etc.

Restrict access to Control Panel, Start Menu, Desktop, etc.

You can use Folder Guard to allow only certain users change the computer settings with Control Panel, while denying that to other users. You can control access to various settings of Start Menu, Desktop, Taskbar, and other Windows resources.

Restrict access to the floppy, CD-ROM and other removable drives

You can use configure Folder Guard to allow or deny access to the removable drives, restricting the user's ability to run or install unauthorized programs on your computer.

Protection without encryption

Folder Guard protects your files without encrypting them. It means that there is no danger of losing your documents if you lose your encryption key: with Folder Guard all your files remain intact, without modification of any kind.

Quickly enable or disable the protected folders via a "hot key"

You can choose a specific keyboard combination as the hot key of Folder Guard, to be able to quickly enable or disable the protection of your computer. Of course, the "hot key" is protected with your password, too, only you can use it!

Optional "stealth mode" of operation

You can set up Folder Guard to operate in the stealth mode, to hide its own files and shortcuts from being seen by other users. You would still be able to control Folder Guard via the "hot key".

Easy recovery in case of emergency

If you forget your password, or experience other problems, simply use the Emergency Recovery Utility (available for free download from our web site) to quickly restore access to your protected folder.

And more!

You will find Folder Guard indispensable if you share your computer with others and you don't want any changes made to your files. Or, if you allow your kids to play games on your system from time to time, and want to be sure that everything will be OK when they finish. Or, if you don't want your parents to see some of your files. Or, if you are a network administrator and your users give you a headache messing the files up all the time. However you use Windows, you may have concerns about the security, privacy, or confidentiality of your files. And now you have a single, effective solution - Folder Guard.

If you have not done so yet, visit our web site now and download a free no-strings-attached-no-obligation evaluation version of Folder Guard and see for yourself how Folder Guard can be of use to you:

Note: Folder Guard helps you protect files and folders from the prying eyes of most Windows users. This protection, however, is not intended to withstand attack by anyone who has sufficient time and expertise.

Relax, you don't have to read or understand this section in order to use Folder Guard. We have provided this information only in case you are really curious. You can safely skip this section and go to the next one.

As you probably know, most Windows programs don't work with files and folders directly; they rely on the support provided by the Windows operating system to work with files and folders. (It makes each program able to work with wide range of the storage devices, letting Windows take care of the details). For example, if you use Windows Notepad to open a text document, the Notepad program first prepares a special request for the contents of the disk and sends this request to Windows. Having received the request, Windows searches its internal data structures and the contents of the disks, and returns the results back to Notepad, which in turn shows the files and folders to you in the Open File window. After you have selected the file and pressed OK, Notepad prepares another request for opening the file you have selected, and sends it to Windows, as well. Windows reads the appropriate bytes of data from the disk and returns them back to Notepad, that shows them to you in its window. In reality, the procedure is much more complex: even a simple operation like the one described above may take hundreds of different requests sent back and forth between the program and Windows, before you can see the results on the screen. All such requests and actions are performed by the programs transparently to you, and you don't even have to know what is going on under the Windows hood, unless you really want to.

Folder Guard works by intercepting the system requests that Windows programs and Windows itself exchange between each other. Folder Guard analyses the requests and the data they contain, and uses the attributes of the files and folders that you have set up with Folder Guard to allow or deny such requests. For example, if you designated a file to be read-only, and some program sends a request to read information from this file, Folder Guard allows such request to go through without intervention, and passes the results from Windows back to the program. If, however, a program sends a request to write some data into such file, Folder Guard intercepts it, and returns it back to the program without passing it to Windows. This prevents the file from being overridden (as per the read-only attribute), and makes the program display an error message such as "Access denied" or similar.

That's how Folder Guard works.

Folder Guard is currently available in the following editions:

Folder Guard 32-bit Edition
for Windows Vista, XP, 2000 (32-bit)

This edition is for the 32-bit versions of Windows such as Vista, XP, Server (all 32-bit editions). It is also backward compatible with Windows 2000. This edition cannot be used with Windows 95, 98, Me, or Windows NT 4.0 or any other older version of Windows.

Folder Guard x64 Edition
for Windows Vista, XP x64 (64-bit)

This edition is for the 64-bit versions of Windows such as Windows Vista or XP x64 (all 64-bit editions). This edition cannot be used with any of the 32-bit versions of Windows.

Folder Guard Professional Edition
for Windows Vista, XP, 2000, x64 (32- or 64-bit)

This edition combines the 32-bit and x64 editions of Folder Guard in one convenient package. When installed on the 32-bit versions of Windows such as Windows it offers the same functionality as Folder Guard 32-bit Edition. When installed on the 64-bit (x64) versions of Windows, it works in the same way as Folder Guard x64 Edition. This edition cannot be used with Windows 95, 98, Me, or Windows NT 4.0 or any other older version of Windows.

Notes

You can have more than one edition of Folder Guard installed on the same computer, but only one of these editions can be active at any given time: if you enable the protection with one edition, the other one will become inactive.

Version 7.92 (January 5, 2008)



Version 7.91 (February 26, 2007)

  • Many commands (such as the unlocking passwords, the hot key, and others) no longer work correctly in the stealth mode. The only way to disable the protection in the stealth mode is to use the Emergency Recovery utility.

  • The Emergency Recovery procedure has been improved: now if it detects that the protection is in effect when you run it, it only attempts to disable the protection first, without resetting the password. Only if you click on the Forgot your password link it would attempt to erase the password.

  • A minor problem has been corrected that prevented the permissions from being applied after the computer was restarted.

  • Several minor improvements and corrections have been made.


Version 7.9 (January 25, 2007)

  • Compatibility with Windows Vista has been implemented.

  • Several minor improvements and corrections have been made.


Version 7.82 (July 31, 2006)

  • Several minor improvements and corrections have been made.


Version 7.8a (April 20, 2006)

  • A problem has been corrected that caused a computer lock-up in some situations.


Version 7.8 (April 7, 2006)

  • A new silent install command has been implemented.

  • The protection driver has been optimized to improve its speed and stability.

  • The domain user acocunts can now have the user-specific restrictions.

  • A problem has been corrected that caused the permissions not to be applied correctly in some situations.

  • Several other minor improvements and corrections have been made.


Version 7.7 (March 17, 2006)

  • A new x64 Edition of Folder Guard has been created. Also, the support for Windows x64 has been added to the Professional edition, and support for Windows 98, Me has been removed from it.

  • A new option to display a message asking to lock the unlocked folder back when closing the folder's window has been added.

  • The password prompts are now protected from the key-logging utilities.

  • The automatic check for updates has been implemented.

  • The "one-time passwords" are no longer supported.

  • Several other minor improvements and corrections have been made.


Version 7.6 (June 20, 2005)

  • A minor problem has been corrected that caused the unlocked folders not to lock back automatically when the user logs off.

  • A minor problem has been corrected that caused the message "Could not unlock the item" to be shown when unlocking a file via a password-protected shortcut.

  • A prompt to disable all Folder Guard Advisor messages is now shown when you run Folder Guard for the first time.


Version 7.5a (May 23, 2005)

  • A minor compatibility problem between Folder Guard and PerfectDisk has been corrected.


Version 7.5 (May 10, 2005)

  • A new option has been implemented: Auto-lock folders when closing the browsing window or program, that makes Folder Guard to lock the unlocked folder automatically for you when you close the window that you used to unlock the folder.

  • A minor problem has been corrected that caused an error in Folder Guard at Windows startup on some systems.


Version 7.4 (April 3, 2005)

  • A minor problem has been corrected that caused the Import Working Set command not to work properly in some situations.

  • It's no longer necessary to restart the computer before proceeding with the uninstall operation: the files that are in use by Windows will be deleted automatically after you restart Windows next time.


Version 7.3a (March 14, 2005)

  • A minor problem has been corrected that caused the "hidden" attribute to be applied incorrectly in some situations.


Version 7.3 (March 5, 2005)

  • A problem has been corrected that caused a buffer ovberrun error message to be displayed by some third-party products when the Protect the driver from Task Manager option of Folder Guard was enabled.

  • A problem has been fixed that caused the Expand/Compact command not to compact folders that had no no-default restriction attributes.

  • Several other minor problems corrected and improvements made.


Version 7.2a (November 22, 2004)

  • A problem has been corrected that prevented the use of the User's Guide from within the program.


Version 7.2 (October 25, 2004)



Version 7.1 (September 1, 2004)

  • A new protection option added: Don't ask for password when locking folders or enabling protection.

  • A problem corrected: if installed on a Windows XP/2000/2003 computer on which the creation of the old-style 8.3 file names had been disabled by the user, Folder Guard did not operate properly. The installation utility of Folder Guard now detects this condition.

