If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
WinXp PRO Accounts and GPEDIT
I just got a new laptop and this is the first time i have had XP PRO (i have
had XP HOME and 2000 before). I have 2 questions: 1. I want the built-in "Administrator" account to be the Admin and "Chris" to be a limited user. But XP wont let me take admin priviledges away from "Chris", even when I am logged into the "Administrator" account ("limited account" is greyed out in the User Accounts control panel). I need to set up a third account, give it admin priviledges, and then take them away from "Chris" to have it the way I want it. It's like XP dosen't count "Administrator" and having admin priviledges. Why the need for 3 accounts? Is there a way around this? 2. Even once I did that, and made "Chris" a limited account, Norton AV2004 complains at logon about not having priviledges. Is there a way to make Norton AV2004 shut up, or can I give "Chris" priviledges for certain things, but not others, to keep the account safer? Also, is there a solid tutorial out there for configuring user accounts with GPEDIT? I want to customize the security for the limited account, but I don't want to mess with things until i RTFM. OK, that's more like 3 questions. Thanks. -- Chris |
Ads |
#2
|
|||
|
|||
WinXp PRO Accounts and GPEDIT
For both question #1 and #2, it would help to get familiar with Local Users
and Groups in Computer Management (right-click My Computer, and select Manage). You can do lots more stuff than you can with User Accounts in Control Panel. With Local Users and Groups, double-click Groups, right-click a Group Name, and select Properties. Now you can easily assign a User Account to a different Group. You have more groups to choose from, but it takes 2 steps. You'll have to add the User to a new Group, and remove him from the old Group. To get Norton to stop balking, try (1) giving Write and Modify permission to Chris, only on the folder named in the Error message Norton is choking on, or (2) adding Chris to the Group named Power Users, which ever makes you more comfortable. Since the Administrator and Power Users group have lots more authority and permission than Limited Accounts (Users group), I would recommend you not surf the wild wild web using these accounts. Any vermin that slips through your defenses would have the same permission/authority as the account you logged on with. Instead, I have found a great deal of success and comfort surfing the web with a special account set up for only that purpose, that has all NTFS permissions except Read/Execute removed from \Windows and \Program Files. It doesn't remove the need for anti-virus, anti-spyware, and firewall programs, because it doesn't stop vermin from corrupting the folders within this user account, e.g. Favorites, Cookies, Desktop, Documents, Settings, etc. What I have noticed though, since I enabled auditing on folders named \Windows and \Program Files, is that the Security Log in Event Viewer shows failed attempts every day by some web pest trying unsuccessfully to infect files in these folders like Explorer.exe. Can't help with question # 3 "eschatonik" wrote in message news:3A%Bc.4847$E84.2712@edtnps89... I just got a new laptop and this is the first time i have had XP PRO (i have had XP HOME and 2000 before). I have 2 questions: 1. I want the built-in "Administrator" account to be the Admin and "Chris" to be a limited user. But XP wont let me take admin priviledges away from "Chris", even when I am logged into the "Administrator" account ("limited account" is greyed out in the User Accounts control panel). I need to set up a third account, give it admin priviledges, and then take them away from "Chris" to have it the way I want it. It's like XP dosen't count "Administrator" and having admin priviledges. Why the need for 3 accounts? Is there a way around this? 2. Even once I did that, and made "Chris" a limited account, Norton AV2004 complains at logon about not having priviledges. Is there a way to make Norton AV2004 shut up, or can I give "Chris" priviledges for certain things, but not others, to keep the account safer? Also, is there a solid tutorial out there for configuring user accounts with GPEDIT? I want to customize the security for the limited account, but I don't want to mess with things until i RTFM. OK, that's more like 3 questions. Thanks. -- Chris |
#3
|
|||
|
|||
WinXp PRO Accounts and GPEDIT
See www.dougknox.com, Win XP Utilities, Windows XP Security Console. You =
