Microsoft Retracts Private Folder Option

An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."

Re:That could've been a good feature!

Here is an idea for those IT managers complaining, DONT allow users to install applications. What kind of a security policy do you have that allows users to just install software. Frankly I like this feature, it is simple to use for home, and is a better option than EFS at home.

Re:Why didn't MS see this coming?

[uarch]

Because its not IT people developing the features.

At most companies the closest developers (and PM's if you're MS) at come to IT is when they have a problem with their office workstation. They call/email IT and someone swings by to fix the problem.

Sure, there are companies where the IT people think up & implement features in key products. MS is not one of them.

Re:Private Folders, harsh admins, and common sense

[gregmac]

Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.

I work at a small company, where my role only requires me to spend part of my time as an IT admin. I take this same approach, and find it's mutually beneficial. Users don't have install rights, but I also will install things on individual workstations that people ask for. (They actually used to have install rights on their personal workstations - not if they logged into others - but I had to take it away because they'd blindly install some web background program that would install 30 spyware applications. They were understanding when I removed that right after they saw the damage it caused). I've helped people setup their personal email accounts in thunderbird.

I've read articles talking about how if you don't allow people time to do personal tasks at work, that instead of taking 5 or 10 or even 30 minutes of work time, they'll take a sick or vacation day to catch up on errands, and I can see this happening. Personally I don't really mind fixing a server issue on the weekend or late at night, because I'm afforded this flexibility at work. At some offices, as soon as it hits 5:00pm, everyone drops what they're doing and goes home.. that's just a sad situation. It's not that people should be expected to work late, or work exactly their 8 hours per day, but if, for example, a task will take 20 minutes to finish before you go home, versus 45 minutes if you have to start in the morning when it's no longer fresh in your mind, it's better to stay the 20 minutes. In a company where workers are prohibited from doing anythink but work on company time, they're obviously not going to be willing to go the other way, and sacrifice their personal time for work.

Re:Private Folders, harsh admins, and common sense

[FractalZone]

Realistically, it is often better to let users know that they are not being treated like a bunch of slaves, crooks, children or sheep at the workplace, but that management and IT administration have the right and ability to lock things down at any time for any reason. More importantly, it helps to let users know how public some of the activities they naively think are private actually are.

Pointing out to a user that her favorite screensaver or wallpaper image comes from an external (to the organization) source that is not to be trusted, and showing her a relatively easy to read headline article on a major Web site she's heard of that details how such external connections cause real problems serves a couple of major purposes. It shows that you aren't making rules just because you can (or enjoy lording them over hapless users) and also encourages her to learn more about computers, how they work on the 'Net, and computer security.

I prefer education to enforcement as my primary means of preventing internally generated IT hassles. If users have to be treated like dumb and/or malicious animals, why would one want to be working in IT for such an organization? Most organizations, unlike public schools and correctional institutions, do not have to allow just anybody more than guest access to their systems. Don't expect to get much useful work out of users who are treated like school kids or convicts, but do expect to see them strive for excellence as they develop innovative ways to get around your rules/edicts, just as children and felons do in other areas of real life.

Oh, yeah, a good system administrator should study Sun Tzu's The Art of War, everything I posted above notwithstanding...just in case it comes to that.

Re:That could've been a good feature!

[v1]

You're falling into the oxymoron of "windows security" again.

I find it amusing that Mac OS has had filevault for what, several years now, with no resulting cataclysm. MS introduces it and half the PC IT flip their lids and MS runs scared. What is wrong with these people? Sorry if I sound like a BOFH but if the user puts data into a vault and then loses their password, they will get no pity from me. Do we cry for the neighbor that just locked his keys in his car while it was running? No, we laugh and point fingers. Some actions carry a built-in penalty for blatant stupidity, and this is one of them. If I put a hammer in the toolbox at work and Joe cracks his thumb trying to hang a picture in his cubicle, do we chase after me for leaving a dangerous object within reach of the monkeys? No, again we laugh and point fingers.

If your company is impossibly tilted toward the users, then just add a line to the AUP that states that filevault or whatever is not and cannot be supported by IT and if you have problems with it you should not expect any help.

In some organizations, the head of IT thinks he's god. More often though it seems, the users think they are the chosen ones and that IT can do the work of gods.