How can I restrict a user from all but one specific drive partition (yet still use the computer)?

1

I have a laptop which my brother wants to use sometimes.

I have a password on my user account and important school/work documents that I don't want him touching, and I don't want him installing any unsavory software. I've created a user so he has an account, but I don't want to give him any access to my hard drive.

Can I create a partition (say 30GB off the 750GB hard drive) and restrict his account to only use that partition, without impacting his ability to use the computer?

Robolisk

Posted 2011-09-03T00:18:51.270

Reputation: 581

what OS are you using? – Keltari – 2011-09-03T00:32:45.750

Windows 7. Sorry for not mentioning that. – Robolisk – 2011-09-03T07:16:40.233

Answers

3

Most operating systems support some form of disk quotas and all current systems (in common use) support permissions.

To use quotas, you can set them per-user on the disk or partition. In Windows, the settings can be accessed by right-clicking a disk in My Computer. This is not the best way, however.

Using permissions to restrict the user will likely be more useful. Provide a limited user account and remove read permissions for that user on any directories or files they need not access. They will need some permissions to the system directories, at least to read files, and should likely have full permissions for their partition. They should certainly have no permissions, (read, write, or execute) for your partition and home directory.

ssube

Posted 2011-09-03T00:18:51.270

Reputation: 900

Uhm. I understand what your saying, but lets it comes to installation? If I give the user the option to download and install stuff under his account (which I plan on doing ), when I log in to my account, sure the installed software won't appear, but what about the download and all the garbage the he wants? If you don't understand what I'm asking let me know and I'll try another approach of explaining this. – Robolisk – 2011-09-03T03:59:17.260

1If you make the account limited, it won't have access to the system registry or be able to install anything to the system. If you have Vista/7 and UAC, they won't be able to install anything that would modify the general system. All changes, even installations, should be restricted to HKCU and their user directories. – ssube – 2011-09-03T04:20:54.663

But you see is I don't want to stop him from installing anything, I just don't want what he installs to effect me at all. Hence why I wanted to give him a partition. – Robolisk – 2011-09-03T07:21:09.560

2@Robsta - If you let him install stuff you are hosed anyway. What ever he installs will affect the entire computer and there is nothing you can do about it. Either you give him a limited or guest account or you might as well give him your username/password. – Nifle – 2011-09-03T09:05:37.603

+1 for Nifle. If you allow installs, you are giving an easy chance to corrupt your system. Your best bet is to setup a separate install or boot into a VM that you can rollback. – surfasb – 2011-09-04T03:02:04.990

Uhmm. I see. Well I understand that now. Thank you, I thought there was such a way to do it without another clean install. Thank you for your help and helping me narrow down my options :D +1 for nifle, that comment helped. – Robolisk – 2011-09-09T13:23:34.087

0

Depending on how spread out your personal files are, it might be a bit easier to create a partition for yourself and encrypt it with something like truecrypt

OldWolf

Posted 2011-09-03T00:18:51.270

Reputation: 2 293

Based on his question, it sounds like it isn't just about protecting his privacy, but protecting the integrity of the system. – MaQleod – 2011-09-03T01:33:46.697

If that's the case then something like DeepFreeze and a good backup would probably be more appropriate. Once you hand someone physical access to a machine, all bets are off.

– OldWolf – 2011-09-03T02:14:24.353

Yes. Integrity of my system is exactly what I need. I don't want junk and trash in my laptop. I work as a computer tech so it's fully optimized and well organized, not saying because I'm a computer tech im better at it, im just saying I know that it's well done. Someone like my brother, who's 12, doesn't know how to keep a system running at full capacity and keep it clean. No virus or spyware, nothing garbagey. Im not looking to protect my system from virus by making a partition, but to keep my pc clean. With him having a partition I could care less what he does with it. – Robolisk – 2011-09-03T03:45:55.663

@C0D. I understand what your saying. But He wants to install games and wow and add on's and all that stuff. I'm okay with that, but I don't want anything to do with that when it comes to my person files. I know it's really picky and such, but I know what I want and like. As for keep my files private, I can see that working, but then comes the hassle of having him coming up and asking him if he can do this and that. It's quite annoying, and the kids 12 so I don't just want to crush him, considering that would be the easiest solution. – Robolisk – 2011-09-03T03:48:48.063

@C0D, continuing from what I was saying. By created a partition for him, it's as if I'm giving him a laptop, but only with a 30GB hard drive or whatever I size I choose. That way he can do what he wants with it, organize it the way he wants, and it wouldn't be effecting my stuff. It's a really good idea, least I think, and I'm not sure how to go about doing it. I've been googling and I can't find any 3rd party software or anything, and it seems like windows doesn't have a feature that I know of that can do this. Hence why I'm here on superuser, hoping the community knows something (: – Robolisk – 2011-09-03T03:51:46.813

But it is possible, is that what your telling me C0D? – Robolisk – 2011-09-03T04:34:18.117

0

The OP could just make a limited user account (Can't install software) and make sure all of the "personal" type files are under the OPs account profile root. As long as the box "keep my files private" is selected, the "rogue" user can't install software or see the files. – C0D3M0NK3Y 1 hour ago

That's going to be difficult to balance. You could go digging into the group policy editor (gpedit.msc) and completely design a security profile that fits your needs. I, however, am not a Windows user and thus not intimate enough with the OS to explain how off the top of my head. I don't even own a Windows box. Sorry about that. Look here en.wikipedia.org/wiki/Group_Policy and search on the MS website for more info such as social.technet.microsoft.com/Search/… – C0D3M0NK3Y 45 mins ago

If you really want complete separation, just create an additional partition and install a completely separate copy of Windows. Then he has his own environment to work out of. – C0D3M0NK3Y 42 mins ago

But it is possible, is that what your telling me C0D? – Robsta 7 mins ago

Comments above are for archival purposes only.

Yes it is possible to install another copy of Windows on a separate partition. You will end up with a little menu when you boot up your machine so that you can pick which copy to boot into. Just create him his own partition and do the install the same as you would any other time. This will most likely not work with an OEM install disk however. You will need a typical retail copy of Windows. Another idea is to create him his own partition and put Ubuntu on it. That way you can protect him from himself, with regard to Spyware/Malware/Viruses etc. Hope this helps! :P

C0D3M0NK3Y

Posted 2011-09-03T00:18:51.270

Reputation: 585

Uhmmm. I see that this could work. But I don't want to have to give him so much hard drive space. And the boot could get annoying considering that I would be using this laptop 90% of the time and him 10% of the time. But That is going to be my second option. My first option is still try to figure out with changing the policy's and such like you mentioned before. To me that sounds like the best option, just a bit of work. – Robolisk – 2011-09-03T07:20:03.897

Asked: 2011-09-03T00:18:51.270

Viewed: 11 010 times

Active: 2015-11-07T04:43:19.447