Securing files from IT

[Allen Drake]

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

Thanks for any suggestions.

Al.

 

[Peter Taylor]

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

Thanks for any suggestions.

Al.

You could back up your .pst file in Outlook and replace it with a new
one and when you get your laptop back, replace the new one with the old
one. The too numerous to even consider files could be uploaded to a
cloud or external hard drive, eliminated and then restored when you get
the laptop back.

 

[Big Steel]

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

You could tell the O/S that only your user account can even execute the
Outlook exe by removing all accounts off of the Outlook exe but your
account -- blocking any other account from using Outlook.

As far as folders that Outlook uses, you can do that same thing and set
them to only your user account can access the folders.

You can set a limited account that you have created for them that only
allows them to do what they need and nothing else.

http://www.ntfs.com/ntfs-permissions.htm

You can start by finding the Outlook short-cut, right-click, go to
Properties, find the location of the Outlook exe and set full control
for your account only. Any account you don't want to have any access to
the exe, you remove the account off the exe.

 

[Andy Burns]

You could tell the O/S that only your user account can even execute the
Outlook exe by removing all accounts off of the Outlook exe but your
account -- blocking any other account from using Outlook.

As far as folders that Outlook uses, you can do that same thing and set
them to only your user account can access the folders.

You can set a limited account that you have created for them that only
allows them to do what they need and nothing else.

http://www.ntfs.com/ntfs-permissions.htm

You can start by finding the Outlook short-cut, right-click, go to
Properties, find the location of the Outlook exe and set full control
for your account only. Any account you don't want to have any access to
the exe, you remove the account off the exe.

The way the O/P refers to "IT" sounds like the machine isn't personal,
it probably belongs to a company, it's probably a member of a domain,
the domain admins can easily do whatever they want to it (whether they
should is a different matter) also anyone being given physical access to
the machine can also do whatever they want by booting from
CD/USB/network or by removing the disk and putting it in another machine

The only things the O/P can do are either remove the files in question,
or encrypt them using encryption under *his* control, not under the
admins' control.

Removing permissions is futile.

All this does sound rather suspicious though ... what has the O/P got to
hide?

 

[Mark F]

The only things the O/P can do are either remove the files in question,
or encrypt them using encryption under *his* control, not under the
admins' control.

Encryption might work, but I wouldn't trust that the IT guy can't
get the password for the user account, so I wouldn't use the built-in
encryption.

Also, it is hard to ensure that everything you want encrypted gets
encrypted even if you use the built-in Windows encryption, so I
don't think that there is much of a chance of getting everything
if you try to add encryption after running for a while.

Removing permissions is futile.

All this does sound rather suspicious though ... what has the O/P got to
hide?

The performance reviews for other employees, possibly including the IT
staff.

Information obtained under non-disclosure agreements with other
companies.

 

[Big Steel]

The way the O/P refers to "IT" sounds like the machine isn't personal,
it probably belongs to a company, it's probably a member of a domain,
the domain admins can easily do whatever they want to it (whether they
should is a different matter) also anyone being given physical access to
the machine can also do whatever they want by booting from
CD/USB/network or by removing the disk and putting it in another machine

The only things the O/P can do are either remove the files in question,
or encrypt them using encryption under *his* control, not under the
admins' control.

Removing permissions is futile.

It's only futile if in fact its not his personal computer. I have used
Outlook on my personal computers without being on a domain too.

All this does sound rather suspicious though ... what has the O/P got to
hide?

It's not by problem. So I am not going to worry about it.

 

[Allen Drake]

The way the O/P refers to "IT" sounds like the machine isn't personal,
it probably belongs to a company, it's probably a member of a domain,
the domain admins can easily do whatever they want to it (whether they
should is a different matter) also anyone being given physical access to
the machine can also do whatever they want by booting from
CD/USB/network or by removing the disk and putting it in another machine

The only things the O/P can do are either remove the files in question,
or encrypt them using encryption under *his* control, not under the
admins' control.

Removing permissions is futile.

All this does sound rather suspicious though ... what has the O/P got to
hide?

This is my personal laptop that I want Solid Works installed on so I
can use it at home if I choose. Many of the engineers do this. I am
new at this job and would like to do some work at home also. I am not
trying to hide anything and have no secrets but also don't want to
leave all my personal information open to anyone I don't know.

