Administrator Security

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

For the first time ever for me, I have a client computer
that needs to have ALL of its Administrator privileges
protected against the downloads and installs at the
whim of the unqualified.

The system is so corrupted with such installs, that I
doubt there's a faster way to health than to format
and re-install XP Pro plus the required applications.
I don't mind doing that as long as I can then
subsequently fortify.


So, to my limited knowledge, all that would be
required is to create a password protected administrator
ID and a non-administrator ID for the general user of
the machine. Correct?

The system has two physical hds where the 2nd hd is
used to store some bulk data. What would be ideal, in
my view, would be to partition the primary hd into two
partitions with the 1st of the two being c: that would
be ADMINISTRATOR ONLY write accessible.
Since Documents and Settings resides on the c: drive,
I don't see how that would be possible. Any thoughts
on that please?

Bill
 
Hi,

If severely infested, then yes formatting and creating a clean install will
be faster, though not always desirable.

Yes, creating a passworded administrator account and a non-admin for general
use is the way to prevent repeat occurences.

No, you can't set C: for admin-only, all user accounts will still need read,
write, and execute permissions on system files for normal operation.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Windows help - www.rickrogers.org
 
Bill said:
For the first time ever for me, I have a client computer
that needs to have ALL of its Administrator privileges
protected against the downloads and installs at the
whim of the unqualified.

The system is so corrupted with such installs, that I
doubt there's a faster way to health than to format
and re-install XP Pro plus the required applications.
I don't mind doing that as long as I can then
subsequently fortify.


So, to my limited knowledge, all that would be
required is to create a password protected administrator
ID and a non-administrator ID for the general user of
the machine. Correct?

The system has two physical hds where the 2nd hd is
used to store some bulk data. What would be ideal, in
my view, would be to partition the primary hd into two
partitions with the 1st of the two being c: that would
be ADMINISTRATOR ONLY write accessible.
Since Documents and Settings resides on the c: drive,
I don't see how that would be possible. Any thoughts
on that please?
Click to expand...

You can restrict permissions and privileges of non-administrator
accounts in XP. How you do it depends on whether you have XP Pro or XP
Home and you didn't say. For Pro, you can use Group Policies.
Start>Run>gpedit.msc [enter]
For questions about using group policies, post here:
microsoft.public.windows.group_policy

XP Home doesn't have that ability but you can use either MVP Doug Knox's
Security Console or the MS Shared Computer Toolkit.

http://www.dougknox.com
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx

You may find using the Toolkit even on Pro easier than setting up Group
Policies depending on your skill level. For questions about the
Toolkit, post here:
microsoft.public.windows.sharedaccess

Malke
 
The system is in fact XP Pro. I shall study your
reference.
Thanks,
Bill



Malke said:
Bill said:
For the first time ever for me, I have a client computer
that needs to have ALL of its Administrator privileges
protected against the downloads and installs at the
whim of the unqualified.

The system is so corrupted with such installs, that I
doubt there's a faster way to health than to format
and re-install XP Pro plus the required applications.
I don't mind doing that as long as I can then
subsequently fortify.


So, to my limited knowledge, all that would be
required is to create a password protected administrator
ID and a non-administrator ID for the general user of
the machine. Correct?

The system has two physical hds where the 2nd hd is
used to store some bulk data. What would be ideal, in
my view, would be to partition the primary hd into two
partitions with the 1st of the two being c: that would
be ADMINISTRATOR ONLY write accessible.
Since Documents and Settings resides on the c: drive,
I don't see how that would be possible. Any thoughts
on that please?
Click to expand...

You can restrict permissions and privileges of non-administrator
accounts in XP. How you do it depends on whether you have XP Pro or XP
Home and you didn't say. For Pro, you can use Group Policies.
Start>Run>gpedit.msc [enter]
For questions about using group policies, post here:
microsoft.public.windows.group_policy

XP Home doesn't have that ability but you can use either MVP Doug Knox's
Security Console or the MS Shared Computer Toolkit.

http://www.dougknox.com
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx

You may find using the Toolkit even on Pro easier than setting up Group
Policies depending on your skill level. For questions about the
Toolkit, post here:
microsoft.public.windows.sharedaccess

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Click to expand...
 
Thanks Rick. I see the reference to group-policies in another
reply post, so I'll study that before proceeding further.
Bill
 
Back
Top