Helping people with computers... one answer at a time.

Passwording a desktop shortcut, while theoretically possible, wouldn't really accomplish the goal of securing information. We'll look at alternatives.

Is there a program that offers desktop password protection for shortcuts? My system is Windows Vista Home Edition. I have a few shortcuts/Icons on my desktop I want to keep private. I've seen answers about managing administrator controls and user accounts, etc but that won't help me. I keep my computer on and signed in at all times so there is no changing of users, if I step away from my desk I'd like to be sure no one can click on a desktop Icon and access these files. Logging off and on throughout the day to avoid unauthorized access is not an option for me. I am looking for one that will prompt for a password when the icon is clicked.

The short answer is no - I know of no way to do exactly what you describe.

And to continue along that line, doing exactly what you describe - password protecting the shortcuts - won't help. Protecting a shortcut to a document is not the same as protecting the document itself.

Let's look at some possible alternatives.

To be completely honest, for the scenario you describe, logging off really is the right thing to do.

In fact, depending on who you're protecting these documents from and how aggressive they might be, turning off and locking might also be called for. Remember that ultimately nothing is safe if someone has physical access to your machine, which it sounds like they do.

"If leaving your machine on and unattended is a requirement, then encryption is really the only answer ..."

Now, as I alluded to earlier, even if you password protect the shortcut to a document, there's nothing to prevent someone from bypassing the shortcut and using perhaps Windows Explorer to locate and access the document directly.

If leaving your machine on and unattended is a requirement, (and I'm assuming that a password protected screen saver is also not an option for you), then encryption is really the only answer, and even then it needs to be used judiciously.

Three approaches come to mind:

  • Application-based protection. Applications like Word and Excel and others often have the ability to password protect a document themselves. When this is done correctly, the password must be provided to read or modify the document.

    Application-based protection has a somewhat troublesome history. You're relying on each application to get passwording and encryption right so that it's non-trivial or near impossible to crack into a protected document. Many applications have, over the years, gotten this very wrong. Before you rely on this, make sure to check out the security reputation of any applications you're using.

    For your scenario if you're just looking to protect yourself from casual passers by, and the applications you're using support this, then it may well be the most pragmatic solution, especially since no additional software is required.

  • Single File Encryption. With this approach you might use a tool like 7-Zip or Axcrypt to compress and password protect individual files.

    The problem with this scenario is that it's a cumbersome process to maintain your documents, and easy to leave an unprotected copy lying around. To edit the document you would:

    • Decrypt compressed file.
    • Edit your decrypted file.
    • Re-encrypt the file.
    • Remember to delete the decrypted copy. (Securely, if that matters.)

    Those last two steps are trivially easy to forget any time you walk away from your computer.

  • Create an encrypted volume. Longtime readers know I'm a big fan of TrueCrypt. In fact, as I type, this the document is stored on an encrypted volume on my laptop as I'm away from home. If my laptop's stolen, it and anything else I've placed on the volume remain safe.

    With an encrypted volume, you create a "fake" or pseudo disk volume that appears as another drive letter on your machine. Write documents to that disk and it automatically encrypts them, and reading them automatically decrypts them. It's totally transparent to every application you might want to have access the file.

    Usage is simple: to gain access to the contents of the volume, you "mount" it at which time you provide the password (or more preferably, a longer pass phrase), at which point the entire volume contents are available. When you're done, you close all files on the volume and dismount it. Everything on it is completely inaccessible until the next time you mount it.

    When stepping away from your computer you would simple make sure documents are closed, and dismount the volume. Alternately, one nice feature that might also work for you is that volumes can be auto-dismounted after some period of inactivity.

Honestly, I'm still of the mind that walking away from your logged in computer is a bad idea if there's any concern about protecting the data thereon. Logging out, or at least having a screen saver kick in that requires a password on your return is perhaps the best approach.

However, if you insist, perhaps some of the alternate ideas above can work for you.

Article C3765 - June 18, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
Some guy
June 18, 2009 10:21 AM

What about simply locking the computer when you're away from it? That password protects everything, no?

Yes and no. That's pretty similar to logging out, or using a password protected screensaver as I mentioned in the aritcle. The problem is that if it's not physically secure it's not secure. Anyone could come along with a boot CD, for example, and reboot into a different operating system that allowed unrestricted access to everything on the machine. Everything that wasn't encrypted, that is.
- Leo
19-Jun-2009

Jeff
June 18, 2009 11:15 AM

I agree about just locking the desktop (or screensaver pw as Leo suggests) It's really not that bad if you are concerned about privacy. I work at a bank and our workstations must be locked every time we leave our desk, and automatically after 15 min of inactivity. I must unlock my computer 20-30 times each day...not really a big deal after you get used to it.