Answer me this:

Would you have no problem allowing IT to have your personal laptop
without any security?

I don't see anything suspicious about me post what-so-ever.

Post your phone number here and we can all discuss it.

 

[Allen Drake]

You could tell the O/S that only your user account can even execute the
Outlook exe by removing all accounts off of the Outlook exe but your
account -- blocking any other account from using Outlook.

As far as folders that Outlook uses, you can do that same thing and set
them to only your user account can access the folders.

You can set a limited account that you have created for them that only
allows them to do what they need and nothing else.

http://www.ntfs.com/ntfs-permissions.htm

You can start by finding the Outlook short-cut, right-click, go to
Properties, find the location of the Outlook exe and set full control
for your account only. Any account you don't want to have any access to
the exe, you remove the account off the exe.

Thanks for the input and link. I will check it out.

Al.

 

[Char Jackson]

This is my personal laptop that I want Solid Works installed on so I
can use it at home if I choose. Many of the engineers do this. I am
new at this job and would like to do some work at home also. I am not
trying to hide anything and have no secrets but also don't want to
leave all my personal information open to anyone I don't know.

Answer me this:

Would you have no problem allowing IT to have your personal laptop
without any security?

I don't see anything suspicious about me post what-so-ever.

Post your phone number here and we can all discuss it.

Speaking of suspicion, I'd be suspicious of an employer that doesn't
provide a computer, (desktop, laptop, whatever), and expects me to
bring my own. What's next, requiring employees to purchase their own
copy of Solid Works?

Random thought: if it were me, I wouldn't mix personal use and work
use on the same laptop. That would pretty much solve the problem
you're facing and provide a whole lot of peace of mind, not to mention
some tax advantages (if you're in the US, anyway).

 

[charlie]

Thanks for the input and link. I will check it out.

Al.

Various company IT's are famous for requiring domain members/users to
have monitoring/logging software present and active on any machine
connected to the domain. with win7, much of the monitoring/logging is
already present and usually active by default as part of the ops system
diagnostic package.

 

[Gene E. Bloch]

Speaking of suspicion, I'd be suspicious of an employer that doesn't
provide a computer, (desktop, laptop, whatever), and expects me to
bring my own. What's next, requiring employees to purchase their own
copy of Solid Works?

Random thought: if it were me, I wouldn't mix personal use and work
use on the same laptop. That would pretty much solve the problem
you're facing and provide a whole lot of peace of mind, not to mention
some tax advantages (if you're in the US, anyway).

I was about to post the same advice, i.e., get a second laptop used only
for work, but without your remark on taxes, since I didn't think of it.

And yes, I also wonder why the company doesn't provide a laptop, if the
employee is required to use one for work...For one thing, they can use
the same model of laptop for everyone, which should simplify maintenance
and security issues.

 

[VanguardLH]

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

Thanks for any suggestions.

Al.

IT already has access to your Outlook files if you are using Exchange as
your mail server. Since you say "IT" then your workstation is in some
corporate network setup and it's likely they are using Exchange. You
only have a *copy* of what is in your mailbox up on their Exchange
server. Also, it is highly likely that they already monitor their
network traffic so anything within your e-mails, even those that come
from an outside e-mail provider (Hotmail, Gmail, etc), can be
interrogated for keywords and recorded. Also remember that all that
Outlook data is *their* property, not yours. You are using their
property: their workstation, their network, their mail servers, their
software. Plus you are supposed to be working for them when you are at
work. Thay may even have installed a [hidden] client on your host to
assist in backing up all their workstations. They can walk over to your
host, logon as Administrator, and take ownership of all your files. If
you thought they didn't have or couldn't get at that data, you're wrong.

You won't protect your mailbox data on their Exchange server. You can't
be sure what they sniffed out on *their* network while you were using
*their* computer. At best, you can use an encryption tool, like
TrueCrypt, to store your other data files that you don't want them to
see. However, some companies have policies that you cannot secrete any
files on *their* property without their permission and without their
availability to access; else, they'll just delete it, especially if they
just reimage your HDD with their sysprep image when you call for help
and that's the quickest way to get you back to doing your work.

