 |
Windows 7: Stopping admin accounts accessing another's documents
|
18 Jun 2009
|
#1 | |
|
Stopping admin accounts accessing another's documents
Hi, I have two administrator accounts setup, but they can access each other's documents (C:\Users\Example). I tried removing all but the owner in the security tab, but administrators can take ownership this way somehow, anyone know what I can do (besides making them non-administrator accounts)
| My System Specs |
| System Manufacturer/Model Number Custom
OS Windows 7 x64 build 7100
CPU Core 2 Duo E6550 @ 2.80GHz
Motherboard GA-P35-DS3P
Memory 4GB HyperX 1066MHz @ 960MHz 5-5-5-15
Graphics Card Nvidia (Zotac) 8800GT 512MB OC
Sound Card Realtek HD on-board
Monitor(s) Displays Samsung 2232BW
Screen Resolution 1680x1050
Keyboard MS Wired 500
Mouse Razer Diamondback 3g
PSU 600w Hiper SLi PSU
Case Antec 300
Cooling Lots of 120+140+160mm fans..
Hard Drives 640 GB WD 7200RPM
Internet Speed ADSL2+ @ ~4 Mbps
|
18 Jun 2009
|
#2 | |
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04 Pembroke |
Correct me if I am wrong (which I likely am) but wouldn't creating a password for those two admin accounts prevent them from accessing each other without the other ones password? | | My System Specs | | System Manufacturer/Model Number Custom | Whitebox
OS Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU Intel E6750 @ 3.80GHz
Motherboard Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory 2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card Realtek ALC888
Monitor(s) Displays 21" VIZIO TV
Screen Resolution 1680x1050 @ 60Hz
Keyboard Logitech Wireless S520
Mouse Logitech Wireless S520 - Microsoft Wireless Arc Mouse
PSU Corsair 750W
Case NZXT Nemesis Elite
Cooling Thermaltake SpinQ
Hard Drives Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
Internet Speed Download: 20mbps, Upload: 3mbps
|
18 Jun 2009
|
#3 | |
|
Quote: Originally Posted by yohan  Hi, I have two administrator accounts setup, but they can access each other's documents (C:\Users\Example). I tried removing all but the owner in the security tab, but administrators can take ownership this way somehow, anyone know what I can do (besides making them non-administrator accounts) Hi Yohan,
You can remove the Administrators Group from always being able to take ownership of objects via the Local Security Policy 
If you remove all users and groups from this setting then no one can universally take ownership of anything if they don't already have the permission for that file or folder
Just to be safe leave at least one account or group here so they can always take ownership of any object encase you accidentally get locked out of your own files 
Hope it helps.
Steven
Quote: Originally Posted by DarkNovaGundam Correct me if I am wrong (which I likely am) but wouldn't creating a password for those two admin accounts prevent them from accessing each other without the other ones password? Users in the administrative group can always take ownership of anything regardless of what user or permission they have set for that file or folder, it all depends on this local Sec policy setting as to what group has unrestricted security access | | My System Specs | | |
18 Jun 2009
|
#4 | |
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04 Pembroke |
Quote: Originally Posted by dmex No, users in the administrative group can always take ownershiop of anything on the system regardless of what user or permission they have set, it all depends on this local Sec policy setting Well at least I tried. That kind of defeats the purpose of a password doesn't it though?
Also.. OMG we have the same name! lol had to say it. | | My System Specs | | System Manufacturer/Model Number Custom | Whitebox
OS Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU Intel E6750 @ 3.80GHz
Motherboard Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory 2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card Realtek ALC888
Monitor(s) Displays 21" VIZIO TV
Screen Resolution 1680x1050 @ 60Hz
Keyboard Logitech Wireless S520
Mouse Logitech Wireless S520 - Microsoft Wireless Arc Mouse
PSU Corsair 750W
Case NZXT Nemesis Elite
Cooling Thermaltake SpinQ
Hard Drives Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
Internet Speed Download: 20mbps, Upload: 3mbps
|
18 Jun 2009
|
#5 | |
|
Quote: Originally Posted by DarkNovaGundam Well at least I tried. That kind of defeats the purpose of a password doesn't it though?