  • A problem with the Export Working Set command has been corrected that in some cases did not configure the target computer to automatically enable its protection after restart.

  • A problem has been corrected that might have caused the "blue screen" error on some systems.


Version 7.0 (August 1, 2004)

  • The XP and Classic editions of Folder Guard have been created; the Standard edition has been eliminated.

  • The User's Guide has been rewritten from scratch and is in the HtmlHelp format now.

  • The hot key and taskbar icon have been implemented.

  • The stealth mode of operation is now possible.

  • Back by popular demand: the permissions command can now be used with Windows XP/2000/2003 versions, too.

  • The Emergency Recovery Utility has been added.

  • An option not to display the password prompt for the locked folders has been added.

  • Many existing commands have been simplified: the Quick Start Wizard is now more straightforward; the Edit and Attributes menus have been merged into one Protect menu; the administrator's password has been merged with the Master Password; several rarely used commands (Build, Cut, Copy, Paste, etc.) have been eliminated; etc.

  • The registration reminder screen is now not displayed during the 30 days of the evaluation period.

  • The Filter Properties dialog box has been redesigned and the maximum size of the filter fields has been increased from 256 characters to 60,000.

  • Several other minor improvements made and problems corrected.


Version 6.0 (December 30, 2003)

  • Updated and improved user interface, with the high-color icons, support for Windows XP controls, and more.

  • Updated and improved Setup utility, that now automatically creates a system Restore point when you install Folder Guard on Windows XP.

  • Quick Start Wizard has been added, to guide you through the steps necessary to protect the folders, set up the passwords, and configure Folder Guard to protect your computer.

  • You can now skip the protection settings checkup procedure at exit of Folder Guard.

  • A new password encoding SHA1-based algorithm is now used. The old passwords are still recognized by the new version, but if you set up a new password, even using the same word or phrase, the new algorithm is used to encode it.

  • If an attempt is made to open a folder protected with the Unlocking Password, the password prompt is now displayed on the screen, instead of showing the Access Denied or a similar message.

  • The stability of the driver has been improved: several problems have been corrected which caused the "blue screen" errors to occur in some situations.

  • A much smaller, less obtrusive registration reminder is now displayed during the evaluation period.

  • Several other minor improvements made and problems corrected.


Version 5.5 (January 1, 2003)

  • Automatic re-enabling of the protection after a period of user inactivity has been implemented.

  • A compatibility problem with McAfee Antivirus software has been solved.

  • Several other minor problems corrected.


For the list of changes made in the versions prior to 5.5, please contact our customer support.

Folder Guard 32-bit Edition is designed for the 32-bit versions of Windows XP, Vista and similar versions of Windows (such as Windows Server, Windows Media Center Edition, etc.). It is also backward compatible with Windows 2000. Folder Guard 32-bit is NOT compatible with Windows 95, 98, Me, Windows NT 4.0 or any older version of Windows.

Folder Guard x64 Edition is for the x64 versions of Windows Vista and XP. Folder Guard x64 is NOT compatible with the 32-bit versions of Windows.

Folder Guard Professional Edition is designed for both 32-bit versions of Windows (starting with Windows 2000) and x64 Windows editions. It is NOT compatible with Windows 95, 98, Me, Windows NT 4.0 or any older version of Windows.

There are no special requirements or recommendations except the obvious one: the better processor and more RAM your computer has, the better Folder Guard will perform.

  • Login to Windows as the administrator, or as a power user. If you login as a regular or limited user, you may not be able to install or use this software.

  • To begin the installation, simply run the installation file. If you do not have the installation file, please visit our web site to download the latest version:

    http://www.winability.com/download/

  • Note that if you have a previous version of this software already installed on your computer, the installation utility may prompt you to restart the computer, in order to be able to replace the files currently in use by Windows.

  • The installation program will walk you through the process of setting up Folder Guard. You will be prompted to read and accept the End User License Agreement, and to select the installation options such as the folder where to copy the files.

  • After you press the Finish button, the installation program will copy the files into the specified folder and configure Windows for using Folder Guard.

  • IMPORTANT: Make a backup copy of the installation file of Folder Guard that you have downloaded from our web site, as well as a copy of the message with your license key, on a floppy or other removable disk, because if you ever need to reinstall the software, you will need both, the installation file and your licensing information to install the program in the fully-licensed mode. It's not enough to store the files on your hard disk, because when (not if) it crashes, you will lose the files. (Yes, hard disks do crash, believe us!) We provide for download from our web site the latest versions of the installation files only. When we release an updated version, we remove the older version from the download area, so the installation file with the version that you have purchased may not be available for download in the future. Remember, it's your responsibility to backup your important files! If you do misplace your license key or the installation file that we no longer offer for download, please use this link to order a replacement:

    http://www.winability.com/lost_file_or_key/

To completely uninstall Folder Guard, it's not enough to simply delete its program files from the installation folder. To completely remove Folder Guard from your computer, follow the instructions below.

IMPORTANT: If your computer is configured for several user accounts, login into the same user account that you were logged in when you installed Folder Guard. If you use Windows XP Fast User Switching, log off from all other accounts before trying to uninstall Folder Guard.

NOTE: If you have enabled the stealth mode of operation of Folder Guard, it has hidden the Uninstall Folder Guard command from the Start menu, as well as from the Add/Remove Programs list of Windows Control Panel. To restore these commands, run Folder Guard and use its Tools - Advanced - Stealth Mode command the turn the stealth mode off, then exit Folder Guard before continuing.

Method 1

Click on the Start button at the bottom of your screen, choose Programs - Folder Guard - Uninstall from the menu, and follow the instructions.

Method 2

Open Windows Control Panel, open the Add/Remove Programs item and use it to uninstall Folder Guard.

Method 3

Run the Setup utility of Folder Guard with the command line switch /U. That is, choose Start - Run, and enter the following command:

If you use a 32-bit version of Windows:

"C:\Program Files\Folder Guard\Setup.exe" /U

If you use a 64-bit version of Windows:

"C:\Program Files\Folder Guard\Setup64.exe" /U

(This command assumes that you have installed Folder Guard into the folder C:\Program Files\Folder Guard; if not, please enter the correct path to Setup.exe (or Setup64.exe) in the command line above. Also note the double quotes around the path, as well as a space character in front of the /U switch, they are important parts of the command and necessary for it to work properly).

You will be prompted to enter your Master Password before the uninstalling could be continued. This is necessary to protect Folder Guard from being removed by unauthorized users. If you forget your password, use the Emergency Recovery Utility to reset it.

You may also be prompted to restart your computer, in order to deactivate Folder Guard and release the files that are currently in use by Windows, before they can be uninstalled.

We provide free online support to the licensed customers through our web site. The prospective customers evaluating the software are welcome to use our support area, too. Before requesting technical or customer support, however, please check out this manual, it may already contains the answer to your question. In particular, be sure to look through the FAQ (Frequently Asked Questions) section of this guide.

Please DO NOT send us email messages, because due to the spam, worms, and spyware problems the reliability of email has diminished greatly in the last few years. The email messages that you send us often do not arrive, and if they do, our replies are often get blocked by your anti-spam or anti-virus software, causing frustration and unnecessary delays in communication.

Please visit our web site to request technical or customer support:

First of all, a word of caution: Folder Guard is a powerful tool that should be used responsibly. Using it thoughtlessly, you can inadvertently make your computer inaccessible. For example, it is very easy with Folder Guard to prevent access to the Desktop folder, and make Windows start with a blank screen after you reboot. To avoid such surprises please do the following:

In order to start protecting files and folders with Folder Guard, you need to run it and use its main window to specify which files and folders you want to be protected, and how exactly you want to protect them:

Specifying the protection attributes:

To protect a folder, you need to assign the desired protection attributes to that folder, using the commands of Folder Guard. For example, if you want to stop other users from opening the files from the folder, you would assign the No Access attribute to it. If you want the folder to appear empty, as if there were no files in that folder, you would assign the Empty attribute, and so on. (Read here the descriptions of all protection attributes you can use with Folder Guard.

Enabling the protection:

While you are configuring the protection using the commands of Folder Guard, no actual protection is taking place yet. To start protecting the folders and other resources, you need to enable the protection. You can do in several ways: by using the Tools - Enable Protection command of Folder Guard main program, or, if Folder Guard is not running, by pressing the hot key of Folder Guard, or by using the Start - Programs - Folder Guard - Toggle Protection command. You can also configure Folder Guard so that the protection would be enabled automatically for you at Windows startup.

Quick Start Wizard:

Folder Guard now includes Quick Start Wizard that can guide you through the steps necessary to protect your folders and configure the startup options properly. If you are not familiar with Folder Guard, it's highly recommended that you would to start using Folder Guard via the Quick Start Wizard: it can considerably reduce the time necessary to configure Folder Guard properly.

