I have a folder on my computer that contains PDFs in a number of different various subfolders. I have Adobe Acrobat.

Is there a way I can protect the main folder, and all its PDFs within, without having to separately protect each one? I tried right clicking on the main folder and there was an area for permissions but I wasn't sure about it.

I could encrypt part of my hard drive and locate the folder in there but wasn't sure if there was another way to put some type of protection on the folde itself.

Protect from whom? Other users logged in to the same computer? Or someone who steals your hard drive? Windows does have some file and folder-level permission settings that would affect other users, but I've never really used them as I don't typically share my computer. You do have to manage the copying of permissions down the file tree, another hassle.

As a variation on "encrypt part of your hard drive", you can actually make just the folder itself the encrypted thing. Using MS Windows Bitlocker, you can create a file, size of your choosing, and then mount that file (encrypted volume) at the folder (mountpoint). This allows you to take just that one folder offline at any time and bring it back at will (with the password, of course). Very handy if you travel with a notebook computer and don't want to risk confidential files while still using your computer for everyday personal tasks.

I'll take a you at Bitlocker. Thanks makbo.

Why not utilize user access controls including timed lockouts, and encrypt your entire hard drive (EVERY hard drive should be encrypted)? Keep the unlock keys somewhere safe but accessible by you in case your TPM fails or there is an issue with whatever you use to encrypt (presumably, BitLocker).

encrypt your entire hard drive (EVERY hard drive should be encrypted)?

FWIW, my suggestion is independent of whether or not your hard drive is encrypted. On my home office desktop computer, the hard drive is not encrypted, while on my notebook computer, it is. However, in both cases, I have a folder (and subfolders) containing all my client tax data files which is separately encrypted, and can be mounted/dismounted with a few clicks, and the password, of course.

You confused me, initially, with your wording. You referred to folder but it is a volume created on the HDD/SSD, which you then choose to lock/unlock with a password via BitLocker instead of relying on a TPM to unlock. BitLocker works at drive/volume level.

TPM is more secure. Passwords can still be detected if a keystroke logger is installed. When I was in private accounting and also managed all IT, we had keystroke loggers on all PCs except mine and the owners'. It was invisible even to admin users since it had to be installed/uninstalled from a portal. Unreal what people thought they could get away with. Sometimes the keystroke logger was used to prove nothing more than the employee is not being as careful as they think they are.

You confused me, initially, with your wording. You referred to folder but it is a volume created on the HDD/SSD, which you then choose to lock/unlock with a password via BitLocker instead of relying on a TPM to unlock. BitLocker works at drive/volume level.

What I'm saying is that the Bitlocker-encrypted volume can be mounted as a folder on an existing drive, for example C:, it does not have to be accessed under a separate drive letter. So it is extremely easy to retrofit to an existing installation such as the one posted in the OP. From the user's point of view, it is identical to a folder which can be opened or locked with a few clicks (Disk Management -> Action -> Attach VHD).

What is TPM?

What is TPM?

Trusted Platform Module chip, it is used to store encryption keys not accessible by any software and has other security uses. All DoD computers and devices utilize them. Typically installs on the motherboard of a PC and controls locking/unlocking encrypted drives, for example. Remove a drive, it automatically requires encryption key and password to unlock even when reinstalled to same computer with same TPM. This is an oversimplification, but TPM 2.0 chips are what I use on all of my computers.

You can also create USB thumb drives that act in a similar manner...computer and drives remain inaccessible unless USB is plugged in to authenticate.

Now I vaguely remember reading about TPM chips when I purchase my Lenovo notebook computer. You have to go into the BIOS setup to turn on or off, yes? I don't think my notebook has a TPM chip, and I'm pretty sure my older desktop computer doesn't.

re: keyloggers. What did you find the employees doing? Surfing the web for personal purposes on company time? Would an on-screen keyboard evade the keylogger? (IOW, never type on the physical keyboard, only use mouse/touchpad clicks).

re: keyloggers. What did you find the employees doing? Surfing the web for personal purposes on company time? Would an on-screen keyboard evade the keylogger? (IOW, never type on the physical keyboard, only use mouse/touchpad clicks).

Yes, TPMs are enabled in BIOS. This is a reason it is wise to password protect your BIOS.

As to what I found, employees claiming they were not using someone else's credentials (although that was also available through other means), sending inappropriate messages to other employees (at one time, we had a messaging system that did not retain a log--I quickly changed that after this issue, and then they just used the messaging platform less and had nasty conversations verbally where it could not be heard), planning a wedding when they claimed they were working (yet behind on their work), etc. So glad be out of that hell.

Some degree of protection against keystroke loggers can be provided by touchscreen keyboards. Some can track mouse movement and clicks and even record screen, so it really depends on the software installed. The software I used included not only keystroke logger but screenshots/recordings, live viewing of monitors, website tracking with screenshots, etc., so none of the standard bypasses worked.