By your question, it looks like you don't even have admin privileges on
your host. You login to their network domain using the account they
gave you which assigns you the privileges they choose to give you. At
best, you may be granted a login that gives you admin privs on just that
host alone (but that requires manual configuration and often the IT
folks aren't willing to work with an individual and instead assign
accounts and their privs in "groups" so you belong to a group that
regulates what privs you get). If, for example, you worked in a Dev or
QA group, then you need admin privs but your domain account will give
them only to that host, not any others. Yet the sysadmins will still
have full privileges on your host and can do anything you can do as an
admin.

Forget about hiding your e-mails. They already have that data on their
Exchange server or by sniffing their network traffic. For that other,
um, "personal stuff" either consider removing it from their property or
hide it in an encrypted container (e.g., TrueCrypt and BestCrypt
Portable are free). Of course, that assumes that they aren't running
keyloggers or data miners on *their* property to monitor what their
employees are doing.

If you don't want them finding those data files on their property and
possibly looking inside, don't put them there (on their workstations or
transferred across their network).

 

[Allen Drake]

Speaking of suspicion, I'd be suspicious of an employer that doesn't
provide a computer, (desktop, laptop, whatever), and expects me to
bring my own. What's next, requiring employees to purchase their own
copy of Solid Works?

Random thought: if it were me, I wouldn't mix personal use and work
use on the same laptop. That would pretty much solve the problem
you're facing and provide a whole lot of peace of mind, not to mention
some tax advantages (if you're in the US, anyway).

My employer supplies a computer at my work station. The laptop and
working at home is my choice and not a requirement. My piece of mind
comes with the love of my job enough to enjoy it even in my spare
time.

 

[Allen Drake]

I was about to post the same advice, i.e., get a second laptop used only
for work, but without your remark on taxes, since I didn't think of it.

And yes, I also wonder why the company doesn't provide a laptop, if the
employee is required to use one for work...For one thing, they can use
the same model of laptop for everyone, which should simplify maintenance
and security issues.

As posted I repeat my remarks. I am not required to work at home. I
have all the tools I need at my job site. It seems what I have is far
beyond the range of a few in this group. Sad.

 

[Allen Drake]

Various company IT's are famous for requiring domain members/users to
have monitoring/logging software present and active on any machine
connected to the domain. with win7, much of the monitoring/logging is
already present and usually active by default as part of the ops system
diagnostic package.

I am now learning more about the ability to monitor employee
activity in larger companies. Many of my revious employers couldn't
care less as long as the work got done. Many didn't have an IT
department and few didn't know what the meaning IT was.

 

[Allen Drake]

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

Thanks for any suggestions.

Al.

IT already has access to your Outlook files if you are using Exchange as
your mail server. Since you say "IT" then your workstation is in some
corporate network setup and it's likely they are using Exchange. You
only have a *copy* of what is in your mailbox up on their Exchange
server. Also, it is highly likely that they already monitor their
network traffic so anything within your e-mails, even those that come
from an outside e-mail provider (Hotmail, Gmail, etc), can be
interrogated for keywords and recorded. Also remember that all that
Outlook data is *their* property, not yours. You are using their
property: their workstation, their network, their mail servers, their
software. Plus you are supposed to be working for them when you are at
work. Thay may even have installed a [hidden] client on your host to
assist in backing up all their workstations. They can walk over to your
host, logon as Administrator, and take ownership of all your files. If
you thought they didn't have or couldn't get at that data, you're wrong.

You won't protect your mailbox data on their Exchange server. You can't
be sure what they sniffed out on *their* network while you were using
*their* computer. At best, you can use an encryption tool, like
TrueCrypt, to store your other data files that you don't want them to
see. However, some companies have policies that you cannot secrete any
files on *their* property without their permission and without their
availability to access; else, they'll just delete it, especially if they
just reimage your HDD with their sysprep image when you call for help
and that's the quickest way to get you back to doing your work.

By your question, it looks like you don't even have admin privileges on
your host. You login to their network domain using the account they
gave you which assigns you the privileges they choose to give you. At
best, you may be granted a login that gives you admin privs on just that
host alone (but that requires manual configuration and often the IT
folks aren't willing to work with an individual and instead assign
accounts and their privs in "groups" so you belong to a group that
regulates what privs you get). If, for example, you worked in a Dev or
QA group, then you need admin privs but your domain account will give
them only to that host, not any others. Yet the sysadmins will still
have full privileges on your host and can do anything you can do as an
admin.