Folder Guard now includes Quick Start Wizard that can guide you through the steps necessary to protect a folder on your computer. It is not necessary to use Quick Start Wizard; you can achieve the same effect using the commands of Folder Guard directly. However, if you are not familiar with Folder Guard and want to get up to speed with it quickly, Quick Start Wizard is a good starting point.

Quick Start Wizard is initially configured so that it automatically starts whenever you run Folder Guard:

The Welcome page of Quick Start Wizard

If you don't want it to start automatically, simply clear the Run Quick Start Wizard every time I start Folder Guard option on the Welcome page. You can run Quick Start Wizard anytime by choosing the Tools - Quick Start Wizard command from the main menu of Folder Guard.

When you press the Next button, Quick Start Wizard prompts you to select the folder you want to protect:

Select the folder to protect

Note that at this point no protection is actually taking place: the Quick Start Wizard is only gathering information about the folder you want to protect and how exactly you want to protect it. You will be prompted to enable the protection at a later point.

The next page lets you specify the protection method for the folder you've selected:

The folder protection method

If you want to lock the folder with a password, select the first option offered, and also click on the button to set up the unlocking password for the folder. In this case, Quick Start Wizard will apply the empty and no access attributes to the folder for you, to make it restricted.

The second option lets you specify the protections attributes of the folder, such as read-only, or hidden. If you want to hide the folder, or to make it read-only, then select this option and the following pages will let you to select the desired protection attributes for the folder.

At this point Folder Guard is ready to start protecting the folder according to the choices you have made. Or, you can choose to set up the protection for another folder (or even start over from scratch) before enabling the protection:

Enable protection of the folders

Finally, Quick Start Wizard asks you whether you want to configure your computer so that the protection will be enabled automatically for you each time Windows starts up:

Enable protection at Windows startup

Normally you would want to select the first option; however, if you want to enable the protection only temporarily, select the second option instead.

Note that you can run Quick Start Wizard again, after closing it, by choosing the Tools - Quick Start Wizard command from the main menu of Folder Guard.

Note also that Quick Start Wizard lets you perform only the most basic operations. For the more complex tasks, such as protecting files, setting up different protection settings for different users, configuring the filters, etc., use the commands of Folder Guard directly.

In order to protect files and folders with Folder Guard, you need to run it and use its main window to specify which files and folder you want to be protected, and how exactly you want to protect them:

The main window contains the following areas:

Title bar:

Like the title bars of most other windows, it shows the name and edition of the application (Folder Guard Pro, Folder Guard XP or Folder Guard x64), and the name of the file currently opened (MyRestrictions in this example). If you've made changes to the current configuration that have not been saved yet, a star character * is displayed next to the name of the file.

Menu bar:

The menu bar provides access to the commands of Folder Guard.

Toolbar:

The toolbar offer quick access to the frequently used commands of Folder Guard. You can add to or remove buttons from the toolbar using the View - Customize Toolbar command.

User list:

The User List contains the login names of the users for whom you can set up user-specific restrictions. If it is not shown, you can turn it on using the View - User List command. You can also add to and remove user names from the User List using the User List command on the Protect menu.

View bar:

You can use the View bar to quickly switch between the Folders and Filters views of Folder Guard. The Folders view shows the drives and folders that your computer has, along with their attributes, as a tree-like structure. The Filters view displays the list of the filters.

Status bar:

Status bar is used to display information messages, as well as the name of the user currently logged in to the computer (Admin in this example.)

To protect a file or a folder, you need to assign the desired protection attributes to it, using the commands of Folder Guard. The attributes used by Folder Guard are divided into two groups - the access attributes and the visibility attributes:

Access attributes:

No Access
If assigned to a file, this attribute prevents opening the file, (or running the file, if it is a program). If assigned to a folder, it prevents opening the files this folder or any of its subfolders contain, unless you have allowed access to the specific files or subfolders, by assigning different access attributes to them. This attribute also prevents saving any modifications to the file(s) into the same folder, creating, deleting, or renaming files or subfolders. If the Don't allow to open folders with the 'No access' attribute option is enabled, this attribute will also prevent opening the folder it is assigned to.

Read-only
If assigned to a file or a folder, this attribute allows opening the file, or files in the folder, so that the contents of the file(s) may be viewed by the user, but prevents saving any modifications to the file(s) into the same folder. It also prevents creating, deleting, or renaming files or subfolders. If assigned to a folder, this attribute applies to all files and subfolders under that folder, unless you have assigned different attributes to specific files and/or subfolders of that folder.

Full access
If assigned to a file, this attribute allows full access to it. If assigned to a folder, it allows for full, unrestricted access to the folder itself, as well as to the files and subfolders it may contain, unless specific files or subfolders have been restricted by you with their own access attributes. All operations, such as opening and saving files, renaming or deleting them, modifying their properties, etc., are permitted, as if Folder Guard were not present in the system.

Visibility attributes:

Hidden
If assigned to a file or a folder, this attribute unconditionally hides the file or folder itself (and all files and subfolders the folder may contain).

Empty
If assigned to a folder, this attribute leaves the folder itself to be visible in an Explorer window, but hides all files and subfolders contained therein, unless you have explicitly set a file or a subfolder of this folder to be visible. This attribute cannot be assigned to a file.

Visible
If assigned to a file or a folder, this attribute makes the file, or all files and subfolders contained in the folder, as well as the folder itself, to be visible in an Explorer window, as if Folder Guard were not present in the system.

The "default" attributes:

If a folder has one of the above attributes, its name is displayed in the bold typeface. For example, after you have installed Folder Guard but before you've made any changes to its configuration, some of the system folders are automatically assigned the visible and full access attributes for you, that's why their names are bold.

Most other folders, however, don't have any attributes assigned to them yet, that is they have the default attributes. The names of such folders are displayed in Folder Guard window using the regular (not bold) typeface. The visibility of (and access to) such folders is determined by the attributes of their parent folders: if the parent folder is restricted, its files and subfolders become restricted, as well, unless you have assigned different attributes to the files or subfolders, which would override the attributes inherited from the parent folder.

Note that each folder can have different attributes assigned to it for different users of your computer, so that the folder would be protected differently for each user.

The easiest way to set up a folder to be hidden is by using the Quick Start Wizard. You can also achieve the same result by using the commands of Folder Guard directly, as described below.

To hide a folder with Folder Guard, simply assign the hidden attribute to the folder in question. You can do that by selecting the folder in the main window of Folder Guard, and then choosing the Visibility - Hidden command from the Protect menu. (You can also use the toolbar or the right-click menu to use this command).

For example, if you want to hide the folder named A Private Folder located on the C: drive, select that folder, and click on the Hidden button on the toolbar:

Notice that after you have assigned the hidden attribute to the folder, its icon became dark, to indicate its hidden status. (If you decide to remove the attribute you have just assigned, simply click on the same toolbar button again, and the attribute will be removed from the folder, or use the Visibility - Default command on the Protect menu.)

In addition to the hidden attribute, it's also a good idea to protect the folder with the no access attribute as well, to make other users unable to open files from that folder even if they cannot see them (such as through the previously created shortcuts, for example). When you do that, the "stop sign" icon appears in front of the folder, as shown on the screenshot above, to indicate the access restrictions of the folder in question.

Now enable the protection, and the folder you've made hidden will become invisible to Windows Explorer, Windows applications, MS-DOS programs, command prompt, as well as to the Open/Save As dialogs used by the applications to open and save documents. All files and subfolders that might be located in that folder will be hidden, too, until you disable the protection.

Note that you can set up the folder to be hidden for some users and be visible to others: simply select the user account in question in the User List, and then apply the desired visibility attributes to the folder.

The easiest way to password protect a folder with a password is by using the Quick Start Wizard. You can also achieve the same result by using the commands of Folder Guard directly, as described below.

To protect a folder with a password, simply use the Unlocking Password command from the Protect menu. (You can also use the toolbar or the right-click menu to use this command).

For example, if you want to protect the folder named A Private Folder located on the C: drive, select that folder, and click on the Unlocking Password button on the toolbar:

Password protect folder, lock folder with password

Enter the desired password into the box, and then confirm it. Notice that folders with unlocking passwords are marked with the key images, shown next to their icons in the Folder Guard window.

