Want to change from Admin to User easily


A

a

Hi all,

I usually run my PC as Administrator which I now know is dangerous,
as it can let malware in and play with the system more easily. So
I want to create a limited User account instead, but all my settings
are under the Admin profile (eg. Quick Launch icons, file associations,
and so on).

Is there an easy way to migrate these to the User account, so that when
I log in as User, my desktop is the same, icons are the same, etc?

Thanks for any advice.
 
Ad

Advertisements

J

John John - MVP

a said:
Hi all,

I usually run my PC as Administrator which I now know is dangerous,
as it can let malware in and play with the system more easily. So
I want to create a limited User account instead, but all my settings
are under the Admin profile (eg. Quick Launch icons, file associations,
and so on).

Is there an easy way to migrate these to the User account, so that when
I log in as User, my desktop is the same, icons are the same, etc?

Thanks for any advice.

Copy the user profile to the new user.

To copy a user profile
http://www.microsoft.com/resources/...cs/en-us/sysdm_userprofile_copy.mspx?mfr=true

John
 
A

a

a said:
No good, the "Copy To" button for the Administrator account is disabled,
so I can't perform Step 3 at the URL you quoted above. :(

Hang on, I bet it's because I haven't logged in as the Limited Account yet!
I'll be back in a moment... :)
 
P

Pegasus [MVP]

a said:
No good, the "Copy To" button for the Administrator account is disabled,
so I can't perform Step 3 at the URL you quoted above. :(

You need to reboot the machine, then log on under some third admin account
in order to perform the copy action.
 
V

VanguardLH

a said:
John John ...


No good, the "Copy To" button for the Administrator account is disabled,
so I can't perform Step 3 at the URL you quoted above. :(

You cannot copy the userprofile of the account on which you are logged.
That means you must not be logged on the userprofile you are copying
from or the userprofile that you are copying to. You need to use a 3rd
"intermediary" account that does the copying.

You should have an alternate admin-level account, anyway, and NEVER use
the Administrator account (not even to install programs) except in
emergencies. Create a second admin-level account and always use that
one for your admin tasks. Use a 3rd account on which you login to copy
the source userprofile to the target userprofile.

However, for there to be a target userprofile means you must have logged
in at least once to that new account. The userprofile doesn't get
generated until you login the first time. After creating the limited
account, log onto it. That creates its userprofile path and definition
in the registry. Then logoff that limited account, log onto your
alternate (but now primary) admin-level account and copy your old admin
userprofile atop your *existing* limited userprofile.

By the way, what is important is that you run the vulnerable programs
(used as infection vectors into your host) under a LUA token. The LUA
(limited user account) token reduces the privileges on the process to be
the same as if you had logged under a limited account and ran that
program. The web browser is probably the highest targeted infection
vector into your host. You can still logon under your admin-level
account but run the web browser under a LUA token to have all the same
safety that you get when running that web browser while logged on under
a limited account. So you don't have to give up using your admin-level
account (which should still NOT be the Administrator account but a
different admin-level account) just to have the safety of limited
privileges on your web browser. While there are 3rd party software that
lets you restrict a program to run under a LUA token, you can do that
using SRPs (software restriction policies) already provided in Windows
XP; however, it requires adding a "Basic" account under which to run a
program which is not defined by default in Windows XP. If you want to
use your admin-level account but protect yourself by limiting the
privileges on your web browser, I can tell you how to do that using SRPs
already available in Windows XP. Once you do it the first time, you'll
see how easily it is to do for other programs, like for other web
browsers that you install, a newsreader (NNTP client), or for your
e-mail program. It is not required to log under a limited account to
limit the privileges allowed for a program.
 
Ad

Advertisements

A

a

Thanks for your long answer (and to Pegasus, too!). :)

Okay, it's late here now so I will add a new admin account tomorrow
and try again. Hopefully it'll all work! Does it also mean that all
apps installed will have their Registry settings copied across, too?
Or is it literally just the basics like my "Documents and Settings"
folder? I was kind of hoping I could copy everything and just boot
up as Limited with all my apps still running, too. I fear not?
 
P

Pegasus [MVP]

a said:
Thanks for your long answer (and to Pegasus, too!). :)

Okay, it's late here now so I will add a new admin account tomorrow
and try again. Hopefully it'll all work! Does it also mean that all
apps installed will have their Registry settings copied across, too?
Or is it literally just the basics like my "Documents and Settings"
folder? I was kind of hoping I could copy everything and just boot
up as Limited with all my apps still running, too. I fear not?

