If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Limiting user rights.
Is there any way that I can set up an account of some type on my XPpro
machine so that my son cannot delete any files, icons, change settings, but still be able to access programs that I can nominate and create files from those programs, and create text files from outside of those programs? He's 3, and I wouldn't mind letting him stuff around on my computer, if I knew that he couldn't stuff something up. The other option is to cram a crowbar in the wallet and set one up for him. The only problem with that is having to fix the problems on that computer, although they'd probably be not life-shattering problems I suppose... |
Ads |
#2
|
|||
|
|||
Limiting user rights.
Richard McKeown wrote:
Is there any way that I can set up an account of some type on my XPpro machine so that my son cannot delete any files, icons, change settings, but still be able to access programs that I can nominate and create files from those programs, and create text files from outside of those programs? He's 3, and I wouldn't mind letting him stuff around on my computer, if I knew that he couldn't stuff something up. The other option is to cram a crowbar in the wallet and set one up for him. The only problem with that is having to fix the problems on that computer, although they'd probably be not life-shattering problems I suppose... In the BIOS screens, enable a password. That means no one boots your computer without the password. That means the kid can't use your computer without you being there to set it up for him. Be sure to padlock the case (there's usually a tang through which you can insert a tiny padlock - and don't use those cheapies for luggage since a screwdriver and pliers works to open those). That's to prevent him from getting inside (a place you never want him to get, anyway) to reset the BIOS to eliminiate the password requirement. Each time the computer powers up, the user is asked for a password. Without it, no operating system gets booted. Then use something like ShadowSurfer (the pro version is called ShadowUser). When in Windows, you enable ShadowSurfer mode and then reboot your host. When Windows is next loaded, it is in this ShadowSurfer mode. You (or the kid) can delete files, modify them, install programs (if you let the kid have admin or power user rights, not a smart idea), or even get infected. You can totally hose over your files and OS. When you reboot, your partition is returned to the same state it was before you entered ShadowSurfer mode. That is, whatever you did in ShadowSurfer mode is all gone and you have your OS back to its prior state. This does require rebooting (because kernel-mode drivers are required to redirect all changes to a virtual disk rather than apply them to your real disk). This type of software is often used in kiosks because despite all precautions there may be hackers that manage to figure out how to screw up the OS or you want to let them make changes, then reboot and it's all back the way it was. Schools use this, too, so a scheduled reboot in the early morning returns their hosts back to a known state for use the next morning for classes. ShadowSurfer is just one example of this type of software. It was free for awhile but not anymore (cost is $30; see http://www.storagecraft.com/products/ShadowSurfer/). There are other products that do a similar function. Microsoft has their SteadyState (http://www.microsoft.com/protect/pro...eadystate.mspx) but it's seems more geared to expert admins. I found it harder to understand and setup but then I didn't have much time to give it a fair trial. It's free. An advantage of SteadyState is that you can choose to retain any changes you make while in shadow mode. That way, you could test new but unknown software and decide to get rid of it completely (return to the prior disk state) or retain your changes (update your real disk). To do that in ShadowSurfer, you have to upgrade to the more expensive ShadowUser. Other similar products that I've heard of but not used are BufferZone ($40) and ReturnNil (http://www.returnilvirtualsystem.com...spersonal.htm; free/crippled version). If you get recommendation for other similar programs, make sure they aren't old and dead programs (several have been abandoned). Read the help for these programs. Some only protect the partition for the operating system (drive C and not any other drives. So a 2nd drive, like D:, where you store your data could still wind up having files deleted or modified. That might be what you want because you could trial a program, save documents you create with them, and then decide to get rid of the program but still want to retain your documents. That's why you are still expected to perform regular backups. If you don't backup your data, you deem your data as worthless or reproducible. So you add a BIOS password that is required to even start loading Windows. You create a limited account for the kid. When you want to pass control to the kid, enable the shadow mode and reboot. The kid logs in. Whatever the kid manages to do will disappear when you reboot. Note that because a reboot will restore back the prior state that any installations that require a reboot to complete will disappear, too. |
#3
|
|||
|
|||
Limiting user rights.
