Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Abilities of a "standard user" (vs. an admin user) 1

Status
Not open for further replies.
DayLaborer

DayLaborer

Programmer
Jan 3, 2006
347
US
I tried Googling this but couldn't find the answer...

I am creating "standard user" accounts for my kids on our home PC (Windows 7 Home Premium). I do understand that "standard users" cannot un/install software. That's good. But can they delete, let's say, files/folders from (for example) the Program Files folder? In other words, do I need to use NTFS permissions to deny them from modifying all such "important" files, or will their "standard user" accounts take care of that for me? Also, if I deny the ability for them to modify/write on the whole drive (except for their stuff), I think some of their programs won't work properly...

Advice?

Thanks,
Eliezer
 
Sort by date Sort by votes
Standard Users should not have the ability to modify or delete files in Operating System protected folders such as Windows, Users, and Program Files.

Only Read and Execute permissions.

You can actually confirm that by Right Clicking on the folder in question, and choosing Properties, then clicking on the Security tab. The Users group should only have 3 permissions checked:

Read & Execute
List Folder Contents
Read

That means the can see the contents, they can execute programs from there, but thy can;t delete in or write to those folders.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
 
Upvote 0 Downvote
Thanks, Vacunita. Are you aware of anywhere where this is documented, e.g. exactly what the restrictions are of standard users?

Thanks,
Eliezer
 
Upvote 0 Downvote
It refers to Windows Vista, but applies to Windows 7 as well.


It has a table that lists what Standard and Administrators can do.

Admins can do everything Standard Users can do plus everything on their side of the table.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
 
Upvote 0 Downvote
Programs written for Vista and Windows 7 should not be a problem for the Standard User once they are installed. Old programs written for XP and earlier may have .dat, .log, .txt, .ini, and .exe files stored in the Windows folder, System32 folder, or the Programs Files folder, and also have entries in the the Registry. A user with Standard rights would have difficulty writing to such files or Registry Keys.

This can be overcome via the use of "elevation", that being running under an Administrator Account by right-clicking on the .exe (or shortcut) and selecting the "Run As Administrator" option, which requires knowing an Administrator's password, or you have to change the access permissions of all the relevant files so that a Standard User can access them.

HOW TO: Take Ownership of a File or Folder in Windows XP (or Vista)

Error Message: "Access Is Denied" When You Try to Open NTFS File System Folders

A couple of XP articles but still relevant. Some of the examples apply to Domains but you'll get the idea, I hope.

How inheritance affects file and folder permissions

Set permissions for folders and files
 
Upvote 0 Downvote
Linney, I'm not worried about standard users, e.g. kids, being able to successfully use programs. I'm trying to protect the files on my PC from them.

Vacunita, thanks for the link, but I'm looking for a list of which folders/files are "safe" from standard users.

Thanks,
Eliezer
 
Upvote 0 Downvote
Those 3 and their sub-folders are it.

Program Files
Users
Windows

In the "Users" folders the documents folder belonging to the current user is of course available to the user. So they can add, remove, delete, copy etc.. files and folders from withing that specific folder.

Anything else under the "Users" folder is Protected.

Any folder inside any of these folders is Protected.

Unless specifically set to not be by an Admin user.


----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
1K
guitarzan
guitarzan
pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
3K
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
Sebastian42
  • Locked
  • Question
Possibly a timing problem
Replies
3
Views
1K
Rick998
Rick998
goombawaho
  • Locked
  • Question
Risk of running unsupported server version 1
Replies
7
Views
634
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top