Hi... Just let me start off by saying that I'm a network administrator at our company, so expect some bias.

First point...

I need exact info on how to block my private "My documents" folder

Why do you have a "private" my documents folder? This is a work computer at work, correct? Then it isn't "your" "private" "documents". In most jurisdictions, the company will have exclusive rights to ALL data that has EVER been on "your" computer. So basically, I'm telling you you have no "private My Documents folder".

so that the network administrator who has rights to my computer ,cannot snoop in my files,

Of course your network admin has rights to your computer. Don't ask to have this taken away, otherwise you get zero help in the future. Your network admins are typically mature people who will not look through someone else's documents unless there is an actual need to, and certainly won't to satisfy their own curiosity. NetAdmins have access to EVERYTHING in the company, and therefore need to be trustworthy individuals who will not look unless they absolutely need to. If this is a problem that you believe exists with your netadmin, see below about speaking to management.

Typically, a company will have a policy in place that dictates what a network administrator can or can't do with or without approval from management. Typically a network admin has access to EVERYTHING at ANYTIME. I for example, have the right to look through someone's documents remotely if I believe there's suspicious network activity, like a virus threat, strange files appearing, etc. Management will often approve the network admin to look an employee's files if there is reason to believe they are being malicious, not doing their job, compromising security, being a threat to someone/something, or are close to being fired or quitting...

You *DO* have rights to privacy at work, but they are dependent on the policies are your workplace, and your state/province/whatever. Find out what they are in a clear and concise manner from your employer.

the rumor is that the network guys when they were bored, snoop in our files,one of my co-workers knows for a fact that they entered her private documents,

So is it a rumor, or is it fact? From my experience with computers, microsoft OSes, and auditing, it is a lengthy process to go through to enable auditing on individual files and/or directories. How does your coworker "know for a fact" that the admins went through her "private documents"? (again, see above). And how do you know that it's the individual network administrator(s) who have done this, and not an automated script that is used to backup your documents, that connects as a domain administrator to gain access to each users' "My Documents" to do a daily backup of them?

So I need info on how to block my files, or create a folder that cannot be seen by anyone else but me, this is a simple job, all i need is info, I have heard that you can crate some sort of gui application or use an encrypted disk or encrypted extra hard drive that the administrator cant see.. to keep it hidden.. any info would be helpful. thanks

I don't think you understand the legal implications of what you're suggesting. To encrypt ANYTHING on your disk would immediately open you up to liability JUST BECAUSE IT IS THERE. How does the company know for a fact that there isn't anything that's company-related in this encrypted drive/share/folder? It doesn't, since most likely, (telling from your current attitude and position), you wouldn't allow them access through a shared key or password. The company is now in the position where they don't know what data is on THEIR computer. They don't know whether you're storing illegal material on there, technical documents that could be sold to a competitor, or whether it's your recipe for butterscotch tarts.

You will be denying them access to data that is theirs. I know it sounds like that's a great idea, and you'll be securing your "private documents" but as I stated above, you'll be in deep doodoo later on.

This brings up another point of: What do you have on this computer that is so private? If you can't handle someone (read: coworker,boss,network guys,backup scripts, whatever) going through these documents, then guess what... DON'T PUT THEM THERE. Leave them at home. Especially considering that you're a freelance contractor, you'll be under more scrutiny than most, since they're most likely paying you hourly, or by job, and if your project runs into overtime which you charge them for, then guess what? "Private documents on her computer that she wrote during work hours? Is this why the job went overtime?". You = Sued.

I would also like to point out that it sounds like you haven't spoken to management or your boss about this. Speak to them about what you believe is an infringement of your privacy, and that you would like clarification of what the netadmins are allowed to do. Encrypting or hiding files is not the best way to resolve this kind of situation.

1st of all it is MY computer, I bring my laptop into work, I do freelance work for them, 2nd of all my co-worker has a picture of her and her boyfriend taken from her My Documents folder, and it was manipulated and pasted in the company kitchen, sorry to offend you if you are an administrator, it may have been someone else in the comaony who has computer skills, nonetheless I asked a question to get an idea of how I can protect my private files, not to get a tongue lashing about how I am being a bad girl. All I want is some info how to protect my god given rights to privacy on my own computer.

Given that we are talking about your personal laptop here. I would suggest that you have 2 laptops, a "clean" one for work and a "dirty" one for personal use. This would be the 100% sure-fire way to keep your personal stuff personal.

As was said in both threads, once you are hooked up to their network you are at their mercy if they are determined to go through your stuff.

All they need to do is image your harddrive and crack it at their leisure.

Freq---

Ok so how about just light security protection, so that snoops wont go in. I appreciate thatthe admin has to go in incase of emergencies etc. but at the company I work at , their are 20 guys who work in support etc, who thrive on practical jokes, snooping etc, and management wont do anything about it. I cant afford to have 2 laptops at the moment

How about putting your private data on a USB thumb-drive and only plug in the drive when you need the data?

EDIT: Hey wait a minute. If this is your personal laptop that you're connecting to the company's network shouldn't the netadmins need permission from you to access what is essentially your data? And if so then why can't you take steps to keep them out?

