 FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI | Permissions I accessed the admin account on win7 through a LU account. It asked for the PW but then said if I continue it would grant perminent access and it did. How do you reverse his so there is no access to the admin account from the lu account?
|
|
 plencnerbPremium
join:2000-09-25
Elgin, IL
kudos:2
1 edit | Are you asking about the above box? I'm logged into my Windows 7 x64 system right now using my local user account. If I browse to C:\Users, and then try to open the "Administrator" folder, I get that above box.
I'm not sure how to fix that once done, but I wanted to add that to help clarify your question, in the hopes that someone else could answer.
--Brian |
|
 BlitzenZeusBurnt Out CynicPremium
join:2000-01-13
kudos:2
 ·Frontier FiOS
| reply to FoMoCo
At least in Vista if you disabled uac admin accounts now always ran all software as full admin, and user accounts were not given a chance to elevate, however if you liked the ability to operate an admin account with some level of security by running most software as a user by default you left uac enabled. Before uac there was the simpler idea of run as... I did it all the time, but when Vista came out uac took over run as... at least in the gui.
A simpler idea is simply to not give out the admin password.
If you have anything other than Win 7 home there might be a group policy that would apply here that doesn't require you be joined to a domain. The group policy is not included in Win 7 home, and many of the policies might only work when joined to a domain.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent our necks before emperors. But today we kneel only to the truth- Kahlil G. |
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI | reply to plencnerb
plencnerb thank you for clarifying my problem like I should have. Guess when I did it I should have taken permanent as just that. There has to be a way to revert this. This is win7 home so no gp. |
|
|
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | That just adds an access-control entry to the security descriptor of the file. So can simply delete the same.
This may require reconfiguration to show up security descriptors in the first place; I forget, since I have always turned off the Windows options that hide the underlying OS features. |
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI
1 edit | Dave that sounds great but I have no idea what you just said 
After some more reading I now understand you Dave - fixed now and thanks. |
|
| Please tell us. |
|
FoMoCo466 C.I.D.
join:2001-01-10
Grand Rapids, MI | I edited the security permissions for the admin profile. |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | reply to FoMoCo
Good, glad you figured it out. I didn't have time to get back to this before now. |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | reply to StillLearn
Right-click on the folder in Explorer.
Bring up the folder Properties.
Select the Security tab.
There will be a list of who can do what to the file.
In the OP's scenario, he will have added an entry that says "some particular limited user has (I would guess) full control access to this folder".
Remove that entry via "Edit".
Be careful. You can do a lot of damage by removing access that needs to be there. You might, for example, think "the SYSTEM has no right to see my files". Well, maybe. But on the other hand you perhaps just destroyed the ability of the operating system to operate. Ditto with Administrators. "Users" are not always people, they're also code executing in the OS. |
|
Reviews:
 ·WestNet Broadband
| reply to FoMoCo
Dave discussed a little more relative to also checking what else may be opened by previous admin alerts.
If you fancy a read and a little more info, this might help?
»Privileges
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