Note that creating an unlocking password for a folder is NOT ENOUGH to protect it! In addition to setting up an unlocking password, you should also restrict access and/or visibility of the folder, too, by assigning appropriate protection attributes to the folder. This is necessary because the attributes determine how the folder should be restricted while it is locked. The most common way to restrict a folder is with the No access and Empty attributes. The first one is to prevent users from opening files and documents from the locked folder. The second attribute will make the locked folder appear empty, without revealing its contents to the user, until the unlocking password is entered. As a matter of fact, if the folder you are assigning the password to does not have any restricting attributes, Folder Guard will prompt you to assign the No access and Empty attributes to the folder when you are using the Unlocking Password command. It is not the only way to restrict the folder, however. For example, if you want the folder to be read-only when it is locked with the password, assign the read-only attribute to it. This way, users who don't know the unlocking password will be able to open documents from that folder, but they will be prevented from saving modifications to such documents. Only someone who knows the password can unlock it (that is, remove the restrictions from the folder), and thus make it possible to save changes to the documents located in that folder.

Now enable the protection, and try to open the folder you've protected with password, as well with the No access and Empty attributes. If you attempt to open the folder by double-clicking on it, a prompt for the password should appear on the screen:

Enter the password to unlock the folder

(You can choose not to display such a prompt, by selecting the Don't show password prompts for the locked folders option on the Settings - Options dialog box of Folder Guard. You can also make Folder Guard to show the Lock or Unlock commands on the Windows right-click menu, if you want.) Only if you enter a valid password, the folder will be unlocked. All its files and subfolders will become unprotected, too, unless you have protected a subfolder with its own unlocking password: all such files and subfolders must be unlocked independently.

Note that the password prompt is displayed only when you attempt to open the protected folder by double-clicking on it in a folder window, or in the Open/Save As dialog boxes. If you use some other means of opening a folder, such as via a shortcut, or by selecting the folder in the folder tree of Windows Explorer, or via some other program, an Access denied or similar message would be displayed instead of the password prompt.

How to lock the folder back?

Folder Guard offers you an option to automatically lock the folder back when you close the folder window or exit the program that you used to unlock the folder. (This is the default choice that Folder Guard uses when you install it.) When this option is enabled, Folder Guard "remembers" the folder window or program that you used to unlock the folder, and locks the folder back automatically for you when you close that window or program.

If you don't want Folder Guard to lock the folder back automatically as described above, you can deselect this option using the Settings - Options window of Folder Guard. In such a case, the unlocked folder will remain unlocked until you explicitly lock it back yourself.

To lock the folder back, you can use any of the following methods:

  • If the main Folder Guard application is running, use its Lock all folders or Enable Protection commands on the Tools menu to lock all previously unlocked folders.

  • Right-click on the folder and select the Lock command from Windows shortcut menu. Note that you must enable the Add the Lock/Unlock commands to the Windows shortcut menu option on the Settings - Options dialog box for the Lock command to appear on the menu.

  • If the main Folder Guard application is not running, press the hot key combination, or use the Start - All Programs - Folder Guard - Toggle Protection command, and select either Enable the protection or Lock all folders command. Either command will lock all previously unlocked folders and make them protected again.

You can also configure Folder Guard to enable protection and lock unlocked folders after a period of user inactivity, when the screensaver wakes up. (See the description of the Settings - Protection window for more information).

How to remove the password from the folder?

If at some point you've decided that you no longer want the folder to be protected by Folder Guard, you can do the following: in the Folder Guard window, right-click on the folder in question and choose the Unprotect command from the shortcut menu. This will remove the unlocking password from the selected folder, and also reset all restricting attributes of the folder to Default. In essence, this will return the folder into the state it was before you started protecting it.

If you don't want to remove the restricting attributes from the folder, and only want to remove the unlocking password, you can do it by assigning an empty unlocking password to it. That is, use the Unlocking Password command on the Protect menu, or right-click on the folder and choose the Protect with a password command from the shortcut menu, to display the window asking you to enter a new password for the folder. Leave the new password box empty and press OK, and that will erase the existing unlocking password from the selected folder, while leaving other restricting attributes intact.

Can I password protect files and programs?

Yes, you can protect with passwords not only folders, but also documents and programs. Simply use the Add file command on the Protect menu to add the file in question to the Folder Guard window, and then use the Unlocking Password command, just like with the folders. Note, however, that the password prompt would appear only if you attempt to open the protected file directly, by double-clicking it in a Windows Explorer window or in an "Open/Save As" dialog box. If you use some other way (such as through a toolbar button or a menu) to open the password-protected file, an Access denied or similar message would be displayed instead of the password prompt.

If you usually access the protected file or folder via a desktop shortcut, you may want to protect both the shortcut and the target file with the unlocking password. Then, when you attempt to open the shortcut, the password prompt is shown on the screen. If you enter the unlocking password for the shortcut correctly, both the shortcut and the target file or folder will be unlocked at the same time.

Does the password protection work over a network, too?

If your computers are connected into a network, you can lock a shared folder with a password, (by installing Folder Guard on the server where the shared folder is physically located), but unlocking such a folder over the network is not currently supported: if someone attempts to open the protected folder via the network, such a user would simply be denied access to the folder, the password prompt will NOT be displayed to such a user. To be able to unlock the folder, the user must login to the server locally or via some remote administration tool. Please refer to the Protecting networked computers page for more information.

With Folder Guard, you can restrict access not only to folders, but also to individual files and programs. If you want to protect a file or a program, first use the Add file on the Protect menu to add the document file or program's executable file in question to the list of objects displayed in the main window of Folder Guard. After that, the procedure of protecting the file is virtually the same as with folders: just assign the desired protection attributes to it, set up an unlocking password for the file, if needed, and so on.

For example, suppose you want to protect access to Internet Explorer. First, use the Add file on the Protect menu to browse for its program file iexplore (or iexplore.exe), usually located in the folder C:\Program Files\Internet Explorer. This will add the file iexplore.exe to the main window of Folder Guard:

Now assign the appropriate protection attribute to this file. For instance, if you want the users to be able to use Internet Explorer, but not be able to delete it, assign the read-only attribute to the file iexplore.exe. Or, if you don't want users to be able to run Internet Explorer at all, assign the No access attribute to it (as shown on the screenshot above). Now enable the protection, and from now on any attempt to open Internet Explorer will be interrupted with the Access denied or similar message. To allow yourself to use Internet Explorer, simply press the hot key or disable the protection in some other way.

When protecting programs, be careful not to protect access to some system file used by Windows, because doing so may cause Windows not to work properly! For example, do not restrict access to the file explorer.exe, because this file is used by Windows not only to browse your hard disk, but also to display your computer desktop! If you don't want users to browse certain folders, protect the folders themselves, rather than Windows Explorer.

Keep in mind that if you want to restrict access to a program or a file that you usually open via a shortcut, then you should protect the target file, not the shortcut! If you only restrict access to the shortcut, then users would still be able to open the file or run a program directly, bypassing the shortcut.

With Folder Guard, you can set up different restrictions for different users of your computer. For instance, you can make a folder visible when you log in to Windows, but remain hidden when some other user logs in. Folder Guard uses the built-in Windows user accounts, that is it distinguishes between different users by the names they enter when they log in to computer.

To control which restrictions should apply to which users, use the User List of Folder Guard. (If it is not visible when you open the main window of Folder Guard, choose the View - User List command from the menu to make it visible.)

The User List originally contains only one item: Default. This user name is used to set up the restrictions that would apply to all users for whom no user-specific restrictions have been set up. To create restrictions that would apply to specific users, first use the User list command on the Protect menu to add the user names to the User List. Then, to set up the restrictions for a user, simply select that user's name in the User List, and assign the desired attributes to the folders: they would be applied to the selected user only.

For example, if you want to hide the folder named A Private Folder located on the C: drive from all users except yourself, first select the Default name in the User List, and apply the hidden and no access attributes to this folder:

(More information on how to hide folders with Folder Guard is available here.) Now use the User list command on the Protect menu to add your login name to the User List. (In this example we assume that your login name is Admin.)

Finally, select your user name (Admin in this example) in the User List and assign the visible and full access attributes to the same folder:

That's it, the user-specific protection of the folder has been set up! To see how the folder will be protected for each user, simply select the user's name in question in the User List, and the images displayed next to the folders will show how each user will be able to see and access each folder.

Of course, if you have other users, you can set up restrictions specific to them, too. For instance, if you want some users to be able to see and open files from your private folder, but not to save any changes to them, you would assign the read-only attribute to the folder for such users. If you don't assign any user-specific attributes to a folder, then when such a user logs in to the computer, the restrictions specified for the Default user would apply.

With Folder Guard, you can restrict access not only to files and folders, but also to many other Windows resources, such as Start Menu, Control Panel, Desktop, etc. To set up such restrictions, use the Permissions command on the Protect menu of Folder Guard, which opens the Permissions dialog box:

For the detailed description of the permissions offered by Folder Guard, please refer to the description of the Permissions dialog box.

