Prevent admin users from reading my files [duplicate]

My surface tablet is shared with a friend. She uses a separate account, with admin rights.

Being an admin, she is able to gain access to all my files. Even my OneDrive files.

I guess I could follow these steps to prevent this (it basically states that you'll need to disable access for the targeted administrator), but the same scenario would be present if I were to create another administrator account.

You could say "don't make her administrator", but I don't want to mess with her personal files as well.

Somehow this feels as a security flaw... or am I mistaken?

Is there any way to protect private files from "administrator eyes" by default?


Solution 1:

Administrators are just that, they administer the computer, above regular users.

The correct way would be to make the two "Limited" users - One for you, one for her. Create a third Administrative user that is used just for installing programs and doing system wide changes. You can even configure Windows 8 Pro to allow regular users to install Windows Updates! The MS Store can be accessed with regular users.

Why did she get Administrator access? That's where the flaw is, not with Windows. Just because you don't want this to be the answer (not having her be Admin) doesn't mean it's not the correct answer.

Solution 2:

If you encrypt the file or files that you don't want anyone else to access, then those files can only be opened from your account. Admins would only be able to see metadata about the files, like the filename, created, modified dates, etc. You want to be VERY careful that you don't lose your username/password combination or you'll never be able to open the file again.

Make sure you're logged in under your account and right click on the file or files and click "Properties", then click the "Advanced" button and check "Encrypt contents to secure data." Then click Apply/OK. The encrypted files will usually change color to green, that's normal.

If you encrypt a folder then any new files you create in that folder will also be encrypted.

You should keep an un-encrypted backup of all your files in a separate location just in case.

Solution 3:

Your device uses NTFS - The Encrypting File System (EFS) is a component of NTFS and may allow you to encrypt your files. It's not something I've looked into much or even played with, but you may want to read about it.

Otherwise users should NOT have admin access - if she gets infected with an encrypting virus, she could easily infect your files and key systems files with admin rights. Removing her rights should not remove her ability to access files she needs unless she's done something really silly.