Data on the file system in mobile internetworked working environments are exposed data to a number of threats ranging from physical theft of storage devices to industrial espionage and intelligence activities. This paper describes a fully transparent, capability-based file system security mechanism for use in heterogeneous computing environments with emphasis on the implementation on the Microsoft Windows NT/XP family of operating systems. This mechanism can provide confidentiality and integrity protection for on- and off-line use through modular cryptographic means and is interoperable between several operating system platforms.