Power user right

[Ray]

I configure two accounts: local administrator account and domain power user
account on a Windows XP Pro. The power user account does not have right to
edit the root directory on every hard disk but ok to create any folders on
one level below the root. Once I change the power user account to
administrator group, it can edit the root directory. Is it the default
setting of Windows XP? How can I get rid of it to allow the user to edit
the root directory?

Thanks,

Ray

 

[WM]

Note that there are escalation of privilege attacks that will easily let a
Power User become an Administrator. You should either use Users, or leave
users as Administrators.

As to your question, remove the Modify right to the root directory.

 

[Hunter1]

I configure two accounts: local administrator account and domain power user
account on a Windows XP Pro. The power user account does not have right to
edit the root directory on every hard disk but ok to create any folders on
one level below the root. Once I change the power user account to
administrator group, it can edit the root directory. Is it the default
setting of Windows XP? How can I get rid of it to allow the user to edit
the root directory?

Yep, it's default behaviour, easy fixed, if you're not fussed about
security just modify the permissions on the root of C: to allow all
users write/modify type access. Easiest way is full control if you trust
all of the users.

 

[Hunter1]

That's like saying because a network can be hacked you might as well not
have passwords. 99% of those out there wouldn't have a clue, so by
keeping them at power user (so that a good 80% of legacy software will
work when it wont for a standard XP user as opposed to power user) you
will allow a lot of software that wouldn't otherwise work to work, and
still keep 99% of people away from being able to do the nasty things you
don't want them doing as an administrator.