Indeed. It's even worse at the doctor's office where (in the U.S.) HIPAA imposes some stringent privacy rules. The inactivity timeout is very short, and everything must be locked when not used. It's really not that big a deal, it's just a habit that needs to be developed.
- Leo
19-Jun-2009

Mat
June 20, 2009 12:03 AM

I'd agree with the approaches above. I use a Truecrypt volume to store my sensitive personal stuff, and I've got into the habit of locking my computer (pretty much) whenever I move away from it. OK, you're not protected against hard-core techies, but I'm not particularly at risk from them. And there's not a great deal one can do against hard-core techies, unless you're a hard-core techie yourself, which I'm not. So problem solved...

Will
June 21, 2009 7:41 PM

Install programs on a mounted truecrypt volume, then dismount when you are away from the PC.

Josh Medrano
June 23, 2009 8:21 AM

How bout ZIPping it to a folder and password it? Does that work on Vista?

JH
June 23, 2009 8:30 AM

Even at home, I have got into the habit of locking my computer, even if I only go to get a drink, and even though I have nothing confidential and the only people there are my family. Its just so simple: press windows logo+L and bang, the computer is locked.

Carl R. Goodwin
June 23, 2009 8:35 AM

It has always amazed me that Microsoft has never included a feature like this in any of its versions of Windows. Imagine them actually putting something in that people WANT??? Go figure...

sirpaul1
June 23, 2009 8:37 AM

To expand on Josh's reply:

Right click on the folder and chose Send to > Compressed (zip) folder.
Open the new folder and choose File > Add a Password.
Choose a password and you're set.

That's how you do it on XP!

sirpaul1
June 23, 2009 9:08 AM

Then I ran into this:

http://download.cnet.com/Folder-Lock/3000-2092_4-10063343.html

if you have admin. rights

some gal
June 23, 2009 12:55 PM

This was so informative. I asked Leo a similar question a couple of weeks ago, and I was glad to see it addressed. I did what JH advised. I didn't know you could do that!

some gal
June 23, 2009 1:39 PM

Everyone, thanks! I now have a password for the computer and have everyone lock it the way JH suggested. It may seem like basic information to everyone else, but I was amazed that I could do tha! It had weighing on my mind on how to limit access to the computer since it is out in the open and people are coming and going frequently.

Samuel
June 23, 2009 4:22 PM

This will be a little out of place for such an overtly Windows website but on Apple computers there is a "Guest Account" option. If I want to leave everything open and running but don't want anyone to access any of it all I have to do is click on the Guest Account. A new desktop, just like the regular one, rotates into view. The "Guest" can access only the files I've granted rights to. This way "guests" are unaware that they are not accessing 'my' computer. To get back all I have to do is click on my "account". The regular desktop rotates back into view and everything is open and ready for me to get back to work.

David
June 23, 2009 5:25 PM

Just reading the question though - password protecting shortcuts on the desktop - Leo's initial suggestion, literally having a password on the screensaver is doing EXACTLY what is being asked of. Nothing more, nothing less.

Everything else is good but too cumbersome >

Cadaryn
September 15, 2012 12:09 PM

Hi Leo, With Reference to the Initial Query as regards Password Protecting a Desktop Shortcut, I use Windows 7 Pro 32 bit and recently began using a VPN (Virtual Private Network) Service however had nothing but problems with the Required Software Client and Service and in attempts to remedy this it was decided to set up a Video Conference/Remote Access Session using TeamViewer Software that I have Installed and is Free for Personal Use and to which I reluctantly Agreed. I didn't and still don't particularly trust these people however felt I had no choice but to allow them to configure my System, being that they would not provide info as to how to do this myself. I Configured the TeamViewer Conference Software to Protect Myself and only provided one time Access Credentials. I also installed a Free Hide and Password Protect Folder Program and Hid The Entire Users Folder, Documents Folders and Such However I have the Mandatory User Shortcut on my Desktop as is Set up by Windows and also in the likes of the Start Menu. For my own Convenience I would like to Retain These but hide them for these instances, hopefully Password Protecting them as mentioned above and I'm sure there probably is a Paid Application that would accomplish this however due to having spent a lot of money on other Software/Services, I'd like to do this Free of Charge if Possible. Sadly the Program I'm Using to Hide Folders whilst effectively Hiding and Password Protecting Them, still leaves these links/Shortcuts in place and when clicked, they back door to the Hidden Folders though these do not show up in File Managers and Such. I really would appreciate your help with this as I'm currently tied in to a Contract with the VPN Provider for another four Months and anticipate the necessity to authorize one of these sessions again. Thank you for your help.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.