Citadel80 Posted February 1, 2009 Posted February 1, 2009 Hello All,I'm setting up a new WinXP Pro computer for a relative.They have the regular C: drive partition for Windows and System Files and a second partition D: drive partition for documents, music, videos, pictures, downloads and whatever.The computer is being used by one person with an admin account and a limited user account.What should the security permissions be for this second partition so the Admin and Limited User accounts have access?The same type access, full control, modify with read and execute access, list folder contents, read, write, and who should the owner be?Do I need to set up a local security policy via Administrative Tools?Computer uses NTFS, SuRun (admin control in LUA), has a router with firewall, a 2 way software firewall, antivirus software, antispyware - malware software and an external USB drive for backups.Any info is appreciated,Thanks Quote
Guitar Man Posted February 1, 2009 Posted February 1, 2009 If I understand your question correctly, both accounts on the new partition will have the same rights as they do on the C: partition. Quote
Citadel80 Posted February 1, 2009 Author Posted February 1, 2009 If I understand your question correctly, both accounts on the new partition will have the same rights as they do on the C: partition.That is correct but a limited user only can write or delete folders/files to their own Documents & Settings folder.I'm wondering how safe (malware/spyware or whatever) it is to have a limited user having full access on a whole separate partition/drive instead of just a folder. I don't want any *.exe files or whatever to be able to run from this partition. Am I being paranoid? Thanks Guitar Man! Quote
Citadel80 Posted February 2, 2009 Author Posted February 2, 2009 having xp pro is a plus in that you can more easily manipulate security settings against partitions / folders / files.observe current partition settingsyour limited user (pcname\users group) will have these rights across partitions:- read & execute- list folder contents- read(notice that these attributes are summaries of the attributes you'll see on the next screen...)a little deepershould you want "users" (non admins) not to have have execute, then you'd have to:- r. click the drive letter- sharing and security- security tab- advanced button- select pcname\users (group)- edit- remove the check (unselect) the traverse folder / execute file now... do that for the c: drive and you've just prevented users from running programs... um... not a good idea... but!to prevent users from running malwarethere's spybot s&d's teat imer that monitors overall system activity "do you want to let this program make that chanege?"and their sd helper for ie.and, winpatrol's scotty.u can use ntfs security to keep prying eyes out of secret stuff, but malware's better left to scanning with malwarebytes and running something like spybot's or winpatrol's resident software.ps,o yeah, and the mvp hosts file. that's a must for every pc on the planet. Thanks for the reply Temmu!I put Spybot S&D, Malewarebytes, SpywareBlaster and the MVP hosts file on the computer as soon as I installed the anti-virus and firewall. I did not check the box for teatimer in Spybot because my relative using this box can get click happy, so I'm trying to just get things so they just work. I've got them the Malwarebytes (paid version) and Spywareblaster (paid version) so they can have auto updates. I'm just going to set up that second partition (Documents) with the same rights as her Documents & Settings folder on the C:\ drive. Between using a LUA, Avast 4 (tweaked), PC Tools Firewall (tweaked), MalwareBytes, SpywareBlaster and everything set to auto updates they should be OK.Thanks All - I'm putting this issue to bed!! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.