Permissions in Windows7

Status
Not open for further replies.
pr.itdude

pr.itdude

tHe nEw gEEk......ITian
After a long time, i m in need of a solution once again....this time about Windows7.

I tried windows7 first in VBox to test it. But i m miffed by the permission settings in windows7.
First have a look at my current scene in windows XP:
Users : itdude [admin][password protected]
home [admin] [no password]
Now as "itdude" user (for my personal use) is password protected windowsXP provides the feature to "make all the files private" (all documents and settings), so that no one have any permission to even list the file. It simply denies it.

But now in Windows7, as both the users are admin, there is no concept of "making files private" of an admin, damn (correct me if i m wrong). :-x
Each time an administrator can override the permissions settings of other admin.

Is there any way that other user(admin) of the system, "home" cannot have access of the "Users" directory (Documents in win7- i guess) of another admin, "itdude".

In simple words, i need that one admin cannot list the folders of other admin's documents.
 
X

xitij2000

Requiem for the Sith
This isn't something new in Windows 7, as you can do the same in Windows XP and Vista as well.

If you really want to protect your data from other users, permissions aren't really the best way, since anything which ignores the metadata will still be able to access it. If you have full administrative access you can override pretty much anything!

Best way in this case would be to encrypt the files using windows itself. You can access the encryption option by clicking on the "Details" button in the Attributes section of the file / folder's properties dialog.

However if you suffer a system crash or some-such you can easily be locked out of your own files! So, beware! Keep a backup of the file keys.

Another option is to use a software like Pismo File Mount, which allows you to store your encrypted **** in a file, which can then be mounted in-place.
 
OP
pr.itdude

pr.itdude

tHe nEw gEEk......ITian
^^ vohooo mate,
first of all thnks for ur quick reply.....and encryption is not the thing i am looking for...but i'll surely think abt it in detail...

And second there is no such material that i want to hide...its just that i dont want other to edit it, as there are other users using the same system, and they r quite "khurafati" who even once deleted a system file !!!

I just wanted any trick or any indirect settings which result in the output i wanted !!
 
X

xitij2000

Requiem for the Sith
Well, as long as they have administrative access, and are of "khurafati" nature ;) nothing much can stop them!

Can you possibly make them normal users? Or if that doesn't suit, you can define your own user calls say "Sub-Admin", and define your own policies for it if you feel comfortable.

You can use the MMC tool for this using the Local Users and Groups snap-in and the Group Policy editor (or something).

The Local users and groups will allow you to create a new group, and make other users part of that group instead of making them admins. Then using the Group policy editor you can configure what permissions the new group has.

This might be a bit complicated, and honestly I haven't dabbled much with this. Will post a some more details later when I am on a Windows machine.
 
OP
pr.itdude

pr.itdude

tHe nEw gEEk......ITian
^^ That sounds quite OK to me...
The other admin (home) need to have permissions for installing/uninstalling a software, can modify the other drives (like D,E), can browse/download internet, and can use usb drives.

These are the permissions that is needed by the other admin user. Now can u elaborate it how to get these.......
Any registry tweak ??

Hmm....thnx mate 4 ur concern :)
 
X

xitij2000

Requiem for the Sith
Sorry for the delay!

Use the Microsoft Management Console (Start->Run-> "mmc")
Once it launches, click on File->Add/Remove Snap-in...
In the dialog that pops up, double click / add Group Policy Object Editor, and Local Users and Groups. Click on OK, they will be added to the main windows.

Now in Local Users and Groups right click Group and click on New Group...
Enter the details, add the users (or not) and you're done.

For good measure, edit the user accounts for the other people under Users, and remove them from the group of Administrators.

Now, go to Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment

Here you can configure what all the new group you just defined will be able to do. Disallow them to "Take ownership of files and other objects"

This way you can set yourself as an owner of your folders, and restrict others to read only or no privileges, and they wont be take over.
 
Zangetsu

Zangetsu

I am the master of my Fate.
@ xitij2000: hey how your profile name is colored in orange...coz i have seen all other users name in common color only (i.e black)..R u admin or what ???
 
dreams

dreams

Gracias Senor
@pr.itdude
If you want certain folder to be private and accessed only by u, follow this,
Right clik on the desired folder - share - nobody
You will not see any difference. But if you login as another user, you can find a smal golden lock on the folder.

Try it.
 
X

xitij2000

Requiem for the Sith
@KaranTh85 You know what.. I might just be an admin..

@dreams That would work for ordinary users, however if the other user is a Admin, especially of the "khurafati" type, they will be able to revert the permissions. In which case the above mentioned measures might be required.
 
X

xitij2000

Requiem for the Sith
^^ Oh.. I didn't mean it that way.

What I meant to say is, the method you describe will work for people who have User accounts, not Admin accounts, and Admins can bypass such security measures. Not saying your method is bad it is the best, and fastest method if you are the sole admin on the comp.

I'm not sure khurafati is an actual word.. is it pr.itdude? I think it just means someone who annoyingly pokes his / her nose too much in other people's business.. or something like that...
 
OP
pr.itdude

pr.itdude

tHe nEw gEEk......ITian
Sorry for late reply.....busy with my exams,
@xitij2000, thanks....this looks really good to me......i'll definitely try it soon (2morrow, really tired now) , and will get back to u !!!

And yeah,"khurafati" someone mischievous or whose brain force him to do paranormal activities ,lolzzz :D, arey yaaro...its hindi word, dont u understand hindi !!!
 
dreams

dreams

Gracias Senor
I live in Delhi and work in Gurgaon for the last 1+ yrs. Not interested in learning Hindi :)

Know only some words which is useful for my day to day activities.
 
Status
Not open for further replies.
Top Bottom