Note that if your computer is configured to use Group Policies or System Policies, the policies set up with such tools may contradict the permissions you set up with Folder Guard. For example, you might have used Folder Guard to allow the use of the Run command for a particular user, but the existing Group Policy for that user may still restrict the user from using that command. To avoid such problems, use either Folder Guard or another tool to manage the permissions, but not both. If you would rather use Group Policies or the System Policy Editor to manage the policies, you can instruct Folder Guard to ignore any permissions you have set up with it by clearing the Enable Permissions option on the Settings - Protection dialog box.

When you need to work with the files located in the folders protected with Folder Guard, you need to temporarily disable the protection. After you are all done working with the protected files, you need to turn the protection back on, to stop the unauthorized users from opening your private files.

If you have created an unlocking password for your personal folder, you can unlock that folder alone, while keeping the rest of the system protected. Or, you can enable or disable the protection of all your files and folders at once, using any one of the following methods:

  • If the main application of Folder Guard is currently running, you can use its Tools - Enable/Disable Protection command to turn the protection on and off, as needed.

  • When you are closing the main application of Folder Guard, it prompts you whether you want to start protecting the folders:

  • Alternatively, you can use the Start - Programs - Folder Guard - Toggle Protection command to change the status of the protection from on to off and back. Note that you must enter a valid master password before the Toggle Protection command lets you disable the protection.

  • If you have created a hot key, you can press the hot key combination, and after entering the master password, you can enable or disable the protection, too.

  • Yet another way of enabling or disabling the protection is via the taskbar icon, if you have enabled it and selected to add the Open command to its menu.

  • Finally, you can change the status of the protection, as well as lock and unlock individual folders by running the FGKey utility with the appropriate command line switches.

If you disable the protection, it will remain disabled until you enable it back on. You can also use the Enable protection at Windows startup option to make the protection to be enabled automatically whenever you restart Windows. Also, you can use the Re-enable protection after screen saver is active option of Folder Guard to make the protection enabled automatically after a period of user inactivity.

When you run Folder Guard for the first time, it prompts you to choose the Master password. This password is used to protect Folder Guard from being used by the unauthorized users: only users who know the Master password can run Folder Guard and change the protection settings of your computer:

You also need to enter this password when you upgrade or uninstall Folder Guard, again, to stop unauthorized users from removing Folder Guard from your computer without your permission. Finally, when you press the hot key or use the Start - All Programs - Folder Guard - Toggle Protection command, you are prompted to enter the Master password, as well.

If you forget the Master password, click on the Forgot your password? link to perform the Emergency Recovery procedure (that is, to erase the password and let you log in to Folder Guard).

Note that Folder Guard uses several other passwords, as well, such as the unlocking passwords that you can use to unprotect specific folders or files. If you forget any of such passwords, simply run Folder Guard and use its commands to set up new passwords for such objects.

When choosing the passwords, keep in mind that the length of a password must be between 1 and 64 characters (at least 6 characters is recommended). Any characters are allowed, including spaces and punctuation. The passwords are case sensitive: If, for example, you have chosen the word Apple as the password, Folder Guard will not accept the words APPLE or apple as the valid passwords.

Note that the passwords used by Folder Guard are stored on your computer in the hashed form only (based on the SHA-1 secure hash algorithm). In other words, it is virtually impossible for someone to discover the text of the passwords by analyzing the contents of your hard drive.

Folder Guard can protect its passwords from malicious programs that intercept passwords by "stealing" the text you enter into the password prompts. You can enable or disable this protection by changing the Protect password prompts from the "password stealers" option. This option is enabled by default.

When this option is enabled, Folder Guard provides a visual indicator of the protection from the password stealers by showing the diagonal lines in the background of the password entry box:

When the anti-stealer protection is enabled, Folder Guard takes measures to stop the password stealers from obtaining the text of the password that you have entered into the password prompt. Keep in mind that such a protection is not absolute: for example, a spyware could install a dedicated device driver for your keyboard and intercept the keystrokes even before they reach the password prompt. The best way to ensure you are protected from such threats is to have a dedicated anti-virus/anti-spyware software installed and keep it up to date. The protection provided by Folder Guard should only be considered as a secondary (not the primary) line of defense.

Note also that Folder Guard protects from the password stealers only its own passwords, when you enter them into the password prompts displayed by Folder Guard itself. If you enter a password into any other program, or into a web page, Folder Guard does not perform any special protection of such a password. This is yet another good reason to keep your anti-virus software enabled and not to rely on Folder Guard alone to keep your passwords safe from spyware.

There may be a situation when the protection from the password stealers may interfere with other password tools you may be using. For example, if you use a software tool or a fingerprint reader that fills out the password forms for you automatically, then such a tool may not be able to enter your Folder Guard password for you. In this causes a problem, you can choose to either enter your Folder Guard password manually, or disable the Protect password prompts from the "password stealers" option to turn off such a protection. If the anti-stealer protection is disabled, Folder Guard uses the regular password prompt boxes (without the diagonal lines in the background) when you are entering its passwords:

Folder Guard lets you create a hot key, that is, a combination of the keys that you could press at any time to quickly open Folder Guard or toggle the protection on and off. Having a hot key set up is essential if you are going to use Folder Guard in the stealth mode, because it is the only way to run Folder Guard when the protection is enabled in that mode. Even if you are not using the stealth mode of operation, it is still highly recommended to set up a hot key, to have an alternative way of running Folder Guard.

To set up the hot key, run Folder Guard, choose the File - Settings command from its menu, select the hot key page, and enter the desired hot key combination there. Note that when the main window of Folder Guard is on the screen, the hot key is not functioning. However, if you press the hot key combination after you exit Folder Guard, you will be prompted to enter the Master password, and then one of the following screens will appear on the screen:

If the protection is not currently enabled, the following window is displayed:

This window lets you enable the protection that you have previously set up with Folder Guard. You can also choose to run Folder Guard, if you want to change the protection settings. If you press Cancel, the window will be closed leaving the protection disabled. (To enable the Remember the password option on this window, use the Options - Settings command of Folder Guard.)

If the protection is already enabled when you press the hot key combination, the following window is displayed:

You can choose to disable the protection, lock all folders that you might have previously unlocked, or run Folder Guard. If you press Cancel, the window will be closed leaving the protection enabled, as it was before you've pressed the hot key combination.

Note that in order for the hot key to keep operating after you reboot Windows, you must check the Enable protection at Windows startup option. If this option is not checked, then neither the protection, nor the hot key will be active after you restart Windows.

You can configure Folder Guard to display a small icon in the Windows taskbar notification area (next to the system clock), that would serve as a visual indicator of the status of the protection, and/or to give yet another way to quickly run Folder Guard, or to toggle the protection:

To set up the taskbar icon, run Folder Guard, choose the File - Settings command from its menu, select the Taskbar icon page, and choose the desired options offered there. You can select whether to display the icon or not, to hide the icon if the protection is in effect or make the icon image flash if the protection is disabled, select whether to display the full-color or the low-color image. Please see the description of the Taskbar icon dialog box for more information about the available options.

Note that in order for the taskbar icon to appear after you reboot Windows, you must check the Enable protection at Windows startup option. If this option is not checked, then neither the protection, nor the taskbar icon will be active after you restart Windows.

The files to keep the restrictions

Folder Guard uses the files with extension FGA (that stands for Folder Guard Attributes) to store the configuration of the protection that you have set up. The information stored in such files includes the protection attributes you have assigned to the files, folders and filters, the list of users you have added to the User List, the permissions you have set up for each user, as well as other related information. After you have set up the restrictions, Folder Guard prompts you to save the changes in such a file. (You can choose the name for this file, and the folder where it should be stored). When you run Folder Guard next time, it opens the previously used restrictions file for you. The name of the current restrictions file is displayed in the title bar of the main window of Folder Guard.

In most cases it is sufficient to have only one such file to store the restrictions, but you may create several such files, containing different restrictions, to be used on different occasions, if you wish. Note, however, that only one such file can be active at any given time: the last file that you have saved to the disk with Folder Guard. If you want a different file with restrictions to become active, open it with Folder Guard and choose the Save command from the menu. That will make that file active and use its restrictions to protect your computer.

Other files

When you save changes to the restrictions file, Folder Guard creates several other files in its installation folder, such as Default.FGD, FGuard.FGP, FGuard.UNM, etc. Folder Guard uses these files while protecting your computer; do not delete or modify them, because doing so may disrupt the operation of Folder Guard.

Folder Guard Advisor is designed to assist you while you are using Folder Guard. It detects some common situations that may require your attention and displays messages related to them. For example, the following message is displayed when you attempt to hide or restrict access to your Desktop folder:

The window displayed by Folder Guard Advisor contains the Don't show this message again checkbox. If you check this box before closing the message window, this particular message will not be displayed again. If you decide later on that you want to see the messages that you have previously chosen not to show, use the Reset the Advisor messages command on the Help menu of Folder Guard.

