Fog Creek Software
g
Discussion Board

Win32 admin: I'm pathetic, please help

I know I asked this question several weeks ago.  I tried searching for the thread, but could not find it.

Anyhow, the kids managed to install spyware all over the game computer (again).  This time I royally killed it when removing registry entries.  Well, so much the better.  Now I want to truly admin this thing:

1. Only one user, admin should have admin privs.
2. All other users have unique names/passwds.
3. All users should be able to install programs into their own writable area.
4. If one user installs a program, activeX control, virus, spyware, etc. it should not affect other users.
5. Only admin should be able to install updates which affect the OS.

So how do I do it?  The default install (which is happening on the game computer as we speak, a new clean install of WinXP) only allows for 2 user types: admin and brain-dead.  Admin can do all, brain dead can do nothing.

How do I get to the chocolatey middle.  Thanks for the help.

hoser
Saturday, December 6, 2003

The problem is that a lot of Windows software presumes that only admins will install it, so it tries to stick itself into system folders, and its registry entries in HKEY_LOCAL_MACHINE, etc. Due to this problem it's generally impossible to allow users to install their own software (because most installs are so horribly broken).

Dennis Forbes
Saturday, December 6, 2003

If this is so, then the children shall have NO GAMES.

Please, think of the children...

hoser
Saturday, December 6, 2003

hoser, you're on the right track - that is, having the kids log on as plain users rather than admins or power users. On Windows 2000, you can manage the user settings from Control Panel -> Users and Passwords.

When I set up some XP machines, I don't recall it being much different from that, but I don't have one here to check.

Most programs will operate just fine for users with User privileges. While installating, you might need to provide an admin password, but generally they're OK. Those that don't, yes, you're probably right, don't bother with them.


a
Saturday, December 6, 2003


Google for SpyBot Search And Destroy - install, update and remove all your spyware in one go. And do it regularly.

æøå
Sunday, December 7, 2003

Do the kids play GAME games, or do they play education disguised as games? If the former, then the best option is to just buy them an Xbox and be done with it. :)

XP Professional has full user management. You have to get to it through the Users and Groups section under Computer Management, rather than the under-powered Users control panel applet.

Be aware that many programs will not run without admin permissions at least to install, and as often as not, admin permissions to run. The Windows world is chock full of lazy developers who run everything as admin all the time, and churn out code that simply never works without admin privs.

Brad Wilson (dotnetguy.techieswithcats.com)
Sunday, December 7, 2003

I would just not let the children install anything.  They shouldn't have a need to install software very often and you will get a chance to review what they want installed before deciding whether or not to install it.

Anonymous
Sunday, December 7, 2003

You can change the settings from just the two user types if you wish (or at least you can in XP Pro - I've never used home); the default setting is simply there because it's easier.

Power Users should be able to install most programs, though that won't solve your wish to have them not affect the whole computer. Should be safer than letting the kids run as admin however.

Stephen Jones
Sunday, December 7, 2003

If you lock down the kids accounts, you're going to run into a handfull of programs that won't work because they expect an administrator account to be on the system.

I reccomend that you grab a copy of Ghost.  Do a clean install of Windows, plus all the essential apps and utilities.  Set everything up (activate windows, setup the network, etc).  Then, take a snapshot.

When they hose the system, just do a restore.  No fuss.  At the worst, you'll have to update your virus defs, and install some patches.

Oh, and partition the hard drive.  That way, they have a partition to save their stuff on that won't get obliterated when you do a restore.

Myron A. Semack
Monday, December 8, 2003

Thanks for the suggestions, I checked my version of XP, and it is "Pro", so I'm going to try and create alternate permissions other than admin and "resitricted" - or whatever its called.

So what is the equivalent to chmod on WinXP, so I can walk the files and change write/execute permissions?

Thanks again,

hoser
Monday, December 8, 2003

Try Power User. I don't know the Unix equivalent. If the program they install doesn't work, then you can always install again as user.

Frankly I'm not sure it will solve the problem of spyware though.

Stephen Jones
Monday, December 8, 2003

The equivalent of chmod is to right-click, choose Properties, then the "Security" tab. However, if your file system is FAT32 this option may not be available as FAT32 does not have any concept of file permissions.

A FAT32 filesystem can be converted to NTFS using the convert.exe utility, but it may be easier to re-install the system using NTFS since this woult not necessarily initialize the correct file permissions.

Nate Silva
Monday, December 8, 2003

Brad,

Where do I find "Computer Management"??

Thanks,

hoser
Tuesday, December 9, 2003

Sorry, never mind - found it.

Its not shown by default in the start menu - whatever, I've got it now...

Thanks,

hoser
Tuesday, December 9, 2003

*  Recent Topics

*  Fog Creek Home