P
pjp
New user to XP but been using pc's since mid 80's and Windows since version
2.x. More or less up and going with a just recently installed XP Pro on a
dual-boot with 98SE system. I have 4 other pc's connected via ethernet
(wife and kids). As all the other pc's are "dated" and "this" pc has the
fancy gear (scanner, cam etc.), this one pc is often also used by the wife
and kids, hence I setup separate accounts for each of them and figured I
might as well enable the Guest account also.
I'm getting very frustrated with what appears to be how ":security" works.
It seems to work around "groups", each group has some "policy" that dictates
what that group can do or not do. I've found no way to create additional
groups nor how to dictate exactly what "rules" apply to each specific group
(although have found how to change wife's account to Power User).
All of that seems to make it impossibile to control each and every
individual login specifically for that user (and perhaps only that user).
The login seems to have to belong to some group, you can't seem to create
and edit the rules for existing groups nor create new groups, hence you
can't seem to individually specify "whatever" for each user.
I'm not impressed, seems like a great deal of effort for what appears to be
"lump summing" everyone into specific "buckets". Am I not seeing things as
they are or ... ?
For example, it appears there's no way to restrict the Guest account from
being able to basically browse anywhere on any hard disk etc. To my mind, I
should be able to dictate that as far as any user is concerned their "My
Documents" is the root of the drive (e.g. "drive":\) and I can specify what
if any other additional drives that user can even "see". This restriction
should be enforced even with Open dialogs and whatever other various means.
---------------------------------------
Another query.
Can the Guest account normally use the dialup account the administrator has
setup and specified "allow others to use"? The "user" accounts have no
problem, dialer starts (can't change password etc.), connects etc. but the
Guest account gets the standard "can't find ..." error. If so, how please? I
ended up having the luck and quessing about a "policy" (God help me if I
have to find it again) where I could enter an ip address for one of the
other pc's on my ethernet which acts as a proxy server for the other 3 pc's.
That allowed the Guest account to at least use the proxy server to connect.
Until that "policy" change, it wouldn't use the proxy settings under the
Connections/Lan dialog even though it'd let me edit them etc. (unlike the
dialup connection part where I see and can do nothing).
2.x. More or less up and going with a just recently installed XP Pro on a
dual-boot with 98SE system. I have 4 other pc's connected via ethernet
(wife and kids). As all the other pc's are "dated" and "this" pc has the
fancy gear (scanner, cam etc.), this one pc is often also used by the wife
and kids, hence I setup separate accounts for each of them and figured I
might as well enable the Guest account also.
I'm getting very frustrated with what appears to be how ":security" works.
It seems to work around "groups", each group has some "policy" that dictates
what that group can do or not do. I've found no way to create additional
groups nor how to dictate exactly what "rules" apply to each specific group
(although have found how to change wife's account to Power User).
All of that seems to make it impossibile to control each and every
individual login specifically for that user (and perhaps only that user).
The login seems to have to belong to some group, you can't seem to create
and edit the rules for existing groups nor create new groups, hence you
can't seem to individually specify "whatever" for each user.
I'm not impressed, seems like a great deal of effort for what appears to be
"lump summing" everyone into specific "buckets". Am I not seeing things as
they are or ... ?
For example, it appears there's no way to restrict the Guest account from
being able to basically browse anywhere on any hard disk etc. To my mind, I
should be able to dictate that as far as any user is concerned their "My
Documents" is the root of the drive (e.g. "drive":\) and I can specify what
if any other additional drives that user can even "see". This restriction
should be enforced even with Open dialogs and whatever other various means.
---------------------------------------
Another query.
Can the Guest account normally use the dialup account the administrator has
setup and specified "allow others to use"? The "user" accounts have no
problem, dialer starts (can't change password etc.), connects etc. but the
Guest account gets the standard "can't find ..." error. If so, how please? I
ended up having the luck and quessing about a "policy" (God help me if I
have to find it again) where I could enter an ip address for one of the
other pc's on my ethernet which acts as a proxy server for the other 3 pc's.
That allowed the Guest account to at least use the proxy server to connect.
Until that "policy" change, it wouldn't use the proxy settings under the
Connections/Lan dialog even though it'd let me edit them etc. (unlike the
dialup connection part where I see and can do nothing).