G
Guest
I've my Dell laptop running WinXP Pro (with all updates till 7/15/2004).
I'd only 2 accounts
1. default Administrator account
2. one user xyz who is member of administrator group.
I use laptop through xyz user and admin account is only for emergencies.
I am trying to emulated unix like environment where only the user #1 will have all rights and user XYZ will be a basic user.
My problem is recently I changed xyz account to "restricted/limited" user (member of users in control userpasswords2). As per the tip shown now this account is not suppose to modify any system settings or install new programs.
I've checked that xyz cannot change/create in %windir% or program files.
But some program setups like Opera 7.52 free version can still run their setup and install properly without any problems. (I am NOT doing Runas..)
setup for spybod s&d although correctly says user doesnot have enough permissions.
How is this possible and what am I doing wrong ?
also user XYZ is able to change IE's security zone settings. which is potentially harmful. I think I can change it through policies, but why is restricted user is NOT so restricted ?
or am I doing something wrong ?
I'd only 2 accounts
1. default Administrator account
2. one user xyz who is member of administrator group.
I use laptop through xyz user and admin account is only for emergencies.
I am trying to emulated unix like environment where only the user #1 will have all rights and user XYZ will be a basic user.
My problem is recently I changed xyz account to "restricted/limited" user (member of users in control userpasswords2). As per the tip shown now this account is not suppose to modify any system settings or install new programs.
I've checked that xyz cannot change/create in %windir% or program files.
But some program setups like Opera 7.52 free version can still run their setup and install properly without any problems. (I am NOT doing Runas..)
setup for spybod s&d although correctly says user doesnot have enough permissions.
How is this possible and what am I doing wrong ?
also user XYZ is able to change IE's security zone settings. which is potentially harmful. I think I can change it through policies, but why is restricted user is NOT so restricted ?
or am I doing something wrong ?