Network security help
I know this is a Sportbike forum, but I also know that alot of the member here are pretty computer savi so I figured I give it a shot here to.
Here's whats going on. My dad called me earlier today and said that someone in his works IT department remotely logged into his computer and acessed his personal files. Who ever did this wasn't to bright, my dad is completly computer illiterate, but was able to tell what happened because he checked the user log in's and saw that his computer was accessed as well as what files were viewed. He asked me to come up and secure his files so that this couldn't happen again. I'm trying to think of possible ways to do this. I don't think he has full administrative rights, but he can install programs and such. His boss agrees fully that this needs to be adressed, so I can get administrative rights if necessary but I would prefer to bypass the IT department since thats where the problem seems to lie.
These are my thoughts so far, first would be to create a folder that is only accesible by a particular user, that being my dad. But from my knowledge of Windows Server 2003 an administrator can take ownership of folders fairly easily. If their is a way to make this method work and prevent unauthorized viewing of the data, this would be my prefered route.
My second thought was to move the data to a thumb drive, but I fear my father would forget to remove it and we would be back to square one. If thier is a way to make a restricted partition on the HD or secure the thumb drive, I would be interested in this route. It's simple and seems fairly secure. I'm not worried about loss of the acutual thumb drive or theft of it since his office is behind lock and key, and the IT department does not have access.
My third thought was to encrypt all the files with a 256bit or larger encryption system. This seems like the most secure way to do it, the only problem would be if he forgets his password or someone places a key logger onto his PC. But then again, if the person was dumb enough not to delete their log in from the reccord, I don't think this will be an issue.
Those are my only thoughts thus far. His work is trying to do this without making a big deal out of it, or paying for it, so naturally they went for a semi-computer savi son of a worker lol. I know their is no way to make this 100% secure, because as long as their is a desire, someone can get it, it just comes down to how much they want to. I'm looking to make it very very inconvientent for whom ever is causing this problem. Any suggestions or ideas would be appreciated greatly.