Each message displayed by Folder Guard Advisor has the default reply button associated with it. This button is indicated by a dashed rectangle when the message is initially displayed on the screen. If you have chosen the Don't show this message again option for a particular message, the default reply will be assumed to be chosen by you for this message thereafter.

Note: Pressing the Enter key while a Folder Guard Advisor message is displayed is equivalent to choosing the first reply button (such as Do It or Yes). Pressing the Escape key has the same effect as choosing the second reply button (such as Ignore or No). Pressing the Space key is equivalent to choosing the button that currently has the focus (indicated by a dashed rectangle).

When you first run Folder Guard, it asks you whether you want to enable or disable Folder Guard Advisor:

If you are not familiar with Folder Guard, it's strongly recommended to press the Yes button to enable the messages. However, if you already know how to use Folder Guard, you can press the No button and Folder Guard Advisor will not show any of its messages anymore. If you don't want to be prompted again the next time you start Folder Guard, check the Remember my choice option on this window. If you later want change you selection, use the Enable/Disable the Advisor command on the Help menu of Folder Guard.

When deciding which folders you want Folder Guard to protect, consider the following issues:

  • The folder in which Windows is installed (usually C:\Windows) must NOT be restricted with the No access or Hidden protection attributes. The same applies also to the folders where the user profiles are stored (usually it is C:\Documents and Settings or C:\Windows\Profiles). As a matter of fact, Windows needs to be able to write data into the files located in such folders to operate properly; if you restrict access to such folders, it may cause Windows to display error messages or even fail to boot. Make sure you know how to reboot Windows in the "safe mode" before trying to protect such folders! Also, see below for some hints on how to protect such folders.

  • Most subfolders of the folders C:\Windows and C:\Documents and Settings must have their access attribute set no stronger than Read-only. You can try assigning the No access and/or Hidden attributes to such folders, but first make sure you have backed up your system and know how to use the "safe mode" of Windows.

  • Many Windows applications on your computer are installed into subfolders of the C:\Program Files folder. If you hide or restrict access to this folder or its subfolders, the applications installed there may become inaccessible.

  • If you assign the Empty attribute alone to a folder, it does not make the folder inaccessible. The contents of such a folder will be invisible for Explorer, but the user will still be able to access files in the folder by other means, such as shortcuts. To make the contents of a folder inaccessible, use the no access attribute as well.

Protecting the C:\Windows and C:\Documents and Settings folders

Special care must be exercised when protecting these folders. DO NOT apply the no access or hidden attributes to them, because this will prevent Windows from working! (Windows is just designed so that these folders must be accessible and visible, at least partially).

If you need to restrict other users from tampering with files located in these folders, then, first of all, backup your entire hard drive, if you have not done so before installing Folder Guard. It will save you hours of your time if anything goes wrong (and believe us, there are things that may go wrong when you are trying to protect these folders).

You may try to make the C:\Windows folder read-only, however keep in mind that Windows and some other programs need to be able to write information into the files kept in this folder in order to operate properly. For example, on Windows Me/98/95, the System.dat and User.dat files (the files used to store the contents of the system registry) are kept in this folder and are constantly updated by Windows while it is operating. As a result, if you assign the read-only attribute to this folder, a registry corruption error may be reported, and Windows may fail to work properly. To remedy this problem, add the REGSVR32 module name to the trusted programs list of Folder Guard. (This module is used by Windows Me/98/95 to write information into the registry files). Under Windows XP/2000/NT, the registry is organized differently (some parts of it are stored in the C:\Windows\System32\Config folder, others are stored under the C:\Documents and Settings folder).

Other programs may also need to write information into the C:\Windows and C:\Documents and Settings folders in order to work correctly. Also, most of the old 16-bit applications store their configuration data in the win.ini or other *.ini files. For example, the old-style File Manager, that is still available in Windows 95/98 as winfile.exe, uses the file winfile.ini, in the Windows folder, to keep its configuration data between sessions. To allow such programs access their configuration files, you need to set up special filters. In case of File Manager, create the following filter:

Apply to files:Except for files:
winfile.ini 
Apply to folders:Except for folders:
C:\Windows 
Apply to modules:Except for modules:
winfile 

and assign the full access attribute to this filter. It would make the C:\Windows\winfile.ini file fully accessible to File Manager itself (since its module name is winfile). If some other module attempts to access this file, the filter would not apply, and the read-only attribute of the C:\Windows folder itself would prevent any modifications to this file.

You may need to set up similar filters to allow other programs full access to their configuration files in the C:\Windows folder.

In addition, Windows uses some of the subfolders of the C:\Windows and C:\Documents and Settings folders to store its data, so you will need to mark such subfolders with the full access attribute. Examples of such subfolders are: Spool, Application Data, Cookies, Downloaded Program Files, History, msdownld.tmp, TASKS, TEMP, Temporary Internet Files, and others, depending on your configuration of Windows.

You may try to restrict the visibility of the contents of the C:\Windows folder by marking it Empty with Folder Guard. This may or may not work well for you, depending on Windows components and other software installed on your machine, so you will need to test your protection configuration well.

When restricting the visibility of the Windows folder, keep in mind the following:

  • Some subfolders of the Windows folder that are used by Windows itself (System, System32, Fonts, Profiles, Temp, etc.) must remain visible. You may try to mark some of them as read-only, though, but whether it works depends on other settings of Windows.

  • If you mark the C:\Windows folder with the Empty attribute, you may not be able to access the programs kept in this folder (including Explorer.exe, Notepad.exe, etc.). You should review the contents of this folder with Explorer before restricting it, and move the files that you want to be used into some other folder. If you do so, you may need to update the shortcuts pointing to those files, too.

  • If you restrict the C:\Windows folder for the default user, and Windows fails to work, you may try to restrict this folder for the non-default users instead.

The following recommendations will help you prevent others from bypassing the protection of folders performed by Folder Guard:

  • Restrict access to the Registry editing tools. A user can disable the protection by editing the Registry and then rebooting Windows. You can deny access to the Registry Editor by using permissions provided by Folder Guard, or by restricting access to the file RegEdit.exe directly. If you have third-party registry editing tools, you will need to restrict access to them, too.

  • Restrict access to the system tools. A user can disrupt the operation of Folder Guard by using the Msconfig.exe tool and other similar programs. You can restrict access to such tools with Folder Guard.

  • Restrict access to the direct drive access tools. A user can see the files protected with Folder Guard by using the tools that access the contents of the disks directly (that is, by bypassing the usual operating system services that most regular programs use). If you have such tools installed on your computer, you can restrict access to them with Folder Guard.

  • Enable the stealth mode of Folder Guard. This will hide Folder Guard files from other users. If operating in the stealth mode is not desirable for some reason, assign the read-only attribute to the installation folder of Folder Guard, to prevent other users from deleting or modifying Folder Guard files. (Note that when you create a new file with restrictions, Folder Guard assigns the read-only attribute to its folder for you automatically).

  • Prevent users from booting the computer with a system floppy disk. Most modern computers allow you to change the booting preferences by modifying the BIOS settings. You may also be able to protect the BIOS settings with a password to prevent others from changing them. The exact procedure of making changes to the BIOS depends on the model of the computer; please contact your computer manufacturer for the instructions specific to your system.

  • Prevent users from booting Windows in the "safe mode" or "command prompt only" mode. Because the protection is not normally enabled at Windows startup in either of these cases, it is important to restrict a user's ability to boot Windows in any of these modes.

  • Prevent modifications to the system files in the root folder on the boot drive (usually C:\). Mark the system files such as AUTOEXEC.BAT, BOOT.INI, Msdos.sys, with the read-only attribute, otherwise users can modify or delete them!

  • Prevent access to the System Restore tool of Windows XP. When you install Folder Guard on Windows XP, the Setup utility creates a system restore point. To stop other users from using the System Restore utility to remove Folder Guard through its system restore point, assign the no access attribute and (optionally) an unlocking password to the file rstrui.exe, usually located in the folder C:\Windows\System32\Restore.

Folder Guard can be used to extend the built-in security and access control capabilities of Windows networking. For example:

  • If you have a folder that you share on your network, you can configure Folder Guard to restrict access or even hide some of its subfolders from the networked users.

  • If your network configuration allows for that, you can set up user-specific access rights to the subfolders of the shared folders (see below for more information).

  • You can configure the protection on both the server- and client-side of the network. That is, instead of specifying the restrictions to the shared folders on the server, you can configure such a protection on the client computers directly.

Below we use the following terms:

  • Server - the computer that hosts the shared files or folders that you want to be protected from other computers on the same network. In other words, server is the computer that contains the physical disk on which the shared files and folders are located.

