Re: Owner\Administrator
From: Dave (noone_at_nowhere.com)
Date: 10/15/04
- Next message: Shahab: "Problem with my documents folder ..."
- Previous message: Dave: "Re: Owner\Administrator"
- In reply to: worried: "Re: Owner\Administrator"
- Next in thread: worried: "Re: Owner\Administrator"
- Reply: worried: "Re: Owner\Administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Oct 2004 18:37:40 -0000
every user can get to some parts of the registry, there is a part of the
registry that saves each user's settings and information about the current
session so each user must be able to read/write their part of it. there are
other parts that you may be able to read but not write, and some that you
may not have any access to as a limited user. there are actually privileges
that can be configured for sections of the registry based on user
privileges. an administrator would have access to read and write anything
in the registry.
there are also folders that limited users can't write to. by default
limited users can't write to folders under the Program Files folder which
prevents installing most software. they also can't write to folders under
the windows installation directory so they can't install drivers or change
system software... this would prevent most mail or web delivered worms from
doing their thing.
passwords are used to identify users either directly via the keyboard or
remotely via a network connection. administrator accounts without passwords
are open for attack from a network connection unless there is a firewall
preventing access to the machine... though i would never just rely on a
firewall to protect access as there are new attacks being dreamed up by
hackers every day. its best to have a 'complex' or 'strong' password on all
accounts. these are passwords that are not dictionary words, names, or
places, normally a good password is a mix of letters and numbers and
includes either a mix of capital and lower case letters or symbols. don't
count on passwords to protect a machine from someone who has physical access
to it though, there are ways to boot from floppies or cd's and bypass or
reset passwords to get into machines.
"worried" <worried@helloall.us.vets> wrote in message
news:472B9A3C-B538-4208-8642-AF6C0814AFBE@microsoft.com...
> Ok here is how I stand,I have the built in admin.(1) and myself as user
with
> admin.
> privis.(2)
> Then I have another user(3) with limited privis.
> But the way I see it, I can get in to the registry with my limited
user,(3)
> but can not see the files or documents of user (2) .
> Why is that,when I thought a limited
> user was not able to get into the registry or add/remove programs for that
> matter.
> Now that would be the part I would want to prevent/change,b/c if user (3)
> can get into the the registry I assume any hacker could,right ?
> So I take it that's where the passwords come in,maybe ? And how and where
do
> I apply them if at all neccesary with me being the only one here.
> Geez not sure if all this makes sense to you,not sure if it makes sense to
me,
> but I thank you in advance for your patience....
>
> "Dave" wrote:
>
> > ok, some more background on users vs groups. 'users' have accounts that
> > have profiles. the profiles are where things like your desktop, my
> > documents, and other stuff that belongs to the user is kept. i assume
what
> > you are saying is that under your profile there is 15mb worth of stuff
that
> > is for your account, and the administrator account has only 907kb. this
> > would kind of make sense since the default administrator account doesn't
> > have your documents and other stuff that you have saved since you have
been
> > using your account.
> >
> > now, about 'groups'. 'groups' are a way that windows assigns privileges
to
> > accounts. you can look at it like assigning a 'group' of accounts as
plain
> > users, and assigning another group as administrators. 'groups' are just
> > lists of accounts, they have no actual location on your hard drive. it
is
> > unfortunately confusing that there is an 'administrators' group, and a
> > default 'administrator' (note no 's') account.
> >
> > users accounts can be moved in and out of groups without losing their
> > profile information, that is, your 15mb of 'stuff'. however, each user
has
> > a unique profile by default so if you make a new user it would not have
> > access to your old account stuff... there are ways to transfer it or
give
> > both users access, but that is much more than you really need.
> >
> > so you should be able to login as the built in administrator and using
the
> > computer management plugin to the administrative tools in the control
panel
> > remove your personal account from the administrators group and add it to
> > either the 'Users' group or 'Power Users' group that should already be
there
> > waiting to be used.
> >
> >
> > "worried" <worried@helloall.us.vets> wrote in message
> > news:8778CEB7-3397-4B13-A312-22292FC0092A@microsoft.com...
> > > Ok so if I understand this correctly,there is 1 built in
Administrator,and
> > ok
> > > it should stay put where it is,(I tried,couldn't delete it) second I
do
> > not
> > > have any passwords,third if I remove myself
> > > from this group of 3,since I added a limited user,I will lose 15.0 MB
of
> > > stuff,as where
> > > the built in Admin. only has less then 907KB of stuff...How does this
> > > work,and how do I ever get this right...SP2 is nothing but a pain to
me.
> > > Power Users group ? Explain please,and where do I look for it.
> > > Thank you so much.
> > >
> > > "Dave" wrote:
> > >
> > > > first, make sure you know the password of the administrator account.
> > then
> > > > login to that and remove yourself from the administrator group and
add
> > > > yourself to the Power Users group which i think is the best one to
use
> > for
> > > > day to day stuff... though most people can probably exist as just a
> > normal
> > > > User. never change the groups or anything else for the built in
> > > > administrator account or you will be back here asking how to undo it
> > > > shortly! and its not always easy to fix.
> > > >
> > > > "worried" <worried@helloall.us.vets> wrote in message
> > > > news:09262A2E-6D07-4A54-9FEB-30696BD6CF93@microsoft.com...
> > > > > Ok Dave tell me how to do, so I only have 1 admin,and Me as a
user,or
> > > > should
> > > > > I just take the privileges away from myself and keep the
> > Administrator?
> > > > >
> > > > > "Dave" wrote:
> > > > >
> > > > > > you really don't want to do that... and i'm not sure if xp would
> > even
> > > > let
> > > > > > you. just think what would happen if something messed up your
> > personal
> > > > > > account so you couldn't login and there was no other admin
> > account?!?!?
> > > > by
> > > > > > the way, its much safer to downgrade your every day account to
> > something
> > > > > > like a power user or just a regular user, then only use the
admin
> > > > account
> > > > > > when needed.
> > > > > >
> > > > > > "worried" <worried@discussions.microsoft.com> wrote in message
> > > > > > news:8C768CE5-0BA3-4576-9F20-217CAF727DAD@microsoft.com...
> > > > > > > Hi,
> > > > > > > when I go into Safe Mode,I have 2 choices,I can go to
> > > > > > > Owner\Admin. or
> > > > > > > Owner\Me , either way I have to sign in. I am alone on this
stand
> > > > alone
> > > > > > > with a guest account that is off.
> > > > > > > Is it safe to delete the O\A ?
> > > > > > > When I sign in,(Me) in Normal Mode I am the computer
> > administrator.
> > > > > > > Please advice,thank you.
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >
- Next message: Shahab: "Problem with my documents folder ..."
- Previous message: Dave: "Re: Owner\Administrator"
- In reply to: worried: "Re: Owner\Administrator"
- Next in thread: worried: "Re: Owner\Administrator"
- Reply: worried: "Re: Owner\Administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
