Aetherial said:
I need to set up a user in Vista with less permission than the standard
user
account. For example, I don't want the user to be able to create ANY files
outside of the profile. I don't want the user to be able to change the
wallpaper or the screen saver. I need to limit the user's access to the
Control Panel more than usual.
Etcetera, etcetera.
How can I customize the account in this way?
Exactly how will this computer be used? Different methods are available for
different types of uses. For instance, a public computer needs more
restrictions than an office machine meant for sales people to keep their
records. In general, however, you can:
1) Create a custom user group. Make it a member of the User's group
2) Create the user, adding them to that group and removing that specific
account from the Users group.
3) In NTFS permissions for the Public folders and other folders to which the
Users group can write, use Advanced to deny the custom user group create,
append, and write permissions.
4) Use the group policy snap-in to limit other system options.
Will these less-than-standard users need actually to save documents
permanently? If not, then consider using the Guest account. Any changes
they make to the desktop will be forgotten when they log off, and you can
similarly use group policy to limit them even more from those parts of they
system that you don't want them in. However, if they need to save documents
permanently, you can create a special folder for them.
There are other things to consider in accomplishing what you want, too.
Hopefully, others will reply with their ideas. And if this machine is part
of a domain, the procedure is different.
I recommend consulting a professional for help with this. You might miss
something important or restrict too much.