Forget about hiding your e-mails. They already have that data on their
Exchange server or by sniffing their network traffic. For that other,
um, "personal stuff" either consider removing it from their property or
hide it in an encrypted container (e.g., TrueCrypt and BestCrypt
Portable are free). Of course, that assumes that they aren't running
keyloggers or data miners on *their* property to monitor what their
employees are doing.

If you don't want them finding those data files on their property and
possibly looking inside, don't put them there (on their workstations or
transferred across their network).

Let me make this easier. My laptop that will soon have Solid Works
installed is my private computer not in any way monitored or
controlled by the IT department. Different from the network I am on
while on company property. One other option I have is to install the
application myself in my home. I have been given that option but it is
taking longer than I expected to get the disks. I was considering the
install be done if I wanted to bring my laptop to work. If and when I
decided to do this is what prompted me to this post for advice after
searching for a way to PW protect Outlook 2010. I don't use exchange.
Only Solid works, MasterCam, AutoCad and a few other design SW most in
the privacy of my own home. I might voluntarily bring a drawing home
to complete or modify rather than stay on the job.

It's just that simple.

 

[Paul]

As posted I repeat my remarks. I am not required to work at home. I
have all the tools I need at my job site. It seems what I have is far
beyond the range of a few in this group. Sad.

In my work experience, I don't think I've ever had IT staff working
on a home computer in an official way, as a prerequisite.
Possible combinations where I worked would include.

1) IT staff maintain software and computers at work. This is
what everyone has grown to expect when they work at a high tech
company. Company hardware, company provided software.
Services include daily backups etc.

2) Company buys software for employee, employee takes it home and
installs it on home computer. No IT staff need examine the home machine
for this to happen. If the employee needs assistance with the
software, it would be solely at the employee's request. Or the
employee could brain it out for themselves, or even ask questions
of IT (consult) without actually bringing in the hardware. An example
might be, a copy of Microsoft Word or other word processing software.

3) Company provides complete "work at home" environment, including company
computer for usage in the home. It's even possible for that setup to
have remote backups. Software on the computer could be managed the same
as (1). Company pays for broadband connection. A person would be a fool,
for mixing personal files with such a machine, as for all intents and purposes,
it's a "machine at work".

So I can't say, I've experienced a home machine, *having* to be
given to IT staff as a prerequisite. Perhaps in the case of (2),
an employee might ask his local IT guy, to take a look at a home
machine brought in. But then the hardware would have to be signed
in and signed out at the security desk.

If you really need to bring the machine to work, and have software
installed on it, you have the option of using two hard drives.
One would be your regular OS hard drive, with personal items on it.
The second hard drive, would have a "clean" OS installed on it.
When the machine was taken to work, only the "clean" hard drive
would be physically present inside the computer. When back home
again, two hard drives would be present, and a "reboot" of the clean
drive, would allow using the copy of Solidworks. Using the BIOS
popup menu, you can select at boot time, which drive to boot.
(Booting doesn't have to be managed in an OS boot menu, it can
also be managed at the BIOS level.)

With both drives present, you might want to turn off System Restore,
because I imagine a dual disk setup like that, would make a mess
of any restore points. Boot up the disks, installed one at a time, turn
off System Restore. Then put both drives in the box, and switch
between them as needed.

Expensive software can be "keyed" to a number of assets inside
the computer (or even externally, to a floating license server),
and I doubt the software can be moved from one drive to the other
drive, easily. So it's not like I'm suggesting this "clean" drive
concept, with the idea you move the software over to the other
drive when you get it home. I doubt that would work. It's probably
going to have to stay put. For example, the license key generator
program, might record the disk hardware serial number or the like.

Paul

 

[charlie]

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

Thanks for any suggestions.

Al.

