configure XP to require passcode when installing programs

  • Thread starter Thread starter bay one
  • Start date Start date
B

bay one

I know vista has this feature as well as mac osx, but is there a way to
configure XP to require the administrator to key in a password when new
software is installed. I am trying to prevent people from installing anything
on my computer without my permission. If XP doesn't do this, is there a
program I can install that will provide this security for me. thanks
 
bay one said:
I know vista has this feature as well as mac osx, but is there a way to
configure XP to require the administrator to key in a password when new
software is installed. I am trying to prevent people from installing
anything
on my computer without my permission. If XP doesn't do this, is there a
program I can install that will provide this security for me. thanks
Click to expand...


I thought that a Limited user was not allowed to install anything?
 
bay said:
I know vista has this feature as well as mac osx, but is there a
way to configure XP to require the administrator to key in a
password when new software is installed. I am trying to prevent
people from installing anything on my computer without my
permission. If XP doesn't do this, is there a program I can install
that will provide this security for me. thanks
Click to expand...

A limited user account just cannot install anything at all in Windows XP
(unless it is more of a copy and not an installation.) An administrative
user has to log in to install.
 
the limited user is just that, it's limited not 100%. I can still install
things like myspace instant messenger on this account. This is exactly what I
want to avoid. I don't want any un-authorized users putting anything on the
computer without my passcode. Also with the limited user account I would have
to deal with the inconvenience of swithcing users, making my changes,
switching back etc. Any other solutions? thanks
 
the limited user is just that, it's limited not 100%. I can still install
things like myspace instant messenger on this account. (aim didn't install,
but myspace instant messenger did) This is exactly what I want to avoid. I
don't want any un-authorized users putting anything on the computer without
my passcode. Also with the limited user account I would have to deal with the
inconvenience of swithcing users, making my changes, switching back etc. Any
other solutions? thanks
 
bay one said:
the limited user is just that, it's limited not 100%. I can still install
things like myspace instant messenger on this account. This is exactly
what I
want to avoid. I don't want any un-authorized users putting anything on
the
computer without my passcode. Also with the limited user account I would
have
to deal with the inconvenience of swithcing users, making my changes,
switching back etc. Any other solutions? thanks
Click to expand...

have a look here:
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
 
bay said:
the limited user is just that, it's limited not 100%. I can still install
things like myspace instant messenger on this account. (aim didn't install,
but myspace instant messenger did) This is exactly what I want to avoid. I
don't want any un-authorized users putting anything on the computer without
my passcode. Also with the limited user account I would have to deal with the
inconvenience of swithcing users, making my changes, switching back etc. Any
other solutions? thanks
Click to expand...

MVP Doug Knox's Security Console or the MS Steady State. SteadyState
also works in XP Pro if you'd rather not use Group Policy.

http://www.dougknox.com
Steady State -
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx


Malke
 
A Limited User is not specifically prevented from installing programs.

The limitations are that: The machine registry cannot be changed, only the
user registry. Also, if using NTFS with permissions, the user cannot save
files outside of their profile. If using FAT32, or NTFS without
permissions, then the restrictions on a limited user are.. not very much! It
should be apparent therefore that, even with NTFS permissions set, a limited
user can still install an executable onto their desktop provided it doesn't
require machine-registry settings to work.

Worth bearing in mind that the executable could be a Trojan, spambot or the
like, and given the above could still function.

BeyondLogic's TrustNoExe gives a better control over what can be executed
from where. Also, once setup correctly it causes very few annoying messages,
unlike Vista's UAC. Only proviso is that it's incompatible with some
(ill-behaved) software which attempts to launch executables from
temporary-file locations. AutoCad is one such example. Using this combined
with a limited user should make it very hard for that user to launch any
executable they download.
 
Back
Top