File security

Many people keep files on their computer (or on network filestore) that they wish to keep secure.

These notes are for both supported and unsupported machines, but only for Windows. Users of Unix (Solaris/Linux or OS X) face similar general issues but the details are different.

Network files

The best way to store a confidential document is on the central network filestore (either on a rented filestore or in your home directory). This ensures that only you have access (or at least that knowledge of your password is needed).

IT Services staff will only access files on the central filestore under the terms of our IT Investigations and Data Access Policy. In general, IT Services staff would only access files either with the permission of the owner of the files or to investigate misuse.

Users with unsupported machines can map their network filestore as a drive and save files to it.

If you feel you do not have sufficient filestore to store all your confidential files, you can request more quota for your personal filestore (up to a limit) and/or arrange to set up a shared filestore. There is no charge for this service. Contact the Library & IT Help Desk for details.

Data stored on a departmental fileserver is the responsibility of the department concerned and you should ask the manager of the fileserver for details of their policies and security setup.

Local files

Many people think that if they store a file locally (on their C: drive) it is more private and can only be seen by them. This is not the case.

If a file is stored locally on a machine, then whether it can be accessed or not by another user logged into that machine depends on the type of machine and how the machine is setup.

If the machine has been created with a NTFS file system (all supported machines are created this way), then you can change the permissions on a folder to ensure that only the owner can read the files within that folder. By default however, files will be created with permissions that allow anyone to read them. Permissions can be changed by right-clicking on the folder and choosing Properties. Once this has been set, any files within that folder will also protected.

If the machine has been created with a VFAT file system, any user can read any file on the machine and this cannot be changed except by re-installing the machine as NTFS.

For supported machines only, IT Services staff will be able to access files on the local drive remotely (again this will only be done under our RIP procedures). For unsupported machines you must check that the machine is not set to export its drives.

Remember that many people have physical access to machines (cleaners, receptionists, students etc) and in general you should not assume that you are the only person using a machine, even if the machine is in an office.

If you feel that someone is using a machine who should not be, then please contact IT Services for advice. However, this does not remove the need to consider carefully how and where you store your data.

Locking PCs

Windows users can (and should) lock their PCs if they are to be left logged on and unattended. Lock your PC by pressing the Windows key + L. The machine can then only be unlocked by the logged-on user, or by a Windows administrator.

To unlock, press CTRL + ALT + DEL, then enter your password.

Note that switching the machine off will override the lock.