Fog Creek Software
Discussion Board

User permissions on Win32

Question:  I'm new to windows.  After purchasing a notebook computer, which had windows installed, it asked me to add users and give them rights.  There are apparently only 2 types of users in Windows world: admins and morons (aka "Limited").  Amdins can do anything, morons can do nothing.

Isn't there some happy medium, like normal user, that can install programs but not device drivers?

Right now I'm left with all users running admin mode - which is a perfect setup for viral infections.  What options do I have here?

Wednesday, October 22, 2003

Presumably it's XP.  I only know XP Pro so I don't know if the following applies to XP Home
Go into Administrative Tools/Computer Management/Local Users and Groups.
You can add you users to a predefined group (like "Power Users"), or define your own groups.
Go into Administrative Tools/Local Security Settings.  You can fine tune your security settings.
Depending on the software you want your users to install, they may need to be able to write to the registry under HKEY_LOCAL_MACHINE.  E.g. use regedit to give permission to write to some/all of the registry to your user groups.

But if you're new to Windows you might be better off sticking with the simple predefined categories of "Administrator" & "Limited".

Wednesday, October 22, 2003

XP has certain simplifications bought in when they decided to make it a Home OS.

You can get rid of the simpliifications by following the advice on the post above. I also reommend you go to Tools/Folder Options/View and disable simple file sharing.

Stephen Jones
Wednesday, October 22, 2003

Beware that even though Microsoft does offer fine grain permissions the rest of the developers, developers, developers seem to love running as admin themselves thereby creating programs that expect to run as such. 

In other words, yes you can run without full power, but a lot of software is simply broken that way.

Wednesday, October 22, 2003

How to live life as non-admin:

Duncan Smart
Wednesday, October 22, 2003

To the best of my knowledge software that is broken that way is broken because it was old software that doesn't meet current guidelins, and requires permission to write to the registry or other such tnings.

Most of it will probably run under power uiser, though if you are worried about security it is a better solution to use the compatibility template for the user, or have a special user account with the capability template.

Stephen Jones
Thursday, October 23, 2003

*  Recent Topics

*  Fog Creek Home