how-to block ads
|
mededitor
Premium
join:2004-07-04
Fair Lawn, NJ
 ·Optimum Online
| Limited User Account
Having been hit earlier with one of the latest infections and reading so many recommendations about running my computer on a limited user account, I decided to go that route.
However, I see that I have to set up everything from scratch when I do that, such as IE "Favorites," my desktop shortcuts and preferences, my Outlook folders and contacts, etc.
Is there any way to move these things to a new limited user account in one or two easy steps? Basically, I would like to maintain my current personal preferences and set ups on the new limited user account.
I have a "Guest" account for when my nephews are visiting and want to use my computer so I'm happy that I don't have my personal settings on that account, but I sure would like to move my personal things to a new limited user account without having to do it piece by piece.
TIA.
--
When one door closes, another opens... | |
Its a Secret
Rabidly yours
Premium
join:2008-02-23
Kelowna, BC
edit:
September 5th, @07:18PM
| Enable the Admin account, and then make your account limited. Easy as pie!
Edit - make the Admin account PW protected with a solid PW!
--
"In the future, that which is not mandatory will be illegal" | |
mededitor
Premium
join:2004-07-04
Fair Lawn, NJ
·Optimum Online
| said by Its a Secret  :Enable the Admin account, and then make your account limited. Easy as pie! Edit - make the Admin account PW protected with a solid PW! Thank you for your reply. Another question, when I am in my current account (the Admin account) and try to change it to a limited account, it tells me that I have to have an Admin account.
I'm sorry if I'm being dense about this, but how do I maintain my Admin account while changing the same set-up to a limited account? I'm not sure if I'm wording this correctly, but I guess I need/want both an Admin account and a Limited account that look alike, have the same shortcuts, desktops, folders, etc.
Again, sorry if I'm being dense. I'm just really afraid of getting hit again by one of those infections out there, it was a PIA to get rid of the remnents (I can only assume that I've been successful at that).
--
When one door closes, another opens... | |
Its a Secret
Rabidly yours
Premium
join:2008-02-23
Kelowna, BC
·Shaw
edit:
September 5th, @08:54PM
| You need to change your first account from your new Admin account.
I.E. Current account> 'George'. Create Admin account under 'Users'. Once the account is created, and still logged in to Admin, change your original (George) account to limited. That's it, done deal.
--
"In the future, that which is not mandatory will be illegal" | |
mededitor
Premium
join:2004-07-04
Fair Lawn, NJ
·Optimum Online
| said by Its a Secret :You need to change your first account from your new Admin account. I.E. Current account> 'George'. Create Admin account under 'Users'. Once the account is created, and still logged in to Admin, change your original account to limited. That's it, done deal. Now I understand. Thanks for your help with this and your patience with my density, I don't know why I didn't understand that the first time. 
--
When one door closes, another opens... | |
Its a Secret
Rabidly yours
Premium
join:2008-02-23
Kelowna, BC
·Shaw
edit:
September 5th, @09:17PM
| No worries. We all start from somewhere, no matter where that is... 
Edit - I apologise as I was a bit obtuse in my initial explanation of this. 
--
"In the future, that which is not mandatory will be illegal" | |
redwolfe_98
join:2001-06-11
·RoadRunner Cable
edit:
September 6th, @01:11AM
| reply to mededitor
mediator, i only know to set up a limited user account manually.. i don't know about "enabling the administrator account and then making your user account a limited user account"..
if you are going to use a limited user account, you might run into some problems with it, at first.. for example, i have to adjust some "permissions" for some folders so that i can modify files in them, or so that some programs will run the way that i want them to, in a limited user account.. you will learn as you go along..
which version of windows are you running? i am guessing that you are running win xp-pro.. i am running windows xpsp3-home and, in win xp-home, to adjust "permissions", i have to boot into "safe mode", then rightclick on a folder, click "properties", then the "security" tab, then "users", then adjust the permissions for "users"..
