Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Stopping admin accounts accessing another's documents

18 Jun 2009   #1
yohan

Windows 7 x64 build 7100
 
 
Stopping admin accounts accessing another's documents

Hi, I have two administrator accounts setup, but they can access each other's documents (C:\Users\Example). I tried removing all but the owner in the security tab, but administrators can take ownership this way somehow, anyone know what I can do (besides making them non-administrator accounts)


My System SpecsSystem Spec
.
18 Jun 2009   #2
Dark Nova Gamer

Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
 
 

Correct me if I am wrong (which I likely am) but wouldn't creating a password for those two admin accounts prevent them from accessing each other without the other ones password?
My System SpecsSystem Spec
18 Jun 2009   #3
dmex

 

Quote   Quote: Originally Posted by yohan View Post
Hi, I have two administrator accounts setup, but they can access each other's documents (C:\Users\Example). I tried removing all but the owner in the security tab, but administrators can take ownership this way somehow, anyone know what I can do (besides making them non-administrator accounts)
Hi Yohan,

You can remove the Administrators Group from always being able to take ownership of objects via the Local Security Policy

If you remove all users and groups from this setting then no one can universally take ownership of anything if they don't already have the permission for that file or folder

Just to be safe leave at least one account or group here so they can always take ownership of any object encase you accidentally get locked out of your own files

-localsec.jpg

Hope it helps.

Steven

Quote   Quote: Originally Posted by DarkNovaGundam View Post
Correct me if I am wrong (which I likely am) but wouldn't creating a password for those two admin accounts prevent them from accessing each other without the other ones password?
Users in the administrative group can always take ownership of anything regardless of what user or permission they have set for that file or folder, it all depends on this local Sec policy setting as to what group has unrestricted security access


My System SpecsSystem Spec
.

18 Jun 2009   #4
Dark Nova Gamer

Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
 
 

Quote   Quote: Originally Posted by dmex View Post
No, users in the administrative group can always take ownershiop of anything on the system regardless of what user or permission they have set, it all depends on this local Sec policy setting
Well at least I tried. That kind of defeats the purpose of a password doesn't it though?

Also.. OMG we have the same name! lol had to say it.
My System SpecsSystem Spec
18 Jun 2009   #5
dmex

 

Quote   Quote: Originally Posted by DarkNovaGundam View Post
Well at least I tried. That kind of defeats the purpose of a password doesn't it though?

Also.. OMG we have the same name! lol had to say it.
Administrators are Administrators, they can just reset your password if they like (you can remove that privilege for admins via group policy too)

Hope it helps Steven

Steven
My System SpecsSystem Spec
18 Jun 2009   #6
yohan

Windows 7 x64 build 7100
 
 

Thanks for your help, but it seems after setting the "Policy take-owner ability" to user "Bob", user "Dave" can still access Bob's area, after giving UAC permission to do so. After he does this, in the share tab, Bob is still owner, but Dave is now there, and has "Read/Write" access. How can I stop this?

Thanks so far by the way Steven & Steven.
My System SpecsSystem Spec
18 Jun 2009   #7
happinessiseasy

Windows 7 RC (Build 7100)
 
 

The point of Administrators is to have full access. If you don't want full access, make each other power users.
My System SpecsSystem Spec
18 Jun 2009   #8
Dark Nova Gamer

Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
 
 

Quote   Quote: Originally Posted by happinessiseasy View Post
The point of Administrators is to have full access. If you don't want full access, make each other power users.
Yes but an admin having the ability to spy on the other admin is stupid in my opinion.

=\
My System SpecsSystem Spec
18 Jun 2009   #9
yohan

Windows 7 x64 build 7100
 
 

Quote   Quote: Originally Posted by happinessiseasy View Post
The point of Administrators is to have full access. If you don't want full access, make each other power users.
I don't think Power Users exist anymore.

Edit:

I'm wrong.

This works.
My System SpecsSystem Spec
18 Jun 2009   #10
dmex

 

Quote   Quote: Originally Posted by yohan View Post
I don't think Power Users exist anymore.

Edit:

I'm wrong.

This works.
Your welcome

Steven
My System SpecsSystem Spec
Reply

 Stopping admin accounts accessing another's documents




Thread Tools




Similar help and support threads
Thread Forum
Full Admin Accounts
Hi everyone, I'm trying to set up a user to be an administrator in Windows 7 Ultimate... 1) I created the user as an Administrative account 2) I have turned UAC off in Conrol Panel -> Users Accounts -> Change User Account Control Settings by setting it to "Never Notify" 3) I have set UAC...
System Security
Stopping My Video files from going into My Documents folder.
When I download onto BBC iPlayer the downloaded programme is stored in My Videos/BBC iPlayer downloads file which is fine. My problem is, the same download goes into Documents\ My Videos but I have synched Documents with free Dropbox for backup purposes and as space is limited in Dropbox I will...
General Discussion
Preventing Guest from accessing Admin account
Hi there, I have setup a guest account on Windows 7 Ultimate 32-bit and noticed that after logging in to the guest account, I am able to access my own account folder (admin account). This is wierd as this should not happen. Any user logged in to the guest account should not be able to see the...
System Security
How can i block certain user accounts from accessing certain partition
Hi i have patition (c) and partition (D) and partition (j) I need help blocking a standard user from accessing partition (D) and partion (j). windows 7 Home premium 64 bit Thnks for any help in advanced
General Discussion
one computer, 7 users accounts need to share admin documents
I want to be able to share Administrator documents and files with user acoounts on the same computer.... without having access to the internet. I only have one computer. But I have 7 different user accounts on that one computer. I want each of my users to have access to the Administrators...
Network & Sharing
Accessing Office Documents Using Your Phone
More...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App