Re: Can't Remember How to Setup User Accounts
From: Skanti (Skanti_at_discussions.microsoft.com)
Date: 11/11/05
- Next message: Tom [Pepper] Willett: "Re: Microsoft security"
- Previous message: Lem: "Re: anti vitus is turned off every time I reboot"
- In reply to: Steven L Umbach: "Re: Can't Remember How to Setup User Accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Nov 2005 08:08:04 -0800
Hello Steve,
Thanks for your detailed response. I will try the things you suggested &
hopefully will be able to set things up over the weekend.
-- Skanti "Steven L Umbach" wrote: > I don't like having the guest account enabled on an XP Pro computer as it > can lead to vulnerabilities for access to network share. I would disable it > and create regular user accounts. When you create a user account by default > it is limited in what it can do unless you add it to privileged groups like > power users and administrators. You can use Computer Management - local > users and groups/users to manage user accounts or simply enter lusrmgr.msc > in the run box. The onboard help for XP is a great resource to learn how to > do any task. For instance search for users and you probably will find most > all you need to know about managing users. > > Then you can use NTFS folder permissions to manage what users on your > computer can access. If a user/group does not have any permissions to a > folder then they have an implicit deny and is the way I favor to configure > permissions. You can also give users/groups deny permissions but that can > get complicated with inheritance and in some cases an allow permissions can > override a deny permission. It is best to put users into groups and then > assign permissions to the groups. > > For example let's say you have a folder that you want only you to access. > Then I would remove users/everyone from the permissions list and leave > administrators, system, and your user account with full permission. If you > are logged on as an administrator you would also have full control by > membership in the administrators group. The link below explains more on > configuring folder permissions, what permissions are available and what they > do, and how to disable simple file sharing if you are using it which is the > default setting for a non domain computer. > > http://support.microsoft.com/default.aspx?scid=kb;en-us;308418 > > Having said all that you need to be aware that if your computer is not > physically secured to some degree it is fairly trivial for another user to > gain access to your files by gaining administrator access with free > utilities or using a keyboard logger to capture your credentials, booting > from an alternate operating system, or "borrowing" your hard drive. You can > minimize such risk by configuring cmos to boot only from the system hard > drive, password protecting the cmos settings, and using a sturdy computer > case that locks access to the innards and one that maybe even has an alarm. > > File encryption can also further protect your files and if done properly > make in near impossible for another user to access your files. XP Pro has > EFS file encryption built in. If you consider any encryption program keep in > mind that as long as the decryption "key" is still on your computer your > encryption is only as strong as your password that again may be captured by > a keyboard logger. EFS in particular requires that you keep at least a > couple copies of your EFS certificate/private key backed up to a password > protected .pfx file to external media or YOU could lose permanent access to > your files due to corruption or loss of your EFS private key. The link > below explains more about EFS. --- Steve > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 > > > "Skanti" <Skanti@discussions.microsoft.com> wrote in message > news:1091ADA6-4153-4E1B-9B40-7C316A5988CE@microsoft.com... > >I have a single computer with Internet access and XP Professional v 5.1. I > > want to allow myself full access to the computer & all programs, but allow > > a > > limited subset of programs to the Guest account (or some other limited > > access > > account) for use by employees. > > > > When I first got the computer, I gave the Guest account access to several > > programs that I no longer want it to access. The problem is, I have no > > idea > > how I added their icons to the guest account screen in the first place. > > When > > I try to make changes logged in as Guest, I'm not allowed to do it. When > > I > > log in as myself, I can't find the proper place to change which programs > > appear on the Guest screen. (I can find "add user accounts", but that > > only > > allows you to change basic stuff, not program access. > > > > I don't want employees or other to have access to my personal files or > > customer database, but I do want to allow them to use Word, Publisher, and > > a > > few other programs, keeping their files separate. I'd really like to give > > them a very limited "padded cell" type of access. > > > > How do I do this??? > > > > > > -- > > Skanti > > >
- Next message: Tom [Pepper] Willett: "Re: Microsoft security"
- Previous message: Lem: "Re: anti vitus is turned off every time I reboot"
- In reply to: Steven L Umbach: "Re: Can't Remember How to Setup User Accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
