1
I have a co-worker who is set up as an admin user under Win XP SP3 and I'm trying to switch her to being a restricted user. The short story is that when I switch her account to restricted, Chrome can't make HTTPS connections and Outlook can't connect to our Office 365 Exchange server. Firefox can make HTTPS connections with no problem.
Some things I've tried
- Append ":443" to the HTTPS URL in Chrome
- Reset browser settings in Chrome
- Deleted Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists
- Changed the account to the Power Users group
Some background
When I first changed her account to restricted she couldn't access any files in her home directory. This turned out to be because her home directory was owned by the Administrators group, not by her user account. I switched the ownership to her home account and she was able to access the files.
After that, even though she could access her files, she couldn't do things like make changes to her desktop or access the Recycle Bin settings. This turned out to be because her HKEY_CURRENT_USER keys were also owned by the Administrators group.
A potentially helpful error message
When Outlook starts up after her account has been switched to restricted, it gives this error message:
autodiscover-s.outlook.com
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
The application experienced an internal error loading the SSL libraries.
This site should not be trusted
So apparently there's something in the way that Google and Outlook (but not Firefox) handle HTTPS/SSL that gets broken when she doesn't have access to something somewhere. I imagine it's another thing that is owned by the Administrators group instead of her account. I just can't figure out what and where that something is.
SSteve
Posted 2014-01-03T18:10:11.950
Reputation: 203
1Reason 138 to get rid of XP – MDT Guy – 2014-01-03T18:12:13.597
If you create a new user account does it work? The user profile problems are likely the reason you have this problem. You should never had that problem to be honest. Have you improted your security certificates into the
Windows Certificate Store? Chrome and Outlook uses theWindows Certificate Store. Firefox handles its own certificates. – Ramhound – 2014-01-03T18:16:15.440Steve, Windows XP was not designed for users running with non-admin users. Microsoft does say you can do that but there are many issues with that. Try making her account a power user and see if it helps. Its not as bad as an admin account but I think its worth the try – Ganesh R. – 2014-01-03T18:36:22.260
@GaneshR. - I always ran my Windows XP machine as a normal User and I never experienced the problems described. Where does Microsoft say this exactly? – Ramhound – 2014-01-03T18:48:04.230
@Ramhound I don't know anything about importing certificates, but I'll do some research on the Windows Certificate Store and see if that leads anywhere. It sounds like a good lead. – SSteve – 2014-01-03T20:59:59.380
@GaneshR. I tried making her a power user but it didn't work. I forgot to add that to the list of things I tried. I'll edit to update that. – SSteve – 2014-01-03T21:00:44.253
@Ramhound Yes, when I create a new user it can access HTTPS sites in Chrome. – SSteve – 2014-01-04T01:44:22.697
@SSteve - Are you against just replacing the user's account. Might be easier the finding the reason the current profile is corrupt. – Ramhound – 2014-01-04T01:50:14.517
@Ramhound I'm trying to avoid copying all her Outlook data to a new account. That has always been painful in the past. Not to mention all the rest of her files and settings. – SSteve – 2014-01-04T02:05:02.620