G
Guest
I'm running Windows XP PRO with automatic updated and have just (4 days ago)
converted my user account from being a member of the administrators group to
being a member of the users group. I've created a new admin account for
occational use. Except for a couple of hickups with products that probably
were not design for running under non-admin accounts, all has been going
well. However, one of the products failed because of lacking access to a
folder/file in its own installation folder under Program Files. Logged on
with my, now limited, account I checked the security flags and found that I
was correctly not having access to the folder/file, BUT the options to allow
additional authority to myself were not dimmed out. So with this account I
could grant myself the required access and from then on everything worked
fine.
Since then I have discovered numerous Program Files folders that this
limited account has this type of access to, but there are also lots of them
without this additional access. What's happening here?
Using the Effective Permissions feature I've also found out that the limited
account SEEMS to have the following authorities to (I guess) everything in
the computer, including the Windows\system32 folder:
- Create Files / Write Data
- Create Folders / Append Data
Is this normal?
To summarize, I wish to know:
1) How come the limited user has authority to set security flags in some
folders/files, but not all?
2) Is it normal that a limited account has the Create security attributes
above to all folders and files?
3) Can I safely remove these capabilities from (at least) the WINDOWS and
Program Files folders and subfolders?
4) Are there any official recommendations with regards to folder and file
security settings?
Thanks in advance.
converted my user account from being a member of the administrators group to
being a member of the users group. I've created a new admin account for
occational use. Except for a couple of hickups with products that probably
were not design for running under non-admin accounts, all has been going
well. However, one of the products failed because of lacking access to a
folder/file in its own installation folder under Program Files. Logged on
with my, now limited, account I checked the security flags and found that I
was correctly not having access to the folder/file, BUT the options to allow
additional authority to myself were not dimmed out. So with this account I
could grant myself the required access and from then on everything worked
fine.
Since then I have discovered numerous Program Files folders that this
limited account has this type of access to, but there are also lots of them
without this additional access. What's happening here?
Using the Effective Permissions feature I've also found out that the limited
account SEEMS to have the following authorities to (I guess) everything in
the computer, including the Windows\system32 folder:
- Create Files / Write Data
- Create Folders / Append Data
Is this normal?
To summarize, I wish to know:
1) How come the limited user has authority to set security flags in some
folders/files, but not all?
2) Is it normal that a limited account has the Create security attributes
above to all folders and files?
3) Can I safely remove these capabilities from (at least) the WINDOWS and
Program Files folders and subfolders?
4) Are there any official recommendations with regards to folder and file
security settings?
Thanks in advance.