i learned about adjusting "permissions" from the "BOClean-support" webpage.. here is what it says about adjusting permissions for a particular "BOClean" folder:
"Cannot get BOClean to update on "limited user accounts"
This is strictly the result of restrictions which Microsoft has introduced over numerous "service packs" and bandaids for Win2000 and XP. The solution requires granting "modify and "write" permissions to the limited user(s) for the BOC426 BOClean folder. This will ONLY work with BOClean 4.25 or later ... This is how to modify the permissions to allow BOClean to be updated while a limited user is online:
First of all you need to be Logged in as an Administrator in Windows XP, this is CRITICAL! "Limited users" and Microsoft's failure to provide a single "common" point for file writes is the problem here. By MICROSOFT'S choice, "limited users" do NOT have the necessary permissions to update BOClean. THEIR choice, not ours! However, there IS a way around this!
Use the "search" feature to locate a FOLDER called BOC426. When you search, a number of "BOC426" items will likely appear, only ONE of them is a FOLDER. It SHOULD appear somewhere under an "All users" folder. Once the icon for BOC426's FOLDER appears in the search window, RIGHT click on the FOLDER icon and select "Properties." Can you SEE the security tab?
If you are running Windows XP PRO and cannot see the SECURITY tab, then you need to enable it which is done by going to Tools->Folder Options on most any open window. On the View tab click the Advanced Settings box; towards the bottom of the list that appears should be an entry "Use simple file sharing [Recommended]", you need to CLEAR the check box. You do NOT want to use simple file sharing. Click OK to close all the windows and follow the instructions above to alter the write permissions. All permissions are inherited from a master template, so doing this for just BOClean does NOT expose you to a security hazard, and in fact gives you FAR greater control over security by being able to make specific folders even more secure than Microsoft's "defaults." As Martha Stewart used to say, "this is a GOOD thing!" Any newly created items will still inherit the highly limited "limited user" settings regardless of this change.
If you're running XP HOME, Simple File Sharing is enforced by default and cannot be disabled. You must boot the computer into Safe Mode and log in with the Administrator account, in order to see the Security tab.
You need to alter the settings on this tab to change the permissions of the BOC426 folder, which should be self-explanatory (just click the box stating that you wish write permission and modify permission to be enabled for the SPECIFIC user(s) you are interested in).
Check the boxes marked "Write" and "Modify" for the BOC425 folder so that it can be updated by "limited users" or whoever happens to be online when an update is available. "Modify" should also enable "write" but if not, check that box as well. This change will ONLY affect the BOC426 folder wherein the BOC426.XVU update exists. No other folders will have their security settings changed. Once this is done, then any "limited user" will be able to collect BOClean updates and place the update where it's available to all.
NOTE: If you uninstall BOClean and RE-install BOClean, these special permissions will be wiped out by Windows. You will need to go back and provide these permissions again ANY time that the BOC426 folder is removed for whatever reason, and then restored should you have this problem. "Modify" and "write" permissions will not be available for updates or exclusions until those permissions exist in the "new" folder.
-end BOClean support
another tip is to run programs with "administrator" priviledges from within a limited user account.. to do that, rightclick on a program, or a program's shortcut, and select "run as".. then enter the account-name and password for whichever account you want the program to "run as", like if you wanted to run a program as an administrator, with administrator priviledges, from within your limited user account.. (or, you can use "run as" whenever you want to run a program as any particular user, which you might want to do, for various reasons)..
in order to use the "run as" feature, the "secondary login" service must be enabled, in windows' "services", which it normally is, by default, but, if you have disabled "secondary login", you will need to re-enable it, in windows' "services"..
you can tighten up your computer's security by using a "HOSTS" file, to block access to bad "websites"..i use a combination of HOSTS files, all merged together.. there are some HOSTS files listed in the sticky-post at the top of this forum, "security software updates"..
