J
John Brock
I have been using my IBM ThinkCentre with Windows XP Professional
for over a year now, using the personal account created at setup.
That account belongs to the Administrators group of course, and
recently I decided to create a Limited account, for security reasons.
I started to poke around by enabling the Guest account, and was
very startled to discover that it was not really very "limited" at
all, and in fact could delete files from places where I did not
think it should be able to, such as my Mozilla program directory.
After studying Windows XP Inside Out for a while it became clear
to me that the reason for this was that the Everyone group had Full
Control of the C: drive, and by inheritance everything else (except
my personal profile). I don't think this is right! But the book
warned against tampering with permissions on the system drive, and
directed me to Knowledge Base article Q244600, which has a long
list of default NTFS permissions for Windows 2000.
I am nervous about trying to reset all the folder permissions by
hand though (especially with settings from Windows 2000), and even
if I did who knows what else is amiss. Beyond that, I would really
like to know what is going on. The book noted that Full Control
by Everyone is what you get when you convert a partition to NTFS,
but this was a new machine with XP SP1 preloaded.
So basically I have two questions:
1) Does anyone have any idea why my machine is this way?
2) Is there anything I can do -- perhaps use some security template
or something -- to restore the normal XP permissions.
for over a year now, using the personal account created at setup.
That account belongs to the Administrators group of course, and
recently I decided to create a Limited account, for security reasons.
I started to poke around by enabling the Guest account, and was
very startled to discover that it was not really very "limited" at
all, and in fact could delete files from places where I did not
think it should be able to, such as my Mozilla program directory.
After studying Windows XP Inside Out for a while it became clear
to me that the reason for this was that the Everyone group had Full
Control of the C: drive, and by inheritance everything else (except
my personal profile). I don't think this is right! But the book
warned against tampering with permissions on the system drive, and
directed me to Knowledge Base article Q244600, which has a long
list of default NTFS permissions for Windows 2000.
I am nervous about trying to reset all the folder permissions by
hand though (especially with settings from Windows 2000), and even
if I did who knows what else is amiss. Beyond that, I would really
like to know what is going on. The book noted that Full Control
by Everyone is what you get when you convert a partition to NTFS,
but this was a new machine with XP SP1 preloaded.
So basically I have two questions:
1) Does anyone have any idea why my machine is this way?
2) Is there anything I can do -- perhaps use some security template
or something -- to restore the normal XP permissions.