4
We in our club have a computer with Windows 7 Professional that every club member may use. And everyone has their own separate account.
Those accounts have to have administrator priveleges since I want everyone to be able to install any software and use any feature they want. However, there is a single thing that they shouldn't be allowed to do - that is, look into another users' profiles. Now when anyone goes to 'c:\Users(Any User Name)' a little prompt appears that this folder is secured and whether you really want to look inside. Simply clickinh 'ok' give you access to any profile.
I tried disabling taking ownership for Administrators group in Group Policies but that had no effect. How can I effectively prohibit administrators looking into each others' profiles and documents?
Any prooflink on that? Isn't there any way to protect a directory from an administrator on NTFS partition? – kojo – 2010-04-17T23:06:37.540
2How can you protect a directory from an administrator? The administrators group inherently has the ability to change permissions on NTFS volumes, so no matter what you change it to, they can change it back. – MDMarra – 2010-04-18T00:27:11.137
And limiting 'Administrators' group's permissions is also impossible? And there is no easy way of creating a new group that may do anything except for changing permissions on main NTFS partition? – kojo – 2010-04-18T21:45:07.987
1@kojo - I think you're trying to solve this problem the wrong way. Having users keep files on a network share with the necessary ACLs or even a flash drive that you carry with them would be more appropriate than trying to neuter the Administrators group. – MDMarra – 2010-04-21T15:03:35.547
This is true. The admin group is a built in group. The permissions cannot be changed. – surfasb – 2011-03-08T13:08:50.823