can restrict many of the of the operating system features, while leaving = the "Chris" account as an Administrator. You can even prevent "Chris" = from running the Security Console to undo the changes. --=20 Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. =20 "eschatonik" wrote in message = news:3A%Bc.4847$E84.2712@edtnps89... I just got a new laptop and this is the first time i have had XP PRO (i = have had XP HOME and 2000 before). =20 I have 2 questions: =20 1. I want the built-in "Administrator" account to be the Admin and = "Chris" to be a limited user. But XP wont let me take admin priviledges away = from "Chris", even when I am logged into the "Administrator" account = ("limited account" is greyed out in the User Accounts control panel). I need to = set up a third account, give it admin priviledges, and then take them away = from "Chris" to have it the way I want it. It's like XP dosen't count "Administrator" and having admin priviledges. Why the need for 3 = accounts? Is there a way around this? =20 2. Even once I did that, and made "Chris" a limited account, Norton = AV2004 complains at logon about not having priviledges. Is there a way to = make Norton AV2004 shut up, or can I give "Chris" priviledges for certain = things, but not others, to keep the account safer? Also, is there a solid = tutorial out there for configuring user accounts with GPEDIT? I want to = customize the security for the limited account, but I don't want to mess with things = until i RTFM. =20 OK, that's more like 3 questions. Thanks. =20 --=20 =20 Chris =20 |
#4
|
|||
|
|||
WinXp PRO Accounts and GPEDIT
JW wrote:
For both question #1 and #2, it would help to get familiar with Local Users and Groups in Computer Management (right-click My Computer, and select Manage). You can do lots more stuff than you can with User Accounts in Control Panel. With Local Users and Groups, double-click Groups, right-click a Group Name, and select Properties. Now you can easily assign a User Account to a different Group. You have more groups to choose from, but it takes 2 steps. You'll have to add the User to a new Group, and remove him from the old Group. To get Norton to stop balking, try (1) giving Write and Modify permission to Chris, only on the folder named in the Error message Norton is choking on, or (2) adding Chris to the Group named Power Users, which ever makes you more comfortable. Since the Administrator and Power Users group have lots more authority and permission than Limited Accounts (Users group), I would recommend you not surf the wild wild web using these accounts. Any vermin that slips through your defenses would have the same permission/authority as the account you logged on with. Instead, I have found a great deal of success and comfort surfing the web with a special account set up for only that purpose, that has all NTFS permissions except Read/Execute removed from \Windows and \Program Files. It doesn't remove the need for anti-virus, anti-spyware, and firewall programs, because it doesn't stop vermin from corrupting the folders within this user account, e.g. Favorites, Cookies, Desktop, Documents, Settings, etc. What I have noticed though, since I enabled auditing on folders named \Windows and \Program Files, is that the Security Log in Event Viewer shows failed attempts every day by some web pest trying unsuccessfully to infect files in these folders like Explorer.exe. Can't help with question # 3 "eschatonik" wrote in message news:3A%Bc.4847$E84.2712@edtnps89... I just got a new laptop and this is the first time i have had XP PRO (i have had XP HOME and 2000 before). I have 2 questions: 1. I want the built-in "Administrator" account to be the Admin and "Chris" to be a limited user. But XP wont let me take admin priviledges away from "Chris", even when I am logged into the "Administrator" account ("limited account" is greyed out in the User Accounts control panel). I need to set up a third account, give it admin priviledges, and then take them away from "Chris" to have it the way I want it. It's like XP dosen't count "Administrator" and having admin priviledges. Why the need for 3 accounts? Is there a way around this? 2. Even once I did that, and made "Chris" a limited account, Norton AV2004 complains at logon about not having priviledges. Is there a way to make Norton AV2004 shut up, or can I give "Chris" priviledges for certain things, but not others, to keep the account safer? Also, is there a solid tutorial out there for configuring user accounts with GPEDIT? I want to customize the security for the limited account, but I don't want to mess with things until i RTFM. OK, that's more like 3 questions. Thanks. -- Chris Thanks for the tips. I have set up "Chris" as a limited user, and found that the issue I was having with NAV2004 is covered he http://service1.symantec.com/SUPPORT...av&svy=&csm=no Now everything seems to be running fine, and I am no longer running as admin, which makes me feel a wee bit better. I'm going to go check out your site, too, DOug, as that seems to be just the ticket for the other info i am looking for. -- Chris Gsell www.eschatonik.com |
Thread Tools | |
Display Modes | |
|
|