  • Client or workstation - the computer (or any one of such computers) on the same network that you want to have restricted access (or no access at all) to its local resources, or to the shared files or folders located on the server.

Note that our use of these terms (server and client) does not mean that you must have a client-server type of the network in order to use Folder Guard on it. Even if your computers are connected into a simple peer-to-peer network, any pair of the computers may be considered as the client-server pair. For example, if you share a folder located on your computer, and a user of some other computer attempts to open a document from your shared folder, then in this situation your computer is the server, and that other computer is the client. If, on the other hand, you are trying to open a document located in a shared folder on another computer, then your computer is the client, and that other computer is the server.

Protecting shared folders on the servers

Although Windows networking lets you set up access rights to the shared folders, you can use Folder Guard for a greater flexibility of such control. For example, on a peer-to-peer network, if you use Windows networking to share one of your local folders and allow access to it for other network users, all files and subfolders of such a folder will be accessible to the network users as well. With Folder Guard, however, you can make some of the subfolders not accessible and/or not visible to other network users, thus letting them see and/or open only the documents that you want them to.

You can use Folder Guard to control access to and visibility of the shared folders in the same way as with the local folders, by assigning the desired attributes to such files and folders, for different user accounts, just like you would do it on a stand-alone computer with multiple user accounts. You should remember, however, that if you set up a restriction to the folder other than the original restriction set up with the built-in Windows networking, then the stronger of the two restrictions would be use by Windows as the result. For example, if you have shared a folder with the read-only access, and then used Folder Guard to apply the full access attribute to such a folder, the folder will remain read-only. If, however, you assign the no access attribute to it with Folder Guard, the folder will become not accessible. (This is because the no access restriction is stronger than read-only, which in turn is stronger than full access).

Note also that Folder Guard does not currently support unlocking the folders over the network: if you protect a shared folder with an unlocking password, you must login to the server locally (or via a remote administration tool) to be able to enter the unlocking password on the server and unlock access to the folder. If someone attempts to open the protected folder via the network, such a user would simply be denied access to the folder, the password prompt will NOT be displayed to such a user.

Installing Folder Guard on the server

You can choose to install Folder Guard directly on the server if you want to set up user-specific restrictions for the network users. However, Folder Guard does not currently support Active Directory or user groups, only the local user accounts existing on the server can be used. To specify the protection settings for the network users, first add the user names to the User List of Folder Guard, and then assign the desired protection attributes to the files and folders for each such user. These attributes will determine how the files should be restricted and/or visible to the network users connecting to the server.

Note that your network can be configured in a way that may complicate the configuration of Folder Guard, or make it appear not to protect the computer according to your settings. For example, if you have configured your computer to use the Simple file sharing protocol (if you use Windows XP Home edition, this is the only option available, you cannot turn it off!), then any user accessing your computer over the network will appear as if it were the Guest user. In such a situation, you would not be able to set up different folder restrictions for different users, you would be able to create restrictions for the Guest account only, which would apply to all networked users.

If you have disabled the Simple file sharing protocol, but the networked users are still authenticated as the Guest user, run the Start - Computer Management - Local Security Policy command, navigate to the Local Policies - Security Options list, find the Network access: Sharing and security model for local accounts policy, and set it to Classic - local users authenticate as themselves.

Note that your network can be configured so that Windows would use a separate COMPUTER$ account (where COMPUTER is replaced with the actual name of the computer; for example, if the name of the server FILESERVER1, the name of this special account would be FILESERVER1$) for the network users connecting to the server. When such configuration is used, you should set up the appropriate visibility attributes of the folders for the user name COMPUTER$ (again, replace COMPUTER with the actual name of the server). Please contact your server administrator for information whether this situation applies to your network.

Note also that due to the internal design of the Windows NT-based versions of Windows, it is currently not possible to set up the user-specific restrictions of the visibility of the folders and files over the network. It is so because Windows does not use the original user account when browsing the folders over the network; instead, it uses the built-in SYSTEM account to do that. (The access attributes are still used on the user-by-user basis, provided that the conditions described above are met.) This means, for example, that you cannot hide a shared folder from some network users and allow other network users to see that folder at the same time; you can only hide a folder from all network users or from no one. As a workaround, you may want not to restrict the visibility of the folders from the networked users, but set up the user-specific access restrictions instead. This way, even though the users would be able to see the restricted folders over the network, they would not be able to open them.

Restricting the network access/Allowing the local access to the server

You may need to configure the protection of the server in such a way that only the network users would be restricted from accessing the server's files and folders, but any user logged in to the server locally, or any program running on the server as a service, would be exempt from the restrictions. To set up such protection, you can use the fact that when a user is accessing the server via the network, the server is seeing such access as if it were coming from a program named SYSTEM. (This is true no matter what program the user is actually using on the workstation, it can be Internet Explorer, or a database client, or any other program - all such programs appear as SYSTEM to the server). You can use this fact to configure Folder Guard to apply its restrictions only to the SYSTEM program, and that would make them apply only to the network users only.

To set up such protection, use the Trusted Programs dialog box to enable the All programs are trusted except the listed ones option, and make the list contain only one program name: SYSTEM. This way, all programs running on the server locally will be treated by Folder Guard as the trusted programs, and no restrictions would apply to them. If, however, a user is accessing the server via the network (that is, via the SYSTEM program), that would make Folder Guard to apply its restrictions to such a user.

Installing Folder Guard on the client computers connecting to the server

An alternative way of protecting network resources with Folder Guard is installing it directly on the client computers (rather than on the servers), and restricting the client computers themselves. To use Folder Guard in this way, first you should map the shared folders to local drive letters on the client computers, because Folder Guard cannot currently protect network folders without drive letters associated with them. After the drive letters for the shared folders are set up, run Folder Guard and assign the desired access and visibility attributes to the files and folders located on the network drives. You can set up the unlocking passwords for the folders on the network drives, too. After you have restricted access to the shared folders through the drive letters, Folder Guard will restrict access to them even if the user uses the UNC paths to open or browse the documents located in the shared folders.

The advantage of this method of protecting access to the shared folders is that all features of Folder Guard that are available for the local drives can be used with the network drives, as well. For instance, you could protect the folders on the network drives with the unlocking passwords, and the users of the client computers would be able to unlock the folders for their use by entering the appropriate passwords. The user-specific restrictions would work even if the Simple file sharing protocol were enabled on the client computer. The disadvantage of this approach, however, is that only the client computers that have Folder Guard installed and configured on them would be restricted from accessing the shared folders of the server. If someone connects to your network from a computer without Folder Guard installed on it, such user would not be restricted from accessing the shared folders. In such a case you should install Folder Guard on the server as well and set up the user-specific restrictions so that only the known users would be allowed to access the shared folder.

Installing Folder Guard on both the client computers and on the server

In such a case the restrictions set up on the server take precedence over the restrictions existing on the client computers. For example, if the server is configured so that the user Jim is not allowed to access the shared folder, then even if Folder Guard on the Jim's computer is configured to allow such access, Jim would not still be able to access the shared folder.

Another rule that applies to such a situation is that the restricting attributes take precedence over permissive ones. For example, if Folder Guard on the server is configured to allow access for the user Jim, but Folder Guard on the Jim's computer is configured to deny such access, Jim would not be able to access the shared folder. Only if Jim connects to the server from another computer that does not have Folder Guard configured to deny such access, only then Jim would be able to access the shared folder on the server.

If your computer has removable drives attached to it (such as CD-ROM, SCSI or ZIP drives, the floppy drive, etc.), you can use Folder Guard to protect access to such drives. For example, if you don't want other users to be able to use your CD-ROM drive, simply assign the no access attribute to it's root folder (just like you would restrict access to any other folder), and that would make the users unable to use the CD-ROM drive:

You can also create an unlocking password for the CD-ROM drive, if you want to be able to unlock the drive while keeping the rest of the restrictions in effect.

Keep in mind, however, that in some cases Windows uses tricks that bypass the CD-ROM drive letter. For example, if you have a rewritable (CD-RW) drive, when you add the files to be written to a CD-R, Windows XP makes it appear as if you are adding the files directly to the CD-RW drive, while in reality it stores such files in a temporary folder on your hard disk (usually it is "C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\CD Burning"). As a result, even if you configure Folder Guard to restrict access to the CD-RW drive, users would still be able to add files to the CD-RW disc. To solve this problem, apply the restrictions directly to the "CD Burning" folder instead of the CD-RW drive.

Note also that there is an alternative way of preventing the users from using the removable drives, using the Permissions - Drives command of Folder Guard.

Protecting subfolders on the removable drives

When you install Folder Guard, it is initially configured so that the removable drives can be protected as a whole. However, Folder Guard offers you an option that lets you protect folders on the removable drives (such as CD-ROM, SCSI or ZIP drives, but not the floppy ones), as well.