IT already has access to your Outlook files if you are using Exchange as
your mail server. Since you say "IT" then your workstation is in some
corporate network setup and it's likely they are using Exchange. You
only have a *copy* of what is in your mailbox up on their Exchange
server. Also, it is highly likely that they already monitor their
network traffic so anything within your e-mails, even those that come
from an outside e-mail provider (Hotmail, Gmail, etc), can be
interrogated for keywords and recorded. Also remember that all that
Outlook data is *their* property, not yours. You are using their
property: their workstation, their network, their mail servers, their
software. Plus you are supposed to be working for them when you are at
work. Thay may even have installed a [hidden] client on your host to
assist in backing up all their workstations. They can walk over to your
host, logon as Administrator, and take ownership of all your files. If
you thought they didn't have or couldn't get at that data, you're wrong.

You won't protect your mailbox data on their Exchange server. You can't
be sure what they sniffed out on *their* network while you were using
*their* computer. At best, you can use an encryption tool, like
TrueCrypt, to store your other data files that you don't want them to
see. However, some companies have policies that you cannot secrete any
files on *their* property without their permission and without their
availability to access; else, they'll just delete it, especially if they
just reimage your HDD with their sysprep image when you call for help
and that's the quickest way to get you back to doing your work.

By your question, it looks like you don't even have admin privileges on
your host. You login to their network domain using the account they
gave you which assigns you the privileges they choose to give you. At
best, you may be granted a login that gives you admin privs on just that
host alone (but that requires manual configuration and often the IT
folks aren't willing to work with an individual and instead assign
accounts and their privs in "groups" so you belong to a group that
regulates what privs you get). If, for example, you worked in a Dev or
QA group, then you need admin privs but your domain account will give
them only to that host, not any others. Yet the sysadmins will still
have full privileges on your host and can do anything you can do as an
admin.

Forget about hiding your e-mails. They already have that data on their
Exchange server or by sniffing their network traffic. For that other,
um, "personal stuff" either consider removing it from their property or
hide it in an encrypted container (e.g., TrueCrypt and BestCrypt
Portable are free). Of course, that assumes that they aren't running
keyloggers or data miners on *their* property to monitor what their
employees are doing.

If you don't want them finding those data files on their property and
possibly looking inside, don't put them there (on their workstations or
transferred across their network).

Let me make this easier. My laptop that will soon have Solid Works
installed is my private computer not in any way monitored or
controlled by the IT department. Different from the network I am on
while on company property. One other option I have is to install the
application myself in my home. I have been given that option but it is
taking longer than I expected to get the disks. I was considering the
install be done if I wanted to bring my laptop to work. If and when I
decided to do this is what prompted me to this post for advice after
searching for a way to PW protect Outlook 2010. I don't use exchange.
Only Solid works, MasterCam, AutoCad and a few other design SW most in
the privacy of my own home. I might voluntarily bring a drawing home
to complete or modify rather than stay on the job.

It's just that simple.

I guess that it depends on how much you can rely on the IT people to
just install the CAD/CAM software and nothing else.

I'd likely take the laptop to work, go to the IT department, get them to
hand me the install disks, and do it myself.

Lets just say that I'm retired, and no longer have to deal with company
or govt. IT groups. In my years working with minicomps and then P/Cs,
The IT departments went from (If it's not a mainframe, we don't want
anything to do with it!) to (We control Everything, or else!)

The latter gets really funny when you are dealing with a P/C or similar
computer that is used to control banks of instrumentation and equipment.
Thee IT people usually take one look, and eventually say something to
the effect that you can do whatever you want. It can get a bit sticky
when that includes LAN/WAN access without the IT's favorite software.

 

[VanguardLH]

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

Thanks for any suggestions.

Al.

IT already has access to your Outlook files if you are using Exchange as
your mail server. Since you say "IT" then your workstation is in some
corporate network setup and it's likely they are using Exchange. You
only have a *copy* of what is in your mailbox up on their Exchange
server. Also, it is highly likely that they already monitor their
network traffic so anything within your e-mails, even those that come
from an outside e-mail provider (Hotmail, Gmail, etc), can be
interrogated for keywords and recorded. Also remember that all that
Outlook data is *their* property, not yours. You are using their
property: their workstation, their network, their mail servers, their
software. Plus you are supposed to be working for them when you are at
work. Thay may even have installed a [hidden] client on your host to
assist in backing up all their workstations. They can walk over to your
host, logon as Administrator, and take ownership of all your files. If
you thought they didn't have or couldn't get at that data, you're wrong.