I'm sorry that there was a misunderstanding. Typically when people say "my computer" when they are referring to work computers are not actually "theirs", but rather belong to the company. There are still (IMO), grey areas of when it is your computer and when it is "their" computer. Is everything you do on your computer theirs while you are in their office? Brings up interesting points, all of them a little murky.

If it is your computer that you are bringing in to their office, then I think that either:
a) You should dictate the terms of their access to your computer. The network admins should not have access to your computer unless it's being supervised by you. Normally I won't let a laptop into our office unless I've given it a "once over", to check for anytihng malicious or dangerous. Usually a 1/2 hour procedure, depending... Once that is done, the laptop is generally free to connect to our network, and occasionally I'll ask the person if I can look again, since who knows what happens outside the office.

With this scenario, I would propose that: you remove all admin access and regular user access to everyone except yourself, and change your password. Then ask the network admins to create a shared folder on a server for you to use. That way all of the work documents that you have created/edited/used/whatever are all stored on the server, and nothing on your laptop. That way you can say that the admins have no reason to connect to your laptop to access work files, they're on the server. If they need to do maintenance, they can do it while you supervise.

b) They make a computer available to you. End of story. Now they can do what they want with it. You don't keep personal stuff on there, and they don't look around.

I wasn't trying to give you a tongue lashing, but to point out the fact that if this was a work computer, then you were treading on dangerous ground, that is all. I personally have instituted a policy where no files under a folder named "PRIVATE" (all caps) will be backed up or looked at. That's what I was getting at by what policies the company you work for has. You need to find out what they are, in writing. If they don't have a policy regarding what it is, then inform them that they need to have one that is presently clearly and concisely to all the users.

I was stating this from an admin and "corporate" perspective, and was trying to point out the "other side". I myself have gotten in trouble for encrypting work data, and been very close to full-on legal battles (ie: me being arrested/sued, etc), when I was a programmer (in a former life), where they had not paid us for a period of time and laid me off. They then asked for the passwords and so on, to which I refused to give until they paid me. It took me realizing that two wrongs don't make a right, and that in the end, I was depriving them of their product, so in essence stealing from them so that they would pay me. It was a downward spiral into a bad scene overall. I just don't like to see other people get themselves into trouble for similar reasons or scenarios. It's a slippery slope and next thing you know, when push comes to shove, the company has more resources than you do.

As for your coworker's picture of her boyfriend manipulated and put up on display, that is an severe case of harassment, and should be pursued further by her, and whatever labour board is in your area, and shouldn't be stood for.

As an aside, there are many solutions available to do what you're looking for, but the best security depends on good physical security. Keep your private documents on an encrypted USB thumb-drive. Use encryption like PGP, or even a password-protected ZIP file, or the built-in windows directory encryption.

" Keep your private documents on an encrypted USB thumb-drive. Use encryption like PGP, or even a password-protected ZIP file, or the built-in windows directory encryption. "

could u please elaborate on the above?

1. on a USB thumb can the admin see whats on that if he is connected to my comp?

2. how do i encryt a zip file , what is PGP?

3. what is "built-in windows directory encryption"

I am merely a web designer and do not know a lot about windows or programming.

As an aside, I admire your honesty in regards to your policy, however I have had bad experiences, and I recently date dthis really creepy netwrok admin guy and asked him a question if he ever peeks in other comos, and he said with a grin "sure, we all do when we get bored"

how do i encrypt a zip file

WinZip 9.x supports 128-bit and 256-bit AES encryption. If you password protect your WinZip files then it will be extremely difficult, if not impossible, for most people to open those files. The down-side is that you have to enter your password every-time you want to see your files.

what is PGP

PGP [pgp.com] stands for Pretty Good Privacy. It's a public key encryption system that is extremely powerful. There's also GnuPG [gnupg.org], which is a free replacement for PGP. You can encrypt entire disks or folders with this software.

There's a bit of a learning curve with this sort of encryption, but it is some of the most powerful software for keeping your data private.

what is "built-in windows directory encryption"

Starting with Windows 2000 there has been a option available to encrypt the files on your system so that only certain Windows accounts can access them. There are some good articles over on the MS KB like this one: Best practices for the Encrypting File System [support.microsoft.com]

There are simple solutions, that you can use to hide any file or folder... as suggested you can passowrd protect zipped files.. or

zip the folder then change the extension to .sys, doesn't stop access but does not make it obvious.

then you could use a proggy called camoflage this is password protected and hides the file. and it's free

you can also buy protection solutions a quick G will sort you out.

you could set permissions by configuring file sharing in XP

just off the top of my head...

hahaha, well heres a simple one but im not sure if it will do the job....go to the mydocuments folder and right click it, go to properties, then go to security and tell it that you want your accountand only your account to be able to access that folder....so that if the net admins are trying to look through your files they would have to do it under your user name and password.

All I want is some info how to protect my god given rights to privacy on my own computer.

Don't connect it to a network. That is, keep work and personal life separate.

Matt