if you use "internet explorer", you could adjust the settings in it so that it is more secure.. in IE, for the "internet zone", i disable everything (except the popup-blocker).. then i add "trusted websites" to the "trusted websites" zone.. it is not a perfect solution (because "trusted websites" can be compromised, too), but it helps.. | |
HeelYeah
Premium
join:2004-02-11
Raleigh, NC
| reply to mededitor
said by mededitor :Having been hit earlier with one of the latest infections and reading so many recommendations about running my computer on a limited user account, I decided to go that route. However, I see that I have to set up everything from scratch when I do that, such as IE "Favorites," my desktop shortcuts and preferences, my Outlook folders and contacts, etc. Is there any way to move these things to a new limited user account in one or two easy steps? Basically, I would like to maintain my current personal preferences and set ups on the new limited user account. I have a "Guest" account for when my nephews are visiting and want to use my computer so I'm happy that I don't have my personal settings on that account, but I sure would like to move my personal things to a new limited user account without having to do it piece by piece. TIA. »www.mechbgon.com/build/Limited.html | |
mededitor
Premium
join:2004-07-04
Fair Lawn, NJ
·Optimum Online
| reply to redwolfe_98
redwolfe, thanks for all of the information. I'm running WindowsXP-home(sp2).
For some reason I'm having problems switching my Administrator's set-up to a Limited User's set-up. I guess that's not entirely true, I [U]can[/U] do it by following Its a Secret's instructions, but then my Administrator account (which becomes the new account) reverts to all Window's (and Dell's) default settings. I was hoping to just mirror my current Windows set-up in two accounts, one Administrator account and one Limited User account.
I'm running BOClean (among other antivirus, antispyware, antiadware, and antimalware programs), so that information is helpful.
The only program that I'm concerned about regarding Limited User status is IE7. No one other than me uses this computer, so there is no one else to make any changes to any programs without my permission---and my computer is password protected so no one can "accidently" start it. I tried to right click on IE7 (and a few other program shortcuts), but I don't see the "Run as" option---I was curious to see if I could run it as a Limited User and leave everything else alone.
I updated some of my IE security settings based on your recommendations; I run it on medium-high, but I changed a lot of the "enable" settings to "disable" or "prompt."
I'll check the HOST files in the Security Software Updates. I'm not sure what they do, but if they'll help with Internet security, then that's a good thing.
Thanks for your help and suggestions.
--
When one door closes, another opens... | |
planet
join:2001-11-05
Olmsted Falls, OH
·Cox HSI
edit:
September 6th, @12:15AM
| said by mededitor :
I don't see the "Run as" option---I was curious to see if I could run it as a Limited User and leave everything else alone.
If you go to start>all programs>internet explorer and right click you should see the run as option. The desktop icon will not allow it.
Not sure why you'd want to run IE as an admin from a limited account though. Seems to defeat the purpose with all the nasties on the net. IE should run just fine w/o run as enabled from a limited user account.
If you want to add your IE favorites to a limited user IE browser, log into your admin account then go to start>my computer>local disk>documents and settings>current user and you'll see a star for IE's favorites. Just copy it to a floppy or cd or save it in the shared documents folder and then switch to your limited user account and follow the same path and paste it into the limited user's folder in documents and settings. All of your favorite sites will be there in that browser for you.
HTH
edit: I see now what you were saying. You want to run IE from your admin account as a limited user. The run as feature is designed to be used by a limited user for admin priveleges, not vice-versa, sorry. | |
mededitor
Premium
join:2004-07-04
Fair Lawn, NJ
·Optimum Online
| said by planet : said by mededitor :
I don't see the "Run as" option---I was curious to see if I could run it as a Limited User and leave everything else alone.
If you go to start>all programs>internet explorer and right click you should see the run as option. The desktop icon will not allow it. Not sure why you'd want to run IE as an admin from a limited account though. Seems to defeat the purpose with all the nasties on the net. IE should run just fine w/o run as enabled from a limited user account. If you want to add your IE favorites to a limited user IE browser, log into your admin account then go to start>my computer>local disk>documents and settings>current user and you'll see a star for IE's favorites. Just copy it to a floppy or cd or save it in the shared documents folder and then switch to your limited user account and follow the same path and paste it into the limited user's folder in documents and settings. All of your favorite sites will be there in that browser for you. HTH Sorry if I wasn't clear, I want to see if I can run IE as a Limited User while I am logged on to my computer as the Administrator; you're right, doing it the other way doesn't make any sense. IE is the only program that concerns me running with Administrator privileges, so I thought if I could change just IE to Limited User, that would resolve my concerns.