You won't protect your mailbox data on their Exchange server. You can't
be sure what they sniffed out on *their* network while you were using
*their* computer. At best, you can use an encryption tool, like
TrueCrypt, to store your other data files that you don't want them to
see. However, some companies have policies that you cannot secrete any
files on *their* property without their permission and without their
availability to access; else, they'll just delete it, especially if they
just reimage your HDD with their sysprep image when you call for help
and that's the quickest way to get you back to doing your work.

By your question, it looks like you don't even have admin privileges on
your host. You login to their network domain using the account they
gave you which assigns you the privileges they choose to give you. At
best, you may be granted a login that gives you admin privs on just that
host alone (but that requires manual configuration and often the IT
folks aren't willing to work with an individual and instead assign
accounts and their privs in "groups" so you belong to a group that
regulates what privs you get). If, for example, you worked in a Dev or
QA group, then you need admin privs but your domain account will give
them only to that host, not any others. Yet the sysadmins will still
have full privileges on your host and can do anything you can do as an
admin.

Forget about hiding your e-mails. They already have that data on their
Exchange server or by sniffing their network traffic. For that other,
um, "personal stuff" either consider removing it from their property or
hide it in an encrypted container (e.g., TrueCrypt and BestCrypt
Portable are free). Of course, that assumes that they aren't running
keyloggers or data miners on *their* property to monitor what their
employees are doing.

If you don't want them finding those data files on their property and
possibly looking inside, don't put them there (on their workstations or
transferred across their network).

Let me make this easier. My laptop that will soon have Solid Works
installed is my private computer not in any way monitored or
controlled by the IT department. Different from the network I am on
while on company property. One other option I have is to install the
application myself in my home. I have been given that option but it is
taking longer than I expected to get the disks. I was considering the
install be done if I wanted to bring my laptop to work. If and when I
decided to do this is what prompted me to this post for advice after
searching for a way to PW protect Outlook 2010. I don't use exchange.
Only Solid works, MasterCam, AutoCad and a few other design SW most in
the privacy of my own home. I might voluntarily bring a drawing home
to complete or modify rather than stay on the job.

It's just that simple.

If it's your property and not connected to their network, and if they
want a legit copy of their software on your computer, why don't they
just give you the installation CD? It might remain their license but
they'll have to track that and take care of retrieving the license when
your employment ends but that's all their responsibility.

Since you'll be bringing in your laptop for them to install their
software, it seems you'll be standing right next to them when they do
the install so you could watch what they're doing. Make an appointment
and wait and watch while the installation gets done. Somehow I have to
wonder why you would trust them to install software but then mistrust
them with your personal files. If you suspect they will spy on you or
steal your data, how do you know they didn't install a keylogger, data
miner, or other malware onto your computer? Once someone has physical
control over your computer, it's impossible to be absolutely sure they
didn't steal from you or will steal from you. Seems to be some
"politics" going on between you and the IT folks.

A password on Outlook's .pst file won't prevent a hacker from getting
into the .pst file. It is very weak protection and there are utilities,
like at Nirsoft, that will divulge the password. As mentioned, you
could use TrueCrypt to put the sensitive files inside an encrypted
container for which only you know the password. You can configure
TrueCrypt to load those volumes on loading TrueCrypt and configure
TrueCrypt to load on login at which time you will be prompted for the
password; however, any apps that need access to those data files will
need you to unprotect the volume with those files before you start those
apps. That is, for example, you'll have to open the TrueCrypt container
and enter the password BEFORE you load Outlook. Of course, you'll have
to configure Outlook to look for its .pst file at the different
location. Then you'll need a disk wipe tool that clears all unused disk
space but after first cleaning out the Recycle Bin.

Using TrueCrypt or BestCrypt, you can secrete files inside an encrypted
container to which only you have the password.

 

[Tom Lake]

"Allen Drake" wrote in message

For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.

Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?

Thanks for any suggestions.

Al.
Forget it. Even password protected Outlook can be bypassed with ease.
Any IT person who wants to see your data and has physical access to your
machine can see anything they want. Even if you delete the data off your
hard drive, it can be brought back, even if overwritten by other data. I
worked in
a computer forensics department for a while and we could get data back even
if it was overwritten up to six or seven times. That was years ago. I'm sure
the
depth is even greater now. Any IT person worth hiring has a code of ethics,
however and wouldn't poke around your personal data.

Tom Lake