Default user file permissions

E

Eric Schultz

Good evening...

I've taken the recommended step of NOT using the "Administrator" account
to log in to my Windows XP Pro laptop. Instead I created an account for
myself in the Users group for normal, day-to-day use. But when I look at
the
security settings of a file or directory for the Users group it seems
excessive. Indeed when comparing the privileges on my computer with those
of a co-worker's (whose machine was only recently installed) that has only
Read & Execute, Read, and List (on directories) I also have "Special
Permissions" which seem to equate with writing files.

(Note that I am looking at directories and files in the Program Files
hierarchy)

So what should the default Users group permission be on files; and how do
I reset mine to the original settings? And even, what caused the
additional security to be granted?

--
Headed for the second star to the right and straight on 'til morning...

Eric Schultz
(aka Storkman)

http://community.webshots.com/user/storky1

Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
 
R

Roger Abell

Hi Eric,

NTFS permissions are left intact during an upgrade from
a prior Windows version that was using NTFS.
This is done to avoid possibly breaking applications installed
in the system being upgraded, since pre-XP systems allowed
looser, more permissive behaviors for Users group members.

With Pro, if you want to set the system to install defaults, you
may want to review this
Restore XP to installation Security Defaults
for Pro see: http://support.microsoft.com/?id=313222

Be aware that some areas may need adjustment following use of
this in order to adjust settings for areas that would not normally
exist during an installation (account profiles, program areas), so
some spot checking afterwards may be in order.

As you are following good practices regarding account usage
and NTFS oversight, allow me to point out to you a very handy
aspect of the RunAs command. As you likely know, this command
is quite helpful for dealing with pesky programs that insist on use
of elevated privileges. In Pro (only) the RunAs command has a
/savecred switch. If one create a shortcut and on the run command
for the shortcut modifies the existing_command to be instead
runas /profile /savecred /user:acct_of_choice "existing_command"
then the first time this shortcut is used there is a prompt for the
password but thereafter there is not, at least not until the password
is changed on account_of_choice
 
E

Eric Schultz

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Effective permissions suddenly admin for limited users 2
Default file/folder security permissions for a new user 3
file/folder access permissions 2
Admin can't change file permissions. 1
Realation between Guests and Users groups 5
Possible bug in XP security permissions propagation 1
Limited User Account and Folder Permissions Question 2
Where to find (or reset) default file ownwership/permissions? 2

Top