Copying a profile is equivalent to cloning an account.
 
V

VanguardLH

a said:
Thanks for your long answer (and to Pegasus, too!). :)

Okay, it's late here now so I will add a new admin account tomorrow
and try again. Hopefully it'll all work! Does it also mean that all
apps installed will have their Registry settings copied across, too?
Or is it literally just the basics like my "Documents and Settings"
folder? I was kind of hoping I could copy everything and just boot
up as Limited with all my apps still running, too. I fear not?

Did you install the app(s) for all users? Or just for your own account?
 
A

a

VanguardLH said:
Did you install the app(s) for all users? Or just for your own account?

Can't remember now, but I think they were for all. A good point to remember
for future installs, too! :)

Anyway, I tried to copy the Administrator account to the Limited account by
using a second temp Admin account, but it failed. Here's a screenshot of the
error, which is to do with "failing to set security on the dest profile":

http://img340.imageshack.us/img340/361/profileerror.png

I tried the copy in Safe Mode, but it also fails in normal boot mode. I really
don't know what to do next, except try the "Files and Settings Transfer Wizard"?

Also, I found this web page...

http://www.techiehq.net/system-secu...nvert-admin-account-limited-account-4612.html

(shortened URL = http://preview.tinyurl.com/2vp8d2h )

....where the second tip says "What you can do is change your 'everday' account
to the admin setting then switch your admin acount to limited (in that order)".

How would I do that? I see no option that converts an Admin account to Limited.
 
Ad

Advertisements

P

Pegasus [MVP]

a said:
Can't remember now, but I think they were for all. A good point to
remember
for future installs, too! :)

Anyway, I tried to copy the Administrator account to the Limited account
by
using a second temp Admin account, but it failed. Here's a screenshot of
the
error, which is to do with "failing to set security on the dest profile":

http://img340.imageshack.us/img340/361/profileerror.png
<snip>

This could happen if the account you use when copying the profile does not
have administrative privileges. You can probably resolve the issue like so:
1. Log on under an admin account.
2. Seize ownership of the "User" profile folder.
3. Set the permissions for the "User" profile folder to "Full access" for
"Everyone".
4. Repeat the "copy" process.
 
A

a

Pegasus said:
<snip>

This could happen if the account you use when copying the profile does not have administrative privileges. You can probably
resolve the issue like so:
1. Log on under an admin account.
2. Seize ownership of the "User" profile folder.
3. Set the permissions for the "User" profile folder to "Full access" for "Everyone".
4. Repeat the "copy" process.

I was logged in as TempAdmin, which, as you can tell, was an Admin account.
But, can you please confirm for me that I was trying to copy the Admin
profile to the new correct folder, ie. "..\Documents and Settings\User" ?
Because I had to browse for a folder and wasn't sure if that was right?
Once you confirm, I'll try your steps above again.
 
P

Pegasus [MVP]

a said:
I was logged in as TempAdmin, which, as you can tell, was an Admin
account.
But, can you please confirm for me that I was trying to copy the Admin
profile to the new correct folder, ie. "..\Documents and Settings\User" ?
Because I had to browse for a folder and wasn't sure if that was right?
Once you confirm, I'll try your steps above again.

There is no need to guess what the correct name of the profile folder is.
You can find out for sure like so:
1. Log on as User.
2. Start a Command Prompt.
3. Type this command:
set userprofile
 
J

John John - MVP

a formulated on Wednesday :

3. Type this command:
set userprofile

set userprofile is a typo I think. Probably should be net userprofile.

You certainly didn't try that before you posted...

John
 
P

Pegasus [MVP]

Johnw said:
Correct, but I googled set userprofile & could'nt find a thing.

Got me wondering now.

%UserProfile% is one of the many environmental variables. The command

set UserProfile

will give you its current value. On the other hand, your proposed command
"net userprofile" will fail.
 
Ad

Advertisements

A

a

Thanks for all the replies, but I've had no success after all.

I did everything that I could (logged in as a new Admin in Safe
Mode, took ownership of the old Admin's profile, and was even
able to copy it over). But logging in under the Limited account
was just like a new account, with no Quick Launch icons or fave
settings carried over. It was such an ordeal that I'm over it.

What I will do instead is a clean re-install of XP this weekend
and set up the Limited "User" account from scratch this time!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top