Newbie Question: Setting password-protected executable

  • Thread starter Thread starter snpsuen
  • Start date Start date
S

snpsuen

Greetings.
As a newbie to XP, would like to know if it supports setting a password
for the launching of a given program (.exe, .com & the likes). Say, one
must enter a correct password to run IE, etc.
Otherwise, is there any freeware around to do the same thing?

Many thanks.
 
That is not possible within the operating system and I am not aware of any
third party program to do such. All versions of XP support the NTFS file
system which allows the administrator to set permissions for users and
groups on any file. If the user does not have execute permissions to a file
they can not run it. In conjunction with NTFS permissions users should be
required to enter a complex password to logon to the computer. The
combination of NTFS access control lists and password protected user
accounts is very effective in controlling what a user can do and run on the
computer and should be used and NOT letting multiple users share a user
account unless all those users need the same access level and there is no
desire to track user activity. If using XP Pro Software Restriction Policies
can be also implemented. The links below may help. But beware that any user
in the local administrators group can change permissions to any file on the
computer and that administrators are also members of the
everyone/users/authenticated users groups. It is best not to use deny
permissions but instead remove excessive permissions for a user/group.---
Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
 
Greetings.
As a newbie to XP, would like to know if it supports setting a
password
for the launching of a given program (.exe, .com & the likes). Say,
one
must enter a correct password to run IE, etc.
Otherwise, is there any freeware around to do the same thing?
Click to expand...


You don't use passwords in an NT-based version of Windows. If you use
NTFS, file permissions let you dictate who can read, write, execute a
file. Learn about using permissions.
 
Greetings.
As a newbie to XP, would like to know if it supports setting a password
for the launching of a given program (.exe, .com & the likes). Say, one
must enter a correct password to run IE, etc.
Otherwise, is there any freeware around to do the same thing?

Many thanks.
Click to expand...


Like WinNT and Win2K before it, WinXP's file security paradigm
doesn't rely on, or allow, the cumbersome method of password protection
for individual applications, files, or folders. Instead, it uses the
superior method of explicitly assigning file/folder permissions to
individual users and/or groups.

HOW TO Create and Configure User Accounts in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;279783

HOW TO Set, View, Change, or Remove File and Folder Permissions
http://support.microsoft.com/default.aspx?scid=kb;en-us;q308418

HOW TO Set, View, Change, or Remove Special Permissions for Files and
Folders
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q308419

Another option:

Microsoft Shared Computer Toolkit for Windows XP
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
 
Steven said:
That is not possible within the operating system and I am not aware of any
third party program to do such. All versions of XP support the NTFS file
system which allows the administrator to set permissions for users and
groups on any file. If the user does not have execute permissions to a file
they can not run it. In conjunction with NTFS permissions users should be
required to enter a complex password to logon to the computer. The
combination of NTFS access control lists and password protected user
accounts is very effective in controlling what a user can do and run on the
computer and should be used and NOT letting multiple users share a user
account unless all those users need the same access level and there is no
desire to track user activity. If using XP Pro Software Restriction Policies
can be also implemented. The links below may help. But beware that any user
in the local administrators group can change permissions to any file on the
computer and that administrators are also members of the
everyone/users/authenticated users groups. It is best not to use deny
permissions but instead remove excessive permissions for a user/group.---
Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
Click to expand...

Thanks for the advice.
Looks like I couldn't cut corners to dodge the tasks of mult-user
management and authorization.

Mind you, this is only your average, stand-alone, family PC. Just look
for a quick way to regulate the little ones' online activities during
their end-term exams.
Some one-off/temp trick suffices and surely don't fancy getting my hand
dirty with NT user admin or something like that at home.
 
You could logon to the computer and remove the user's permissions to the
executable or give the user account an explicit deny and then grant them
permissions again when you want. You could even do that with a Scheduled
Task. Having said that it is not enough to restrict access to the executable
to restrict internet access since users still can use URLs in documents,
etc. To restrict internet access a personal firewall such as Zone Alarm
could be an option to restrict access. It is easy to change the rules when
need be. There is even a firewall called PortsLock that can have different
firewall settings based on logged on user. --- Steve

http://www.portslock.com/
 
Steven said:
You could logon to the computer and remove the user's permissions to the
executable or give the user account an explicit deny and then grant them
permissions again when you want. You could even do that with a Scheduled
Click to expand...


Cheers mate. That's what I've thought about doing. Create a single
account on the PC for the kids and deny its execution right to IE, as
wife can use my notebook. But then again you brought up a good point:

Having said that it is not enough to restrict access to the executable
to restrict internet access since users still can use URLs in documents,
etc.
Click to expand...


Spot on. Everything we type on XP is Internet-aware and it's pointless
to disable explorer & friends.

Now settle on a no-brainer option of disconnecting from Internet
altogether:
Disable automatic DHCP address assignment from the cable modem and slam
in a private IP for the LAN.
And I presume only super-user is allowed to do so and it can't be
undone from an ordinary user account.

A bit over-kill and smacks of brute-force too. Yet the only way to do
it right away ...
 
If you want to disconnect from the internet then remove the default gateway
in tcp/ip properties and add it again when you want access. Just make sure
the users you want to restrict are not local administrators or in the
network configuration operators group. If there is no need for any network
access simply disable the network adapter in networking properties and then
enable it again when access is wanted. --- Steve
 
Back
Top