# Win Xp Query



## Mrcrowley (Apr 23, 2003)

In order to let my granddaughter use my PC, I've set up a user account for her - non admin of course.

However the drives are still showing on her acc. Any way I can hide everything important?

Thanks.


----------



## Mrcrowley (Apr 23, 2003)

Help anyone?


----------



## Who. Me? (Jan 12, 2007)

Don't think you can hide much using XP alone (not so you can still use the files without inconvenience).

I _think _XP Home can hide some of the Administrator's 'My Documents' folders from other users, but that's about it.

There are shareware utilities etc on Tucows.com and CNET Downloads etc that allow you to hide or make any file or folder invisible to other users, but I don't think XP can do that in any useful way on its own.

(I tried to do the same for my Mum, as my nice and nephew use her PC when they go to stay with my parents. I was disappointed with what XP could actually do to prevent viewing and tampering.)


----------



## Mrcrowley (Apr 23, 2003)

Who. Me? said:


> Don't think you can hide much using XP alone (not so you can still use the files without inconvenience).
> 
> I _think _XP Home can hide some of the Administrator's 'My Documents' folders from other users, but that's about it.
> 
> ...


Thanks - what a bugger.


----------



## rhaythorne (Jan 12, 2004)

Just change the permissions on the folders/files that you want to prevent her from accessing. Right-click the folder/file, select Properties from the menu and then click on the Security tab. In the top window is a list of users that have certain rights over that folder/file and its child objects (sub-folders and files). In the bottom window is listed the various permissions that each of the users has. This is called a DACL (pronounced "dackle") or Discretionary Access Control List. The individual entries in the list are called ACE's, or Access Control Entries.

Don't change the permissions on any system folders though (by default many of these are hidden in XP anyway so she shouldn't be able to see them unless you've changed that explicitly).

I'd suggest you create some test folders/files and practice changing the permissions on these first before making any changes to anything important. It's technically possible to remove all permissions from an object so that no one can access it, even the Administrator, then you have an interesting dilemma!


----------



## Mrcrowley (Apr 23, 2003)

rhaythorne said:


> Just change the permissions on the folders/files that you want to prevent her from accessing. Right-click the folder/file, select Properties from the menu and then click on the Security tab. In the top window is a list of users that have certain rights over that folder/file and its child objects (sub-folders and files). In the bottom window is listed the various permissions that each of the users has. This is called a DACL (pronounced "dackle") or Discretionary Access Control List. The individual entries in the list are called ACE's, or Access Control Entries.
> 
> Don't change the permissions on any system folders though (by default many of these are hidden in XP anyway so she shouldn't be able to see them unless you've changed that explicitly).
> 
> I'd suggest you create some test folders/files and practice changing the permissions on these first before making any changes to anything important. It's technically possible to remove all permissions from an object so that no one can access it, even the Administrator, then you have an interesting dilemma!


Thanks Rich

Basically just don't want her in My Computer or Control Panel.


----------



## rhaythorne (Jan 12, 2004)

The ability to set security settings on individual files and folders is one of the fundamental advantages that the NTFS file system (introduced with Windows NT) gives you over the FAT file systems used by earlier Microsoft OS's like Windows 3.x/95/98/ME.

However, note that My Computer and Control Panel aren't ordinary folders although they look pretty similar. To control access to these you need to look at some different options. Also note that "My Computer" is "Her Computer" when she's logged into the system with her credentials so, by default, she should be restricted from seeing other users' personal stuff and sensitive system folders/files.

To check, open My Computer, click on the Tools menu, select Folder Options and click the View tab. Listed here is what you generally see when using Windows Explorer (that's _Windows_ Explorer, not Internet Explorer) when viewing files and folders. By default much of the sensitive stuff is already hidden, but check that, using her profile, she can't see the contents of system folders, that hidden files and folders are not shown, that protected operating system files are hidden and that the Control Panel is not shown in My Computer.

Now, right-click the Start button on the taskbar, select Properties and then choose Customize. Listed here is what you will see in the Start Menu. Make sure that "Display Administrative Tools" and "Expand Control Panel" are not selected.

That should cover most of it. As a normal user, she will have limited rights and priveleges by default.


----------



## Who. Me? (Jan 12, 2007)

raythorne, are you using XP Pro?

In my version of XP home (SP2), I have a 'Sharing' tab under right-click>properties, or 'Sharing and Security' if I just right-click a folder.

I don't have a 'Security' tab, just 'Sharing'. The top option for sharing does have a check-box for 'Make this folder Private' but it doesn't allow me to select it.

I had this problem when trying to make my Mum's files secure from the grand-kids.

XP Pro has the security tab (I've got my work laptop in front of me as well).

Unless this is a 'hidden' feature in XP Home that can be enabled somewhere?


----------



## rhaythorne (Jan 12, 2004)

Yes. I don't have XP Home.

I'm aware that there are some limitations/differences with "Home" as opposed to "Pro" so if some of what I say above doesn't work _exactly_ as stated above for "Home", sorry







I did think of mentioning it, but didn't want to add another area of doubt/confusion; perhaps I should have done.

A big difference between "Home" and "Pro" is that with "Home" you can't join a Domain, which makes it utterly useless for my purposes. However, the ability to set explicit permissions on specific files and folders in an NTFS file system is such a fundamental advantage of NTFS over FAT that I can't believe that it's not possible in "Home" too. If it wasn't in there somewhere, there'd not be much point in upgrading from Win9x/ME etc.

This MS Knowledge Base article provides a more comprehensive explanation which may hold the key to doing the same thing in "Home":

http://support.microsoft.com/kb/308418/


----------

