Re: Admin - Limited user accounts.

---

• From: Bruce Chambers <bchambers@xxxxxxxxxxxx>
• Date: Fri, 02 Feb 2007 10:25:37 -0700

---

CK wrote:

I've just bought a new HP Windows XP Media Center Edition 2005 computer.
Can someone explain this to me. I understand that for ssecurity reasons you should not be using your Admin logon to visit the internet. Ok so I have made a limited user account. So...why is it that not all software is transfered from the Admin account to the limited user account. Really confusing to me, that if I make an udate to the preinstalled Norton internet security on Admin (because you are not allowed to make any updates under a limited user account) that these updates are not passed over the all accounts on the computer. I have found that, any software added from the internet to this new computer must be done using Admin. Thats really great considering when I go back over to my limited user account the software is not even there, and how in the world am I going to get the software over there since its a limited user account. Does Windows XP require that you install software all over the place? Like not only for the Admin account but for each and every limited user on a computer? Am I maybe missing the big picture here, or does it look like I'm going in circles? I have 2 kids and I do not want them visiting the internet with the Admin account so it makes since to make user accounts but what good are the user accounts if when they use them, no updates, pictures, software etc are being forwarded over?

You may experience some problems if the software was designed for Win9x/Me, or if it was intended for WinNT/2K/XP, but was improperly designed. Quite simply, the application doesn't "know" how to handle individual user profiles with differing security permissions levels, or the application is designed to make to make changes to "off-limits" sections of the Windows registry or protected Windows system folders.

For example, saved data are often stored in a sub-folder under the application's folder within C:\Program Files - a place where no inexperienced or limited user should ever have write permissions. (Games are particularly likely to follow this horrible practice.)

It may even be that the software requires "write" access to parts of the registry or protected systems folders/files that are not normally accessible to regular users. (This *won't* occur if the application is properly written.) If this does prove to be the case, however, you're often left with three options: Either grant the necessary users appropriate higher access privileges (either as Power Users or local administrators), explicitly grant normal users elevated privileges to the affected folders and/or part(s) or the registry, or replace the application with one that was properly designed specifically for WinNT/2K/XP.

Some Programs Do Not Work If You Log On from Limited Account
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q307091

Additionally, here are a couple of tips suggested, in a reply to a
different post, by MS-MVP Kent W. England:

"If your game or application works with admin accounts, but not with limited accounts, you can fix it to allow limited users to access the program files folder with "change" capability rather than "read" which is the default.

C:\>cacls "Program Files\appfolder" /e /t /p users:c

where "appfolder" is the folder where the application is installed.

If you wish to undo these changes, then run

C:\>cacls "Program Files\appfolder" /e /t /p users:r

If you still have a problem with running the program or saving settings on limited accounts, you may need to change permissions on the registry keys. Run regedit.exe and go to HKLM\Software\vendor\app, where "vendor\app" is the key that the software vendor used for your specific program. Change the permissions on this key to allow Users full control."




--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
.

---

• Prev by Date: Security Center and ETrust v8
• Next by Date: Re: JavaScript driving me insane
• Previous by thread: Security Center and ETrust v8
• Next by thread: RE: Admin - Limited user accounts.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Windows 2003 Users vs Software ... You need to have both an admin and a limited account ... >> as a limited user, to effect, "the software has not been installed ... The users do not have rights to install programs. ... (microsoft.public.security) Re: The Coalition against Personal Firewalls ... then anything *you* can do as an admin a malicious program can do as ... If you're running as a limited user you can't ... Internet can't do it either. ... (comp.security.firewalls) Re: Accessing the Internet under with admin. rights... ... >> Given that it is best to access the internet not with admin. ... > <checks to see if she has administrator rights on the Internet itself by ... > login using the 'wrong' account). ... (microsoft.public.windowsxp.security_admin) limited user accounts in XP Home edition ... I have Windows XP home edition. ... I have set up 1 admin account and some limited user ... Granting all users admin rights is no solution i.m.o. ... Using a Limited User Account" ... (microsoft.public.windowsxp.security_admin) Re: XP User Accounts ... now if there is an inherient admin account as ... restricting files to certain user like u can restrict the limited user ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)