User permissions under WinXP

(merry 2006!)

Hi everyone, I know this is not the best question to start with but… here it goes:
Due to the turns in life, I must share my computer with a people I would rather NOT share computer… but well…

I know Windows XP has a series of security measures to restrict other users… I wonder… Can anyone point me to a site where could learn how to limit what each computer user can do on my computer? I’ve been playing with Win Xp for a while but had no real success until now…

(I’m using Win XP Pro SP2)
Any help would be greatly appreciated! THANK YOU!!!

I know the feeling. I hate when my family members ask to use my computer because they mess around wih stuff.

If you just want to hide your porn, I’d say to use encrypted disk images or zip files.

Windows permissions are a pain and Window’s multi-user implementation is bad - one reason why Windows systems tend to be left insecure. Try following this guide:

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/filesharing.mspx

You would create a new user account with restricted access privileges, which your family member would login with. That way your settings shouldn’t be affected.

Exactly. Go to Start --> Settings --> Control Panel --> User Accounts and create new accounts for the others [ :stuck_out_tongue: maniacal laugh here, wipes tear, --j/k ]

Make sure to specify “Limited” access and make sure that they have separate My Documents directories and the like.

Those are the basics. I suggest you follow osxrules’s link and plug other holes mentioned there.

Are the other people computer savy? Would they know how to try to get around account permissions and the like?

Also, I personally use long passwords (at least 8 characters), with a minimum of three character classes: Uppercase, lowercase, digit, punctuation. Memorize it and if you are ever forced to use it while someone is looking over your shoulder change it the very next chance you get.

Good luck.

Well, thank you all… I followed your link osx and its exactly what I want (i did check why I didn’t have that “security” tab and it turns out I have to disable simplied sharing)… I was actually looking for a way to limit the access to other folders besides “my documents”… this should work like a charm :slight_smile:

thank you very much… and thanks for the password tips too (don’t worry, I tend to have pretty tight passwords :smiley: )

I don’t think the other people will bother with tryng to break my security (althoug one threatened me with downloading a password recovery app to steal my password… )…

Is there a way to limit WHICH applications should run? and which not? Like a “default deny” policy? Thanks :smiley:

I’m sure Windows has an executable bit like unix which prevents applications being run but it might be easier to use something like this application:

http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

Under a new account, you should be able to limit their access to apps without it affecting your account. You could also store apps you didn’t want them to run inside a folder protected by your account but that might be difficult to set up if apps need to run from a certain place.

This site might also give some useful info:

http://www.uwec.edu/help/WinXP/perm-advfolder.htm
http://www.uwec.edu/help/WinXP/perm-types.htm

Because you have XP Pro, you can also do what it says on this site:

http://www.tweakxp.com/article37432.aspx

but be careful with it:

“Warning: Prior to making changes with the group policy editor please use System Restore to create a known good Restore Point in case you encounter issues. TweakXP.com takes no responsibility for any problems that may occur from using the Group Policy Editor incorrectly.”

You might be best following this guide as it’s from Microsoft and seems pretty straightforward:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/acl_special_permissions.mspx

Some people prefer to use 3rd party software to set ACLs:

the reason being:

[XP built-in] ACL Editor does not necessarily show what’s there, but displays an interpretation of an ACL. SetACL, on the other hand, shows you exactly what is stored in an ACL - thus it is possible that both tools list different ACEs in one and the same ACL.

In your case, the XP one should be fine.

:smiley: Thanks! Excellent links!

Also, I personally use long passwords (at least 8 characters), with a minimum of three character classes: Uppercase, lowercase, digit, punctuation. Memorize it and if you are ever forced to use it while someone is looking over your shoulder change it the very next chance you get.

bah long passwords.

my home comp is 13 characters and my school one is 26 characters. <<
abcdefghijklmnopqrstuvwxyz