I tried to find "Run as" from the desktop icons, I'll try it again as you explained.
Thanks!
--
When one door closes, another opens... | |
planet
join:2001-11-05
Olmsted Falls, OH
edit:
September 6th, @12:20AM
| LOL, see my edit above. We both posted at the same time. | |
mededitor
Premium
join:2004-07-04
Fair Lawn, NJ
·Optimum Online
| said by planet :LOL, see my edit above. We both posted at the same time. Well, I guess I the expression "great minds think alike" is applicable!
--
When one door closes, another opens... | |
OZO
Premium
join:2003-01-17
| reply to mededitor
said by mededitor :I want to see if I can run IE as a Limited User while I am logged on to my computer as the Administrator; Make a shortcut with the target:
psexec -l "C:\Program Files\Internet Explorer\iexplore.exe"
and run it when you need to run IE as limited user (strips the Administrators group and allows only privileges assigned to the Users group).
PsExec
--
Keep it simple, it'll become complex by itself... | |
redwolfe_98
join:2001-06-11
·RoadRunner Cable
| reply to mededitor
mediator, you probably will need to set up the second user-account before you will see the "run as" option.. also, i believe that both user-accounts have to use passwords in order to use the "run as" feature..
i would recommend that you keep things simple.. just go ahead and setup a new user-account with "limited" priviledges (and a password).. then adjust the settings for the new user-account, the way that you want them..
one reason that windows might be reverting your user-account back to an administrator account is because you have not created a second-user account that has administrator priviledges.. you have to have at least one user-account that has administrator priviledges.. | |
Millenniumle
join:2007-11-11
Fredonia, NY
| reply to mededitor
I like to setup the All Users folder: C > Documents and Settings > All Users. You can setup the start menu, desktop, and favorites of your choice. I also take out what I don't want from the Default User folders.
With those changes in place, the start menu, desktop, and favorites are prety much ready to go when a new account is created. I use XP's Guest account as my Limited account. It's perfect for what pretty much amounts to an internet browsing account. Best of all it's disposable. Log in as admin, delete Guest folder, log back in as Guest. Guest's start menu, desktop shortcuts, and IE favorites are built from the All Users forlder.
There are still preferences to be adjusted, but having things like favorites and the start menu all sorted helps. | |
therube
join:2004-11-11
Randallstown, MD
edit:
September 6th, @02:34PM
| reply to redwolfe_98
said by "redwolfe_98" :
to adjust "permissions", i have to boot into "safe mode", then rightclick on a folder, click "properties", then the "security" tab, then "users", then adjust the permissions for "users"..
I think that if you were to disable simple file sharing (in Folder Options), that would alleviate the need to reboot into Safe Mode. The Security tab should then be visible.
(See what "simple" does for you  .)
EDIT: I see that is mentioned in the BOClean quote.
(And that said, I don't know that I'll EVER understand Windows "permissions".)
"reduced rights" jogged a thought. A quick search turned up this, Drop My Rights. Now I know nothing about it, but ...
Greater detail on what OZO posted, Running as Limited User - the Easy Way. | |
Reimer
join:2006-08-14
Toronto, ON
edit:
September 6th, @03:36PM
| reply to mededitor
I switched over to using a limited user account full time not too long ago and I don't regret it one bit. All I did was create a whole new Administrator account and then just switched my current account to a limited one.
Yes, XP can be a pain to use in a LUA when you're the type to require administrative rights all the time for installing programs and such.
However, I come upon this program called SuRun that I'm sure many others in the security forum will recognize. It replaces XP's built in "Run As" with it's own that works better. I'm not going to go into the technical details but I find that with SuRun installed, I get all the security benefits of a LUA and the ease of use of an administrative account.
Try it out and read about it here (it's by a German developer so that's why it needs to go through the Google translator)
»translate.google.com/translate?u···ge_tools | |
-
|
