OT: How to keep Windows accounts users from seeing each other's files ?
Not strictly an ATI issue, but I know there are folks here who know a lot about Windows.
Windows 7 Home Premium, 64-bit
How can I keep each user account'ss files hidden from other users? In a normal/basic installation, where everything is on C: drive and user files are in the My Documents tree, this protection is automatic. One user account cannot see files owned by another user account.
But, how to enable protection when user files are on a separate D: partition?
The Win7 OS and applications are on C:, while I will place user files on a D: partition. The My Documents tree remains on C: and will likely be usused as a result.
Hi Mark, good to see you here!
That's quite interesting, certainly much simpler than in earlier Windows versions. Thanks, I'll look into that.
'Sharing with specific people' seems to open the folder as a regular network share accessible as \\computer\folder
Know anything about registering .dll under Windows 7? I have a strange situation.
I installed Microsoft Office 2000 on Windows 7 Home Premium, 64-bit. Yes, I know it's old, but it does what I need and I have many customizations to Word that I would have to figure out how to replicate in a different manner if I moved to a newer version.
I always add a COM Add-in that customizes Office 2000's Places Bar. That's the list of icons/shortcuts that is seen in the Open and Save As dialog boxes. It's all packaged as a .dll that modifies how Office 2000 apps work. Essentially the Places.dll is copied to the system directory, then the dll is registered. Windows 7 required dll registration in a different manner than older Windows version, and this is how I did it:
When logged into Windows as Administrator account, open an Elevated Command Prompt (Run as Administrator). At prompt, type:
cd C:\windows\SysWow64
At next prompt, type:
Regsvr32 Places.dll
Pressed Enter, dialog box said it succeeded.
When I opened Word 2000, sure enough the Places customization was there as expected. However, when I opened Word 2000 under a Windows Standard user account, the Places customization does not load/appear. I repeated the .dll registration steps, and again a dialog said it succeeded, but still the customization does not load/appear.
Is it possible that somehow the .dll is accessed okay when running as Administrator, but not as Standard user? I didn't think such system modifications were specific to user accounts, but I'm not yet familiar with differences under Windows 7.
@dev-anon:
Thanks for the correction - I was wrong. The "Share With" item must mean "create a network share", so it's a simplified way of sharing across a network, not a simplified way to set folder permissions.
@tuttle:
You'll have to set folder permissions appropriately then. For examples, look at any folder under the Users branch to see which permissions are set. You should see "Administrators", "System", and a particular user name all have access to the folder. Folders on a data partition will probably have "System", "Administrators", "Users", and "Authenticated Users" set by default.
After you have created folders for each user, right-click on each folder, choose the "Security" tab, and then the "Edit" button as shown:
Remove permissions for "Authenticated Users" and "Users" and add full permissions for a particular user name.
Sorry - I don't know why Word 2000 isn't loading the Places bar when run as a standard user and couldn't find much about it by searching. My guess is that the dll registers correctly but Word 2000 doesn't use the "proper" method to start it since it's such an old program.
Hmm. When I used "Share with" to share a folder with another user account, it worked. I was able to access those files when logged in as the other user. When I used "Share with" to share with "Nobody", the other user account could not access those files.
I've been Googling and reading Microsoft explanations, but they all center around sharing across a network. I can't find specific information about how sharing is intended to work with multiple user accounts on a single computer.
Mark, I think your tip about using the Security tab may be the way to go. I've read a ton of articles on Microsoft.com and other sites, yet they all focus on network sharing which I don't want to do. I think probably that Security tab is where one sets sharing for user accounts on the same computer.
Why did you remove remove permissions for "Authenticated Users" and "Users" before adding permissions for a particular user name? Isn't adding the desired permissions per user sufficient?
Do you know a way to create a folder on the Administrator's desktop and share that folder, with full permissions, with all user accounts on the computer? It would be a convenient way to move files between users, especially when I as Admin am configuring people's accounts. I can't find a way to do it, and to be able to see it on the desktops in the other user accounts.
tuttle:
If you don't remove "Users" and "Authenticated Users" from the permissions list then any user will be able to view/access the folder. You want to remove these to limit access to only the desired user and to effectively block everyone else.
Windows 7 has a built-in method for your shared desktop folder by using Public Folders. There should be a branch called "Public" under C:\Users\Public that is pre-populated with several folders that are shared between all users. Inside is a Public Desktop folder (it may be hidden). Put a folder in there and it will appear on everybody's desktop. Set the permissions on this added folder on the Security tab to "Everybody" with full control (read/write/execute/etc.) if you want everybody to be able to write to this folder as well as read.
From the Start button choose "Help and Support" and type "Public Folders" into the search box for details on how to use this feature. The help file also links to details about setting permissions on folders.
Thanks Mark!
Is "Everyone" safe to use? Does that apply only to local accounts (on same computer), or might that share with anyone on a network? I could add individual users by name.
Can I safely disable Win7 network sharing (not sure how to do that, but there must be a way) without losing sharing between user accounts on the same computer?
You'd think that sharing, or not, between user accounts would be a common issue. Yet. all the articles I'm finding deal with network sharing. I guess network sharing is the big demand.
Here's a description of each security identifier: http://support.microsoft.com/kb/243330
You can disable network sharing - open "Network and Sharing Center" for access to the settings. The settings on the "Security" tab of a file or folder are changing the NTFS permissions on the file/folder which affects who has permission to view the file/folder, whether locally or across a network. Disabling network sharing won't change the file permissions locally.
Just found the Advancec Sharing Settings page. Public folder sharing was enabled by default, so anyone on a network could see that public desktop folder I created. Scary. Stuff like that should, I think, be disabled by default. Maybe so many people want network sharing that MS feels it's simpler to enable by default.
Thanks for that link. Explains some, but some items are still a mystery. For example, "Interactive" appears under "Group or user names" in Security tab, when I'm changing permissions of folders. I have no idea if that is a local thing, a network thing, or what it is. That MS page has this cryptic definition:
Name: Interactive
Description: A group that includes all users that have logged on interactively. Membership is controlled by the operating system.