When a user is an administrator, there's no way to prevent that person from
being able to access anything on a computer that the administrator wants to.
Even if you use permissions to block access, the administrator can override
the permissions, either directly or by taking ownership of the protected
item. You can set up auditing to detect when this has happened (or at least
to see when the user flushed the audit log), but there's no way to prevent
this from happening in advance. That's by design and makes sense, after all:
If something were to happen to a user who owned an important protected
resource, you'd want the administrator to be able to regain access to that
resource.
What are the "other things" you want this user to be able to do?
--
Jim Groves
Microsoft Corp.
Windows Server UA Writer
[ This posting is provided "AS IS" with no warranties, and
confers no rights. ]
"sahib" <(E-Mail Removed)> wrote in message
news:A508E93A-F99E-4CC7-B7E1-(E-Mail Removed)...
> hi,
> i'm a newbie at this, so thanks in advance. i'm logged in as the
> administrator on a single computer, no network. i have one employee who
> right now has a password as a limited account. i want to make his account
> an
> administrator also so he can do some other things, but i don't want him to
> be
> able to see my files in "my documents" or my e-mail in outlook, and vice
> versa. if i make him an administrator, will he be able to see files i've
> saved, documents i've written and e-mail i've gotten? the computer is a
> dell
> with microsoft windows xp pro.
> --
> thx
|
Similar Threads
