Ahh Win XP Pro, with NTFS, joy!
You really can't lock the whole drive but this is what you can do. (You could encrypt or lock the whole drive using 3rd party products but it is not recommended in NTFS as you are then tempting fate if you don't know exactly what all the outcomes are or if you totally screw it up which is extremely easy to do).
Method One is turning on File System Security so that only users have access to their own home folders and the global shared folder and other shared folders they create that do not inherit permissions from parent folders that are secured. File System Security settings are done in the User Accounts control panely and is documented in Windows Help. By Default it may already be enabled.
You can further customize this using NTFS file and group permissions. I can not explain this in this forum.. you need to read a book to learn this and practice it to be good at it.
When you use either of these methods a user that is trying to access user folders that are not associated to their account (Except Sharing folders) are denied access when permissions are set correctly.
Method Two is using folder level file encryption. This option only denys access to files in a folder in which the Encryption setting has been configured.
To enable File System Security all accounts must have a login password and auto-login must be turned off!
Administrators can override File System Security settings if they need to. As can users of non-WinNT based systems like Linux if they can boot your system using an external Hard drive or a CD or DVD disc.
What I quote here is referenced in Microsoft MCSE Exam 70-270 Training Kit for Microsoft Windows XP Professional by Microsoft Press. Chapter 14 Managing Data Storage Lesson 3 Increasing Security with EFS on pp 522 - 529 You may also find useful Chapter 8 Securing Resources with NTFS Permissions, Chapter 9 Administering Shared Folders, and Chapter 13 Configuing Security Settings and Internet Options.
Keep in mind this topic covers very advanced configuration and management of Windows XP Pro and Windows 2003 Server and also applies in Windows Vista Ultimate and Enterprise use at your own risk. Backup your data before doing this as you may not be able to undo it and I'm not going to walk you through fixing stuff like this once you start using it.
EFS is a public key encryption system for files that allows you to encrypt all files in a folder. It runs as an integrated system service and is easy manage, difficult to attack, and transparent to the file owner. If a user has a private key they can decrypt and access the file as if it were a normal file. A user without a private key to that file is denied access.
Users with roaming profiles can use the same key with trusted remote systems. Backups and copies of encrypted files are also encrypted if they are on NTFS volumes. Files remain encrypted if you rename them or move them. Paging files and temp files created during editing and left unencrypted do not defeat encryption. No Administrative effort is needed to begin using this and most operations are transparent.
You can set policies to recover EFS-encrypted data when necessary. The recovery policy is integrated with overall Win XP Pro security policy. Control of this policy can be delegated to individuals with recovery authority, and different recovery policies can be configured for different parts of your enterprise, company, or organizational entities. Data recovery only discoloses the recovered data not the key used to encrypt it originally. Several protections ensure that data recovery is possible and that no data is lost in the case of total system failure.
The command line comand named Cipher which provides the ability to encrypt and decrypt commands from the a command prompt in Win XP Pro and later. There is also a command line recovery agent in the event the owner of the file looses the private key.
NOTE: To set Group Policy for the domain or for an OU, your computer MUST be part of a MS Windows 2000 Domain!!
You can use EFS to encrypt and decrypt files on remote file servers but not to encrypt data that is transferred over the network, Network protocols such as SSL authentication are provided with WinXP Pro for this purpose.
The recommended method to encrypt files is to create an NTFS folder and then encrypt the folder. To do this, go to the Properties dialog box for the folder, click the General tab. click Advanced, and then select the Encrypt Contents to Secure Data check box. All files placed in the folder are encrypted and the folder is now marked for encryption. Folders that are marked for encryption are not actually encrypted; only the files iwthin the folder are encrypted. Hence the files within can be viewed in a directory listing but are not accessible without the private key.
Compressed folders (aka Zip file folders) cannot be encrypted via EFS and Encrypted files cannot be Compressed (at all) via EFS (or supposedly by any other compression scheme without corrupting the file itself).
The keys are fast symmetric keys designed for bulk encryption. Files are encrypted in blocks with a different key for each block. All of the keys are stored and encrypted in the Data Decryption field (DDF) and the Data Recovery field (DRF) in the file header.
By default the encryption used by EFS is 56-bit. For additional encryption North American users can obtain 128-bit encryption by ordering an enhanced CryptoPAK from Microsoft. Files encrypted by the CryptoPAK cannot be decrypted, accessed, or recovered on a system that supports only the 56-bit encryption.
NOTE: if you need drive-level encryption or better/more secure encryption or something that the US Government can't normally break without a some degree of work I highly suggest using a non-RSA/DES open source 3rd party solution instead of EFS.
You use a file that is encrypted just like you would any other, the encryption is transparent. With ONE EXCEPTION.. Encrypted files cannot be shared!
If an Administrator of the system or domain removes the password on a user account. The user account will loose ALL EFS Encrypted files, Personal Certificates, and stored passwords for web sites or other network resources. Each user should make a password reset disk to avoid this situation.
Decrypting.. Clear the checkbox.
You can disable EFS for a domain, OU, or computer system by applying an empty Encypted Data Recovery Agent policy setting.
If you want to have full comprehension of these topics I suggest getting the book and reading it or taking your time in the MS Knowledge Base website to read all the appropriate articles.
Enjoy!