device encryption

[cvc988]

I have device encryption turned on. If another user is signed into my device (guest or otherwise), is there any way for them to access files in my user profile?

 

[graye]

Are you talking about BitLocker as the "device encryption"? If so, that is designed to protect the contents of the hard drive "outside of" an authorized connection (such as you pull the hard drive and try to recover its contents from another PC, or booted from an alternate boot device). BitLocker provides no protection to authorized users who have been authenticated on the PC (such as a second user account).

But, having said that.... The files in your profile are protected by the permissions on the files. This would prevent a non-administrator account from seeing your files. On the other hand, if the "other account" was an administrator, then they could alter the permissions and see your files.

I can't tell from you question if you want to grant them access.... or are you trying to prevent access

 

[cvc988]

So here is some more detail. I have a "guest" account enabled on my device. Say I lose the device, someone signs in as guest, what is at risk?

 

[jollywombat]

If it is a guest account, then no, they cannot see the files, they are limited to their profile.

 

[graye]

So here is some more detail. I have a "guest" account enabled on my device. Say I lose the device, someone signs in as guest, what is at risk?

Got it... Yes, you'd be OK. The guest account would not be allowed to see the files, and BitLocker would prevent a thief from gaining Admin access via boot tools.

If you wanted to go one step further, you could also use file encryption on those files of concern. I wouldn't recommend using (Encrypted File System) EFS on all of the files in the profile... just the ones of concern (perhaps put them in a separate folder?).