You can protect files through capabilities of two file systems offered by Microsoft operating systems.
With the File Allocation Table (FAT) file system, both Microsoft® Windows® 95 and Windows NT provide shared folder resource protections by assigning permissions. These permissions are applied to the entire shared folder and all the files and folders in the share. Share-level security is easy to implement.
Because these shared permissions apply to all of the files in the folder, it's often difficult to configure sets of file and permission groups that effectively limit user access. Shared folder permissions provide only simple security.
As a general rule, the FAT file system and its share-level security is not granular enough to effectively define and control file access for many users in a complex system, and it offers no protection for the other resources that run your application.
For More Information A popular example of shared file permissions is found in the Microsoft Jet Database. For more information on securing the Microsoft Jet database, search for "Secure Data Solutions Using the Jet Database Engine" in MSDN Library Visual Studio 6.0.
While Windows 95 only has the FAT file system, Windows NT provides a choice of either the FAT or Windows NT file system (NTFS). Windows NT with NTFS supports access control and ownership rights not available with the FAT file system.
Windows NT ensures data and system protection through its ability to define discretionary file access control. The Windows NTFS file system can totally prevent users from damaging key system or application files.
As an application design benefit, the NTFS file system is not only more reliable and secure than the FAT file system, it is fully recoverable. NTFS has the ability to prevent directory corruption, and can actually reconstruct itself after a hardware failure.
With the NTFS file system, you can provide robust security for all of the supporting files in your application.
For More Information For more information on using the NTFS file system, search for "Allowing Access by Using NTFS" in MSDN Library Visual Studio 6.0.
Your application might have many different kinds of non-database support files and folders: .ini, .txt, .prf, or other special files that maintain program information. If your application has support files needing protection, you might want to specify explicit permissions such as No Access, Read, Change, and Full Control.
In order to set access permissions on a file, you must:
The most common approach to setting file access permissions is to use Windows NT Explorer. With Windows NT Explorer, you can easily set file permission on a file-by-file basis or for the entire folder (thus including all files contained within that folder).
Another tool you can use to set file permissions is the Cacls.exe utility. This is a command-line, batch mode utility that displays or modifies access control lists. Cacls.exe has limited functionality: it can only grant or deny Read, Change, and Full Control permissions.
For an enterprise application (such as a Web site) that is exposed to external user access, it's not unusual to first protect all of the files on the entire workstation, and then apply specific Windows NT file permissions where access is needed.