To use this option, first make sure the removable disk you would like to protect is inserted into the drive. (Below we refer to this particular disk as the original one, that is the disk that you use when you are setting up the attributes of its folders.) Run Folder Guard, choose the File - Settings command, go to the Protect page, and select the Allow protection of folders on removable drives option. Then choose the File - New command to create a new file to keep the restrictions. Now set up the attributes of folders on the removable disk as desired, in the same way as you would do it for a regular, fixed, drive.

From that time on, whenever the protection is enabled, and the same (original) disk is inserted into the drive, its folders are protected by Folder Guard, as usual. If you insert some other disk into the same drive, however, that has a different structure of folders than the original disk, the folders on such disk will not be protected, unless they happen to have the same paths as the folders on the original disk.

A problem may occur if you run Folder Guard and some other disk (not the original one) is inserted into the removable drive. In such a situation, while reading the restrictions file and not finding the protected folders on the disk, Folder Guard assumes that you might have renamed or moved the folders and prompts you to specify their new locations. To deal with this problem, when the first such prompt appears on the screen, remove the wrong disk from the drive, and insert the original disk into the drive instead. Then press the OK button on the prompt, to let Folder Guard continue reading the file. At the end of the initializing, use the View - Refresh command (or simply press F5) to force Folder Guard to re-initialize its information, this time using the correct, original disk.

Will the removable disk be protected on other computers, too?

No! The protection of Folder Guard is effective only on your computer, where Folder Guard is installed and configured accordingly. If you configure Folder Guard to protect access to a removable disk, the access will be protected on your computer only. If you take the disk to some other computer (without Folder Guard installed on it), the access to the disk will NOT be protected. If you need the disk to be protected on any computer, use encryption software to protect the information stored on the disk.

Folder Guard lets you control access not only to individual files and/or folders, but also to the whole classes of files. For example, if you need to set up some general access rights to the Excel files, you can use Folder Guard to create a filter that would apply to the Excel files only (that, to the files with the extension .XLS), and then assign the desired access attribute to such a filter, that would make the attribute to apply to any Excel file, no matter where it is located.

Let us explain in more detail. A filter is a set of data that defines which files it applies to (according to the names of the files, the folders they are located in, and programs that are accessing the files). You may define several different filters, or have no filters at all, depending on how exactly you want your computer to be protected.

After you have set up the filters and enabled the protection, Folder Guard begins to monitor the events of accessing the files on your computer. Whenever a program attempts to access a file, Folder Guard users the list of filters you've set up to determine whether the file name, the name of the folder where the file is located, and the name of the program that is accessing the file match any of the filters. If Folder Guard finds such a filter, it uses its attribute (full access, read-only, or no access) to allow or deny access to the file. It no match is detected, the access attribute of the folder where the file is located is used to determine whether to allow or deny the access to the file.

Folder Guard comes with a pre-loaded set of filters (discussed below). To see the currently defined filters, use the command View - Filters. When you choose this command, Folder Guard hides the list of folders, and shows the list of filters instead:

You can create new filters or modify the existing ones using the commands on the Filter menu. (This menu appears on the menu bar only when the filter list is displayed in the main window of Folder Guard). To return back to the list of folders, use the command View - Folders.

Note that only the access attributes may be applied to the filters; the visibility of the files defined by the filters is always determined by the visibility attributes of the appropriate folders where the files are located.

Folder Guard comes with several pre-configured filters, some of which are discussed below. You can use them as they are, or you can modify them to better suit your needs, delete them or create the new ones. If you don't want the filters to be used, you can reset their attributes with the Attributes - Reset command.

Example 1: Windows files.

This is a very simple filter that is designed to restrict access to the files system.ini and protocol.ini, located in the Windows folder (which is usually C:\Windows):

If you don't want users to modify these files (directly, or by installing other programs that may modify these files), assign the read-only attribute to this filter:

If you want only some of your users to be restricted from modifying these files, select each user's name in the User List of Folder Guard and apply the read-only attribute to this filter for each such user, one user at a time.

Note that if you want to restrict access to specific files (as in this case), you could also do so by adding the files in question to the folder list of Folder Guard (using the Protect - Add File command) and assigning appropriate attributes to such files.

Example 2: Restrict Install.

Suppose you don't want other users to install any new software on your computer without your permission (assuming that users have access to the floppy disk drive (A:) and to the CD-ROM drive (E:)). One solution could be to assign the no access attribute to the root folders of the A: and E: drives with Folder Guard, however that would also prevent the users from saving their work on the floppies, and from using any CD-ROMs.

This is a typical situation where filters provided by Folder Guard offer a more effective solution. Since installing new software usually involves running the Setup.exe or Install.exe program (and using the autorun.inf files from CD-ROMs), you want to prevent users from running such programs while allowing them to access other files on the floppy and CD-ROM drives.

To achieve this result, consider the Restrict Install filter with the following properties:

This filter would be applied only to the files named Setup.exe, Install.exe, or autorun.inf, and only if they are located on the A: or E: drives (in the root folders or any of the subfolders). Now assign the no access attribute to this filter for all users whose access to these files you want restrict:

If you want yourself to be able to run Setup.exe and Install.exe, assign the full access attribute to this filter while your user name is selected in the User List.

Example 3: Restrict run from floppy.

Suppose you don't want other users to run programs from the floppy drive. Yet, you would like them to be able to open from and save their documents to the floppy disks.

To achieve this result, consider the Restrict run from floppy filter with the following properties:

This filter would apply only to the program files (since their file names have the extensions .exe, .com, and .bat), and only if they are located on the A: drive (in the root folder or any of its the subfolders). Now assign the no access attribute to this filter for all users whose access to these files you want to be restricted. If you want yourself to be able to run programs from the floppy disks, assign the full access attribute to this filter while your user name is selected in the User List.

Example 4: Run only allowed applications.

Suppose you don't want other users to run any programs other than MS Word and Excel. Consider the following filter:

This filter would apply to all program files (that is the files with extensions .exe, .com, and .bat), but not to the files winword.exe (MS Word) and excel.exe (MS Excel). Also, this filter would not apply to the files located in the folders that begin with C:\Windows (since these folders contain system files, which should always be accessible in order for Windows to work properly). The programs located in the folder "C:\Program Files\Folder Guard" would also be exempt from this filter, since you want to be able to run Folder Guard files to change or disable the protection as needed.

Now, if you assign the no access attribute to this filter for a particular user, that user would not be able to run any programs other than MS Word and Excel, and the programs located in the Windows folder, or its subfolders.

Example 5: Internet Explorer data.

Suppose you want your users to be able to use Internet Explorer (IE), however you don't want then to be able to delete their Internet cookies. An obvious approach to set this up would be to assign the read-only attribute to the folder where IE stores the cookie files (such as C:\Windows\Cookies), but that may cause IE to fail, since it expects such a folder to be fully accessible.

The solution is also set up a filter that would grant IE fill access rights to the files in these folders:

If you assign the full access attribute to this filter, then Folder Guard would allow IE to write data into the cookie files, (because they would be accessed by the IE program, iexplore ). If a user uses some other program to delete the cookie files, the filter would not be applied to such operations, and the read-only attribute you have assigned to this folder would restrict such operations.

Note: The Trusted Programs list has a higher priority than the list of the filters. That is, a trusted program can access all files unconditionally, even if you have set up a filter that restrict access to certain files for that program.

Example 6: Restricting Internet Explorer downloads.

If you want your users to be able to use Internet Explorer (IE) for web browsing, but not to be able to download the executable files onto your computer, you could create a filter that would enforce such a restriction.

The idea of the protection is based on the fact that when Internet Explorer is downloading a file, it stores it in its Temporary Internet Files folder, along with the images and other files necessary to display the web pages when browsing. Only after the file has been successfully downloaded into the temporary folder, Internet Explorer moves it to the destination folder for your choice. This gives us an idea of how to prevent the downloads: we need to prevent Internet Explorer from being able to create program files (such as the EXE and ZIP files) in the temporary folder. However, we must still allow Internet Explorer to store files of other types (such as image files), to be able to display the web pages properly when browsing the Internet. This is just the type of a problem that can be easily solved using the filters of Folder Guard.

To achive this, we need to set up a filter that would apply to the *.exe and *.zip files, to the Temporary Internet Files folder, and to the Internet Explorer module iexplore :

If you assign the no access attribute to this filter, it will prevent IE from writing EXE and ZIP files to its temporary folder, and that would effectively stop it from being able to download such files. Note that we have entered the masks of only two most popular file formats for the programs, *.exe and *.zip. There are, however, other formats for distributing programs via the Internet, for