Richard McKeown wrote:
Is there any way that I can set up an account of some type on my XPpro machine so that my son cannot delete any files, icons, change settings, but still be able to access programs that I can nominate and create files from those programs, and create text files from outside of those programs? He's 3, and I wouldn't mind letting him stuff around on my computer, if I knew that he couldn't stuff something up. The other option is to cram a crowbar in the wallet and set one up for him. The only problem with that is having to fix the problems on that computer, although they'd probably be not life-shattering problems I suppose... A 3-year-old is much too young to be allowed on your computer unsupervised. I have some funny stories about things my own children did on my machines when they were little. Well, they are funny *now*! Most certainly you should create a limited account for him, too. Since you have XP Pro, you can use Group Policy to set restrictions (gpedit.msc). Be very careful using the Group Policy editor; it is completely possible to lock yourself out. Questions about group policy should be posted he microsoft.public.windows.group_policy Or you can use Microsoft's SteadyState: http://www.microsoft.com/windowsxp/s...s/default.mspx More on SteadyState: http://aumha.net/viewtopic.php?t=27570 SteadyState support - http://forums.microsoft.com/WindowsT...1660&SiteID=69 If you are serious about allowing your child - and he could be a perfect angel but he *is* only 3! - to play on your computer unsupervised, buy an external hard drive and Acronis True Image and image your system regularly. That way when he hoses your computer by banging on the wrong keys you'll be able to get back up and running quickly. Actually, regular imaging is a Good Thing even if there are no children around! Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ |
#4
|
|||
|
|||
Limiting user rights.
"Richard McKeown" wrote:
Is there any way that I can set up an account of some type on my XPpro machine so that my son cannot delete any files, icons, change settings, but still be able to access programs that I can nominate and create files from those programs, and create text files from outside of those programs? He's 3, and I wouldn't mind letting him stuff around on my computer, if I knew that he couldn't stuff something up. The other option is to cram a crowbar in the wallet and set one up for him. The only problem with that is having to fix the problems on that computer, although they'd probably be not life-shattering problems I suppose... Create an account in the group Users - not a Power Users. If this is not restrictive enough, try the built-in Guest account. -- Newell White |
#5
|
|||
|
|||
Limiting user rights.
Newell White wrote:
Create an account in the group Users - not a Power Users. If this is not restrictive enough, try the built-in Guest account. The built-in Guest account should not be enabled. The Guest account is a special system account. It is disabled by default in Windows XP, Vista, Linux, Unix, and OS X for a reason. From TechNet: "The Guest account is intended for users who require temporary access to the system. However, if this account is enabled, a security risk may exist because an unauthorized user could gain anonymous access to the system through this account." http://technet.microsoft.com/en-us/l...chNet.10).aspx Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ |
#6
|
|||
|
|||
Limiting user rights.
"Malke" wrote: The built-in Guest account should not be enabled. The Guest account is a special system account. It is disabled by default in Windows XP, Vista, Linux, Unix, and OS X for a reason. From TechNet: "The Guest account is intended for users who require temporary access to the system. However, if this account is enabled, a security risk may exist because an unauthorized user could gain anonymous access to the system through this account." http://technet.microsoft.com/en-us/l...chNet.10).aspx Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ You are probably right - depends on physical access. When I worked at home my 4-year old had great fun with MS Paint on a Win95 machine that was not hooked up to my (then) state-of-the-art 56k modem! -- Regards, Newell White |
#7
|
|||
|
|||
Limiting user rights.
"Richard McKeown" wrote: Is there any way that I can set up an account of some type on my XPpro machine so that my son cannot delete any files, icons, change settings, but still be able to access programs that I can nominate and create files from those programs, and create text files from outside of those programs? He's 3, and I wouldn't mind letting him stuff around on my computer, if I knew that he couldn't stuff something up. The other option is to cram a crowbar in the wallet and set one up for him. The only problem with that is having to fix the problems on that computer, although they'd probably be not life-shattering problems I suppose... Having read Malke's comment, I now recommend plan B. But need not be expensive - here in the UK you can get a Win98 PC and CRT monitor second hand for £50 max ($95 US). MS Paint is about all a 3-year old can handle, but they can soon graduate to minesweeper, solitaire, and eventually notepad! Don't provide internet or LAN access, and have fun! -- Regards, Newell White |
#8
|
|||
|
|||
Limiting user rights.
Richard wrote on Wed, 01 Oct 2008 23:02:09 +1300:
Is there any way that I can set up an account of some type on my XPpro machine so that my son cannot delete any files, icons, change settings, but still be able to access programs that I can nominate and create files from those programs, and create text files from outside of those programs? He's 3, and I wouldn't mind letting him stuff around on my computer, if I knew that he couldn't stuff something up. The other option is to cram a crowbar in the wallet and set one up for him. The only problem with that is having to fix the problems on that computer, although they'd probably be not life-shattering problems I suppose... My 3 year old has a Limited User account on the kid's PC (my 9 year old has a Limited User account too), and so far so good - I have to install anything as the only admin user, but it's enough that the kids can't delete much except files they've created, they can create icons on the desktop, and they can access the net when I let them (combination of FSS and router access rules, and keeping a close on them when they're on the computer). This PC hasn't needed a rebuild since I installed everything a year ago, so I rate that as a success. I wouldn't let him on my own PC though, that's just asking for trouble. -- Dan |
Thread Tools | |
Display Modes | |
|
|