Internet security / user permissions 1

[philrock]

Like many private individuals and small business owners, I use Win XP Home on a single computer. At work, there is no network except to the extent that there is a network cable from the computer to the DSL modem. At home, the network consists of a DSL modem/gateway and two computers. I once added a third computer to do some file transferring. Other than that, there has never been computer-to-computer communication on the home network. At work, I require myself to log on with a password every time I boot up. Under my regular logon, I can install software, edit the registry, etc. I assume this means I have Administrative permissions. At home, I do not require myself to log on, but I do have full permissions.

I heard recently that if you are on your computer as Administrator (or any user with full permissions), and then go onto the Internet, your computer is much more vulnerable to viruses, spyware, etc., than if you go onto the Internet as a user with more limited permissions. This certainly makes sense, but it seems so basic that I would have expected to hear about it years ago if it were true. Is it true? If so, can you steer me to step by step instructions to set up a user with more limited permissions?

I searched for information on this site and on Google, and did not find anything exactly to the point.

Thanks!

 

[schofs]

The problem of using the Internet or receiving mail while logged on with administrators rights is that if you receive bad code or visit a site which has bad code (Virus Trojans etc) and they infect your machine they will use the rights of the person logged on at the time. So if that is an administrator it has full rights to the machine and could do anything it likes. However using a limited account prevents code installing and will only run as a limited user.

The following link will tell you how to do this on XP Home

http://www.protectiveparenting.com/web/html/modules.php?name=News&file=print&sid=8

Hope it helps

 

[philrock]

schofs,

Thanks a million - this is exactly what I was looking for.

philrock

 

[philrock]

I set up a new user account, and was disappointed to find myself facing a desktop looking almost like a brand new computer. Is it possible to easily create a new user account with everything (settings, desktop, etc.) the same, except for permissions?

I noticed that when I went to log in as a different user, only 2 users were listed: the one I had been using before, and the new one. In Windows Explorer, under Documents and Settings, there is what looks like a list of users, including Administrator, Default User, All Users, my previous login, my new login, and others. Why, when I go to log in as a different user, am I not given the option of logging in as Administrator, for example?

 

[schofs]

If you go to C:\Documents and Settings from my computer you will see all the folders of users go into your old account you will se a folder called desktop all your shortcuts should be in there and can be copied. The Admin Account is hidden in Home XP you can get at it again by logging in as an full rights user then in the Run Box (start run) type as shown:

control userpasswords2

This will bring up a neat box where you have access to the default admin account. Its a pretty powerful utility so be careful

 

[philrock]

schofs,

This is turning out to be about as hard as I thought it would.

I sure appreciate your help with this stuff. Windows help seems to be pretty useless in this area.

I managed to get my full desktop copied over to my restricted user. In the process, I also managed to delete the Desktop folder for my usual privileged user, but I still see the same desktop when I boot up. I guess the desktop I see must be the Master Desktop (top of the Windows Explorer tree).

As a full-privileged user, I normally disable the LAN connection when I'm not on the Internet, thinking this gives me somewhat less exposure to bad Internet stuff. When I'm logged on as the restricted user, I can not enable the LAN connection. If I log on as privileged, enable the LAN connection, shut down, then re-boot and log on as restricted, the LAN connection comes up enabled, but I can not get on the Internet.

I tried the Administrator controls, as you suggested (and with great trepidation), and did not find ways to control what I'm talking about above.

Should I expect to have to re-configure each app with preferred folders and other preferences for the new user?

 

[pgaliardo]

Philrock,

Schofs has some great suggestions, but at this point it almost seems like it would be a lot easier to just get a good firewall, make sure your Anti-Virus is up to date and log on as the administrator. XP can get really frustrating trying to do things as a limited user.

Not sure why you are not getting on the Internet as the new user. Probably a configuration issue and something that you can't resolve while logged on as a limited user.

Just my 2 cents.

 

[schofs]

If you are using a LAN connection to the internet can I take it that you are connected to the internet via an ADSL Router/Modem ? If so this should protct you from network attacks. The whole point of a limited user is to stop you doing admin type things. If you are still worried dwnload ZONE alarm from the following url

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Its the free version which will protect your machine from internal network attacks and internet threats. I use it and it does me fine