Results 1 to 5 of 5
  1. #1
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,981
    Points
    248

    Default help with security & multiple users

    Afternoon all

    I should probably know the answers here but I don't. I have never set up or used a PC with multiple users.

    I was at a friend's house yesterday sorting out his PC, one way and another, because his children had managed to trash the HDD data. My friend (the dad) had got as far as reformatting the HDD and his children had set up 5 users - mum, dad and one for each of the 3 children. Everything else had been left to me.

    I set up the BIOS etc. so all was working as it should, re-installed programs (XP Professional, MS Office etc.) and all the usual "free" security stuff following article217 checks.

    I "logged in" as dad, installed AVG, Sygate firewall, SWB, SG, Spybot S&D etc. via the dad's user account.

    The questions I have are these.

    1. does this mean that the WHOLE PC, and ALL the users, are now fully protected or must I go round all the other 4 users in turn and set each up fully with every protection?

    There are no "administrator" etc. levels. Each "user" is treated as equal with full access rights to everything (which is how the trouble started in the first place - downloading stuff from FunWebProducts and the related smileys, mywebsearch toolbar and associated rubbish).

    2. Dad would also like to set up some kind of system whereby the children can't download stuff without his say so.

    Any suggestions on either/both?

    What do you think?

    Gareth
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  2. #2
    Member Spyware Fighter Grim322's Avatar
    Join Date
    Apr 2004
    Location
    Glendale, Arizona
    Posts
    3,026
    Points
    718

    Default

    I don't set up with multiple users either, as it is only my wife and I that use it. She uses Mozilla and I use Firefox/Thunderbird, so our bookmarks and mail don't get mixed. To be on the safe side, log in each user and see if the anti-virus and such are running. I know that AdAware asks during installation if you want to run it for all users or just the person installing, not sure about the others. Charlie

  3. #3
    Member FunBard's Avatar
    Join Date
    Jun 2003
    Posts
    193
    Points
    100

    Default

    AVG, Sygate and Spybot will be protecting each user on the PC. I cannot say for Spyware Blaster or Spyware Guard.

    Not sure if I understand correctly, but do all users have the same "Administrator" (equal) privileges? That is a very dangerous proposition especially with the kids.

    I would setup one Administrator level account (this is probably "Dad" account already) to install programs and perform other Administrative duties. This account should be password protected with a strong password.

    I would then setup the kids accounts as "Limited". You can do so from the Control Panel in User Accounts while logged in as an Adminisitrator-level account ("Dad").

    A "Limited" account cannot install software or even modify the Add/Remove Program list. The same goes for installing browser plug-ins (or even drive-by downloads). These users are protected from 99% of malware out of the box just because of their user rights. Windows XP cannot prevent downloading files by Limited user accounts, but it can prevent installing them onto the PC. I would also password protect these accounts.

    Here is Microsoft's description of a Limited Account:
    Limited account

    The limited account is intended for someone who should be prohibited from changing most computer settings and deleting important files. A user with a limited account:

    • Generally cannot install software or hardware, but can access programs that have already been installed on the computer.

    • Can change his or her account picture and can also create, change, or delete his or her password.

    • Cannot change his or her account name or account type. A user with a computer administrator account must make these kinds of changes.

    • Can manage his or her network passwords, create a reset password disk, and set up his or her account to use a .NET Passport.
    Here is more information from CastleCops on setting up Limited User Accounts:
    http://castlecops.com/article-6112-nested-0-0.html

    I hope this clears up a few things!
    Funbard

  4. #4
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,981
    Points
    248

    Default

    Thanks Charlie/FB. Those should be the answer to what I need to know. As you say, FB, it's rather disasterous having all users on an equal footing. I mentioned this in my post - that's what started all the trouble in the first place!!

    OJ
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  5. #5
    Member
    Join Date
    Dec 2002
    Location
    india
    Posts
    40
    Points
    1

    Default

    Ive been struggling with LUA for a while, and reading up on it. Ive referred to Castlecops and to Aaron Margosis Blog [http://blogs.msdn.com/aaron_margosis]. My latest problem was with Acrobat Reader in the Guest account.
    Last night I tried something new. I logged in as Admin, and installed a certain problem application to the C:\Documents and Settings\All Users folder directly, instead of to the C:\Program Files folder. I had to then immediately create shortcuts for each limited account and the guest account, but the program worked everytime.
    1] Is this a valid workaround, or am I actually reducing the security levels?
    2] I usually prefer to install to D:, to keep C: as free as possible. Could I create a shared folder [local users only] in D:\ and then install to that?

    Thanks

    XP Prof, SP2
    Not to rust unburnished, but to shine in use - Tennyson