Also.. OMG we have the same name! lol had to say it. Administrators are Administrators, they can just reset your password if they like (you can remove that privilege for admins via group policy too)
Hope it helps Steven 
Steven | | My System Specs | | |
18 Jun 2009
|
#6 | |
|
Thanks for your help, but it seems after setting the "Policy take-owner ability" to user "Bob", user "Dave" can still access Bob's area, after giving UAC permission to do so. After he does this, in the share tab, Bob is still owner, but Dave is now there, and has "Read/Write" access. How can I stop this?
Thanks so far by the way Steven & Steven. | | My System Specs | | System Manufacturer/Model Number Custom
OS Windows 7 x64 build 7100
CPU Core 2 Duo E6550 @ 2.80GHz
Motherboard GA-P35-DS3P
Memory 4GB HyperX 1066MHz @ 960MHz 5-5-5-15
Graphics Card Nvidia (Zotac) 8800GT 512MB OC
Sound Card Realtek HD on-board
Monitor(s) Displays Samsung 2232BW
Screen Resolution 1680x1050
Keyboard MS Wired 500
Mouse Razer Diamondback 3g
PSU 600w Hiper SLi PSU
Case Antec 300
Cooling Lots of 120+140+160mm fans..
Hard Drives 640 GB WD 7200RPM
Internet Speed ADSL2+ @ ~4 Mbps
|
18 Jun 2009
|
#7 | |
Windows 7 RC (Build 7100) Madison, AL |
The point of Administrators is to have full access. If you don't want full access, make each other power users. | | My System Specs | | System Manufacturer/Model Number Home-Built and has been slowly upgraded since 1999
OS Windows 7 RC (Build 7100)
CPU AMD Athlon XP 2400+
Motherboard ECS L7S7A2
Memory 1.25 GB
Graphics Card ATI Radeon
Sound Card SoundBlaster Live! Platinum (w/ Live! Drive)
Monitor(s) Displays ViewSonic 19" LCD
Screen Resolution 1440x900
Keyboard Old one with the keys pried off that I don't use
Mouse Microsoft Optical Mouse I found at Unclaimed baggage for $10
PSU 500W
Case Generic Beige Box
Cooling A bunch of Fans
Hard Drives 320GB PATA
250GB external USB Backup
Internet Speed Knology Cable Internet (~6-7Mbps)
|
18 Jun 2009
|
#8 | |
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04 Pembroke |
Quote: Originally Posted by happinessiseasy The point of Administrators is to have full access. If you don't want full access, make each other power users. Yes but an admin having the ability to spy on the other admin is stupid in my opinion.
=\ | | My System Specs | | System Manufacturer/Model Number Custom | Whitebox
OS Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU Intel E6750 @ 3.80GHz
Motherboard Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory 2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card Realtek ALC888
Monitor(s) Displays 21" VIZIO TV
Screen Resolution 1680x1050 @ 60Hz
Keyboard Logitech Wireless S520
Mouse Logitech Wireless S520 - Microsoft Wireless Arc Mouse
PSU Corsair 750W
Case NZXT Nemesis Elite
Cooling Thermaltake SpinQ
Hard Drives Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
Internet Speed Download: 20mbps, Upload: 3mbps
|
18 Jun 2009
|
#9 | |
|
Quote: Originally Posted by happinessiseasy The point of Administrators is to have full access. If you don't want full access, make each other power users. I don't think Power Users exist anymore.
Edit:
I'm wrong.
This works. | | My System Specs | | System Manufacturer/Model Number Custom
OS Windows 7 x64 build 7100
CPU Core 2 Duo E6550 @ 2.80GHz
Motherboard GA-P35-DS3P
Memory 4GB HyperX 1066MHz @ 960MHz 5-5-5-15
Graphics Card Nvidia (Zotac) 8800GT 512MB OC
Sound Card Realtek HD on-board
Monitor(s) Displays Samsung 2232BW
Screen Resolution 1680x1050
Keyboard MS Wired 500
Mouse Razer Diamondback 3g
PSU 600w Hiper SLi PSU
Case Antec 300
Cooling Lots of 120+140+160mm fans..
Hard Drives 640 GB WD 7200RPM
Internet Speed ADSL2+ @ ~4 Mbps
|
18 Jun 2009
|
#10 | |
|
Quote: Originally Posted by yohan I don't think Power Users exist anymore.
Edit:
I'm wrong.
This works. Your welcome
Steven | | My System Specs | | Stopping admin accounts accessing another's documents problems? All times are GMT -5. The time now is 08:21 AM. |  |
How can i block certain user accounts from accessing certain partition 
