Non-Admin User Can Delete Files in Shared Document

[Guest]

I am using Windows XP Home SP2 and realised my non-admin users can delete
folders/files I moved to "shared documents" under "my computer". How do I
prevent this? According to the MS support web site, be default, folders/files
moved to "shared documents" have level 3 security, only read access for
non-admin users.

Would appreciate any help and advise.

 

[Colin Nash [MVP]]

I am using Windows XP Home SP2 and realised my non-admin users can delete
folders/files I moved to "shared documents" under "my computer". How do I
prevent this? According to the MS support web site, be default,
folders/files
moved to "shared documents" have level 3 security, only read access for
non-admin users.

Would appreciate any help and advise.

If you *move* a file, it will keep it's existing security settings. So if
you grab something from one user's own documents folder, and move it to the
shared folder, they will still have access. The easiest way to get around
this is to *copy* the file and delete the original.

Of course, there is absolutely no filesystem security unless your volumes
are formatted with NTFS (as opposed to FAT32.) You can determine what
filesystem the volume uses by right-clicking the drive letter in Explorer/My
Computer and choosing Properties.

If you are using FAT32 and want to convert, see...

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/convertfat.mspx

 

[Guest]

Hi Colin, thanks for the quick response. I am on NTFS. I tried what you
suggested. Didn't work either.

After trying on different settings as suggested by the Help (it sucks btw),
I ended up setting a Network and turn on the File and Printer Sharing
services at the end of the Network Setup Wizard. But the trouble with this
setting is I have to leave my router/Hub switched on in order for the folders
I shared visibile to other users on my computer. Am I missing something here?

BTW, I just want to share files with my 5 years old son who is setup as a
Limited user on the same PC. I only want him to have the read access to the
shared folders.

I never expect it is to be so diffcult to get this right. Do i need to turn
on any special services?

Any help and advise is appreciated. I have tried hours to get this right but
still no avail. I hate to leave my router on when we are not surfing the net.

 

[Malke]

Hi Colin, thanks for the quick response. I am on NTFS. I tried what
you suggested. Didn't work either.

After trying on different settings as suggested by the Help (it sucks
btw), I ended up setting a Network and turn on the File and Printer
Sharing services at the end of the Network Setup Wizard. But the
trouble with this setting is I have to leave my router/Hub switched on
in order for the folders I shared visibile to other users on my
computer. Am I missing something here?

BTW, I just want to share files with my 5 years old son who is setup
as a Limited user on the same PC. I only want him to have the read
access to the shared folders.

I never expect it is to be so diffcult to get this right. Do i need to
turn on any special services?

Any help and advise is appreciated. I have tried hours to get this
right but still no avail. I hate to leave my router on when we are not
surfing the net.

You've set something up incorrectly as far as needing to have the router
(much different from a hub) on in order to have files shared on the
same computer. Try using System Restore and put your computer back to
where it was before you messed with it.

The whole point of the Shared Files folder is that the files are just
that - shared. I find it hard to imagine what files a 5-year old child
could possibly need, but the workaround would be to simply only put
things in that folder that he could delete. Or teach him not to delete
stuff. If he's old enough to use the computer, he's old enough to learn
the word, "No".

Or if you are using XP Pro, limit what folders your child can see from
his account. If you only have Home, then look at Doug Knox's XP
Security Console from the XP Utilities section here:

http://www.dougknox.com

Malke

 

[Guest]

You obviously not a father yet otherwise you would understand why there is a
need to restrict the access to read only for a 5 years old boy.

Fot the benefit of other readers, I would like to share my expereince.

After reading other threads in this forum I realise I am not alone with this
challenge and I conclude that you simply can not set the files/folders
permission in a Widnows XP Home, period. Fortunatley, in the same forum I
found the workaround. You can set the files/folders permission in Windows XP
Home Safe mode. I did that last night and it works.

BTW, I did not run the System Restore before I did the above otherwise I
would really have messed up the systems. Thanks and no thanks to your "advise"

 

[Malke]

You obviously not a father yet otherwise you would understand why
there is a need to restrict the access to read only for a 5 years old
boy.

Fot the benefit of other readers, I would like to share my expereince.

After reading other threads in this forum I realise I am not alone
with this challenge and I conclude that you simply can not set the
files/folders permission in a Widnows XP Home, period. Fortunatley, in
the same forum I found the workaround. You can set the files/folders
permission in Windows XP Home Safe mode. I did that last night and it
works.

BTW, I did not run the System Restore before I did the above otherwise
I would really have messed up the systems. Thanks and no thanks to
your "advise"

Actually, I'm a mother and I stand behind what I originally said which
you misinterpreted: I can't imagine what files a 5-year old child would
be reading and/or having the opportunity to delete on a shared
computer. A 5-year old child should not be on a computer unsupervised.
In case you didn't understand what I meant, here it is again:

If he's old enough to use the computer, he's old enough to learn
the word, "No". If you let a 5-year old child delete files on a shared
computer, then you deserve what you get.

Malke

 

[Leythos]

Actually, I'm a mother and I stand behind what I originally said which
you misinterpreted: I can't imagine what files a 5-year old child would
be reading and/or having the opportunity to delete on a shared
computer. A 5-year old child should not be on a computer unsupervised.
In case you didn't understand what I meant, here it is again:

If he's old enough to use the computer, he's old enough to learn
the word, "No". If you let a 5-year old child delete files on a shared
computer, then you deserve what you get.

Many people don't have two computers or know enough to setup permissions
or even use NTFS.

If the person in question had know to use NTFS, create an account for
the adults and one for the kids, then used NTFS security permissions to
protect the shared folders they store their documents in, as long as the
kids were just "users" they would not be able to delete any secured
files/folders.

As a father of three kids that started using computers at age 3, it was
simple for me to setup areas where they could interact with the system
(s) and still secure my data - but being a network admin I already knew
how to secure it. Most home users don't have a clue about NTFS or
security settings.

Rather than preach to them about monitoring kids, which could still lead
to deleted files, how about explaining to them the merits of file/folder
security.