Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Need help in setting up a VERY restrictive user account

05 Jul 2012   #1

Need help in setting up a VERY restrictive user account

Hello Everyone;

I've been working on a way to setup a very restrictive user account on my computer that I could use to access online banking and other sites that might involve sensitive information. Unfortunately, I have been running into numerous dead-ends and I was hoping that this forum could provide some fresh insights.

My goal with this account is two-fold: I wish to isolate sensitive information on my computer so that if my main user account (that I use on the internet) is compromised, the intruder will not be able to reach the sensitive information. If the banking user account is compromised, then the rest of my system will be protected.

I am running windows 7 professional, 64 bit. Firewall/antivirus is Norton Internet Security. I have a DSL connection.

My concern is not with the physical security of the hardware - if an intruder breaks in they can simply steal the computer along with enough paper records to make identity theft easy...

In terms of the security of the computer from the internet, it seems to me that a bad guy would have two approaches. First he could attack the firewall or operating system. Second he could compromise the browser that I am using. (Opera by the way)

If a bad guy succeeds in breaking the firewall - that is getting the firewall to run code of the intruder's choosing - then he would be running code at the privilege level of the operating system. If that happens I'm toast.

On the other hand if he breaks through via the browser, then he would be running at the user level of the banking user. The question is, how can I make this as barren a landscape for running code as possible? It seems to me that APPLOCKER would be just the thing - the user could only run what programs I wanted...unfortunately this is not an option with Windows 7 Professional.

I've heard of software restrictions that could be set using the Group Policy editor but research seems to indicate that could be easily bypassed by simply coping files from one place to another. One site suggested this approach would not prevent one from executing a program via the command line...

Next I looked at turning off the Remote Procedure Call service which I think is a service that let's a remote user tell the local computer to run some program. Unfortunately, seems Windows needs the service for internal reasons and it might be necessary for online banking website to run. (ActiveX controls perhaps?, JavaScripts?)

Setting file system permissions also seem to be a deadend. Setting a Deny-Execute permission on the Program Files directory - where most of the programs reside that I wish to hide from an intruder's use - also failed. First because the directory was owned by TrustedInstaller and then after I took ownership, because the restriction could not be set on the subfolders. (I think I would have to take ownership of each nested subdirectory one at a time before I could set that permission.)

So now I throw it out to you guys - anything I can do? Any avenue I could take that I haven't yet been down? Any understanding that I am lacking?


My System SpecsSystem Spec


 Need help in setting up a VERY restrictive user account

Thread Tools

Similar help and support threads for2: Need help in setting up a VERY restrictive user account
Thread Forum
Solved How to turn User Account Control setting to off? System Security
Setting Up User Account Personalization General Discussion
Setting Up A Seperate User Account On Same PC Customization
User Account Control setting System Security
Solved Creating a New User Account Similar to an Existing User Account Performance & Maintenance
Setting high restrictions for a user account System Security
Setting up a separate user account Installation & Setup

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:31 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33