February 3, 2017 at 09:01 #5388
This is on a Win 10 system running AxCrypt 2.1.1489.0
The encryption process is working fine on regular files but I have hit a file that gives an “Access to the path denied” exception error. I am the only user on my PC and have ‘administrator’ rights. I’ve run “task manager” and can see that Axcrypt.exe is running under my user. I have also checked the ownership of the file and it is owned by “administrators”.
Can you suggest what else to look for to fix this problem. Thanks.February 3, 2017 at 11:07 #5389
It sounds like you’re trying to encrypt a system file or one which is read only. Have you checked the file/folder attributes?
Have you also considered that the file may be in use? Try Task Manager to establish if this is the case and either terminate the task there or restart your computer. Obviously this depends upon the type of file.February 3, 2017 at 19:50 #5392
Can you include a screen shot? It’s hard to tell without getting some more context.February 3, 2017 at 21:40 #5394
Hi Svante and Rick,
Thanks for your suggestions. Rick – I checked Task Mgr and don’t see another program that is using the file.
To try and simply trouble shooting, I copied the file to my C:\ root and tried to encrypt it there with AxCrypt but it still shows the error. I then right-clicked File Properties – Security and set the 4 Group/Users to have all authority and tried it again… same error. I can open the file with NOTEPAD for edit with no problem, but AxCrypt hits the error. I’ve attached a screen shot of the error and of the advanced permissions on the file security. Thanks for your help.February 3, 2017 at 21:59 #5395
Looking at your screenshot it seems that ‘Allow – Users (DESKTOP-3NGIMR2\Users)’ is set to ‘Read & Execute’ for your ‘testfile.txt’. Try changing it to ‘Full Control’. If that doesn’t work then also set the setting for ‘Authenticated Users’ to ‘Full Control’.
I suspect the reason you’re having difficulties at root (C:\) is because of the Windows permissions system denying AxCrypt access. It really shouldn’t be an issue because the file owner is an ‘Administrator’ although Windows does have a hidden ‘Administrator’ account in addition to visible user accounts.
If the file was on your Desktop or in your Documents folder the problem shouldn’t occur. Have you tried that?
Just for your information… it’s really bad security practice to use an account with admin permissions for daily use. It makes your system much more vulnerable to compromise.February 4, 2017 at 06:51 #5396
I added the additional permissions but it still failed. Tried moving the file into my Documents and you are right… it works there.
The normal location for this file that I am trying to secure is in a sub folder in the C:\Program Files (x86) folder. It is a file in an application folder within Program Files (x86). That’s whats making it tough.
You’re right that it must be a higher level of Windows security that is stopping AxCript from accessing it. Any thoughts as to where to go next?
Thanks also for the suggestion re not using an “admin” account for daily use. I’m going to change it.February 4, 2017 at 12:57 #5399
There are a couple of more things that you could try, but because you’ve mentioned that you can encrypt files in your Documents folder I think I know what’s going on.
It’s likely that, before you came on here asking for help, you inadvertently allocated the wrong user the relevant privileges (yes, it’s possible even on a single-user system).
To save me reinventing the wheel try following these excellent instructions for ‘testfile.txt’.
If that works, great! If not, there’s one more thing that you could try… so if you’re still having difficulties post back on here and I’ll provide additional instructions.
As you’ll appreciate Windows permissions are made to protect the user. Most of the time there’s no reason for users to be tampering with files in their root directory so the operating system does its best to protect users from accidentally deleting/damaging critical files.February 4, 2017 at 13:00 #5400
Regarding your sub-folder within “C:\Program Files (x86)” you’ll need to follow the relevant instructions (being very careful to select yourself as the relevant user) and use the option “Replace owner of subcontainers and objects”. This will override Windows security and grant AxCrypt permission to encrypt the file/folder but it’s worth repeating: be extremely careful that you don’t encrypt critical system files.February 4, 2017 at 21:45 #5407
I’d really like to suggest that you don’t encrypt program executables in %ProgramFiles% . There’s a reason why you’re running into trouble, and that’s because Windows is trying to help you not make a mistake.
There should be no reasonable reason for you to encrypt anything there.February 5, 2017 at 00:24 #5408
Thanks for the information and feedback re protecting the files from corruption. I appreciate it. Here’s the reason I was wanting to encrypt a file in C\program files (x86).
I have an old application that I use to store my passwords and I use the security features of the application which is just a simple password within the app to see them. The application files are in a sequence of subfolders within the Program Files (x86) directory. I found which file holds my password info and just for fun tried to open it with Notepad… and the darned thing opened !! There they were, plain as day. So that is what I am trying to encrypt. My plan was to encrypt, then dencrypt when I need to use the app to see them. So I am not encrypting any Windows files, just this one application file which happens to be in the Program Files directory.
I also tried opening the file with Notepad using a “standard” (non-admin) user profile and they still opened, so they would be visible to anyone.
I haven’t tried your latest suggestions yet, just thought I’d let you know why I was trying to do this.February 5, 2017 at 00:45 #5409
I’m a little uncomfortable with making the security/permission changes as described in tenforums.com/tutorials link you sent me.
I’m thinking to get around my problem another way… move the file from C:\program files\… to Documents and Encrypt it. Then when needed… De-encrypt, move back and run the app. It’s an extra step but not a big deal. Maybe there’s a way to code a Bat file to do it. Do you know if one can code a dos run command to run AxCrypt and tell it the file name and Encrypt or De-encrypt?
Thanks for your suggestions and assistance.February 5, 2017 at 01:06 #5410
If I were you Gary, and if it’s not too much of an inconvenience, I would strongly recommend using a proper password manager instead of relying upon an “old application” which stores your password in a file that can be opened and viewed in Notepad
KeePass is excellent, free and open source. It can also import most data types (so you don’t need to manually re-enter everything) and it encrypts your data as well as providing auto-complete functionality.
Another, although much more basic, password manager is Password Safe originally by Bruce Schneier – it’s also free and open source.
As Svante has mentioned it’s never a good idea to tamper with Windows permissions.
Back to your original question the instructions on the ‘Ten Forums’ would probably achieve your goal; there’s really no other way of bypassing Windows’ protection – it’s there for a reason and users are strongly discouraged from interfering with it.
Onto your other question I don’t believe AxCrypt 2 supports command line operation yet which would preclude you from making a batch file. Realistically your two options are therefore:
February 5, 2017 at 01:25 #5411
- Move your encrypted data file out of a system critical area of the hard drive
- Migrate your data into a modern, more secure application.
There are a few more options:
February 5, 2017 at 05:33 #5412
- If you’ve got the installation software for the old program, try reinstalling it into your Documents folder
- Another option would be to try and move the Notepad file elsewhere and tell that program to look for it there (I’m assuming from your description you can’t?)
- Use full disk encryption – it won’t protect the file from multiple users
- Use Windows EFS – only available on Pro versions and not recommended
Hi Rick and Svante,
Those are great suggestions… thanks very much. I like the idea of moving to a more current password manager and think that is what I’ll pursue. I’m going to leave the permissions stuff as it is and not change things. I have implemented your recommendation to run the PC daily with a “non-admin” user profile… thanks for bringing it to my attention.
For now I think that clears up my original problem of “access denied” with your alternative suggestions. Thanks very much for your assistance.
GaryFebruary 5, 2017 at 15:51 #5413
Just for completeness sake – I would like to point out that AxCrypt Premium (not free, sorry) does include a properly encrypted online password manager that you can access from anywhere.