There are a number of packages on the market that allow you to encrypt all or part of your hard disk's contents (not least PassHolder Pro - http://www.techworld.com/reviews/index.cfm?fuseaction=displayreview&productid=79&reviewid=81).
SafeGuard PrivateDisk provides this functionality in either a standalone mode or via integration with a USB "eToken" from Aladdin Systems; supported platforms are Windows 2000, XP and NT 4.0.
PrivateDisk doesnt encrypt individual files, but instead creates "virtual" disks onto which you can drop files that you want to protect. These are physically represented as files on existing disk volumes, but Windows sees them just like normal removable devices. Incidentally, the protected volumes can themselves live on removable media Jaz or Zip disks, for instance, or even floppies if you're that way inclined.
Setting up a protected area is simply a case of telling the application where you want to put the storage file and how big you want it to be. You can also give it a name, allocate a drive letter (or leave Windows to pick one at mount time), make it read-only, and select when to mount it (for a protected volume on a Zip disk, for instance, you can tell the system to mount the protected volume whenever the Zip disk is inserted).
The authentication options, as we've hinted, are twofold. If you have the basic PrivateDisk package, protection is via a password (in fact, you can define an Administrator password and a User password, and optionally give the latter read-only access to a volume). The system can, however, also work with digital certificates and their associated public/private key combinations in which case you can use an Aladdin eToken (or, for that matter, a SmartCard) as the certificate carrier.
The eToken is the usual little USB widget. You install the associated driver and support software and then insert the token, at which point it's recognised and is available for PrivateDisk to use. (Our token came pre-installed with a certificate; for a new token you simply go through the eToken setup application to provide your own certificate details). Once the eToken contains the right information, you simply point PrivateDisk's "Certificates" section at the eToken's contents and it imports the appropriate details; if you're using a token, you'd probably also select the "Mount when smartcard is inserted" item in the startup options for your protected volume(s).
PrivateDisk is available in Personal and Enterprise editions. The two are largely the same, with the exception that the Enterprise edition provides (a) the ability to define the settings via Active Directory group policies; and (b) the ability to define a "recovery" certificate that can be used in emergencies to rescue dead volumes. Alongside the volume protection capabilities, incidentally, there's a tickbox that you can check to have the paging file blanked out when the system shuts down the theory being that unencrypted versions of protected files (or at least bits of them) may otherwise be left lying around on the machine's hard disk in the paging file.
PrivateDisk is simple to use and provides a useful file protection function. It's very German (usable but uncomplicated) which to us is always a plus point. The documentation suffers slightly from the German-to-English translation, but it makes sense despite the typos so we won't labour the point.
As more and more token-based systems appear on the market, it seems clear to us that we need some kind of authentication storage standards to emerge. If volume protection is the only use you have for a token-based system, this one is well worth considering; if you're thinking of doing more with your tokens, though, you'd probably tend toward the PassHolder Pro (see the review for a link) which stores not only certificates but also other stuff like Web site authentication details.