Access Permissions, Owners, Etc.

[MrWaggles]

I have always run my computer as an Administrator, but because of recent virus problems, I decided to take the advice of others and set up a ‘Standard User’ account and use the Administrator account only to do system maintenance.

Unfortunately, several programs no longer run under Standard User, specifically Acronis True Image and PhotoImpact, an image editing program. This causes a big problem because I have Acronis backup set to run every day automatically, and that no longer works.

The error message that appears when I try to run Acronis True Image is “You do not have enough privileges to get full access to all Acronis True Image Home functionality.”

I have spent the past 3 hours trying to figure out access permissions, group names, owners, etc. but have not had any luck.

Can anyone here help me out?

Thanks,
Richard

 

[cl-scott]

There's really no way you're going to do this cleanly save adding your new account to the admin group, so what you can try doing is looking at the properties for the shortcut for the programs in question and under the compatibility tab there's a "Run as administrator" box you can tick. It probably won't help with Acronis, and the fact that there's no system built into the program to handle this contingency is just plain sloppy on the part of Acronis. It will probably help with PhotoImpact, though you will have to put in the password for your admin account every time you run it. Honestly, I cannot think of a single good reason why a photo editing program needs administrative access, so while I reserve the right to stand corrected on that, it sounds like the same kind of lazy and sloppy programming you're seeing from Acronis. This sort of thing might have been excusable in 8-9 years ago when the world was transitioning to XP, but this far in... Very few programs should EVER need that level of access.

 

[MrWaggles]

Scott, thanks for replying.

Now I have another question.

The reason I set up the new account as a Standard User was to protect my computer from hackers and viruses that might attack when I was running as Administrator all the time.

If I add the new account to the Admin. group, am I basically undoing what I did in setting up a Standard User account? Am I making my computer vulnerable again?

Clearly, I'm new to the multi-user environment, but I'm trying to learn about it.

Richard

 

[cl-scott]

Yes. If you add an account to the administrative group, then it is effectively an administrator no different from your other account.

NOW, I didn't suggest this before because I thought Microsoft got rid of it, but after double checking there is a possible middle ground open to you if you are willing to work at it a little. Back in the Windows NT/2000 days, there was a group called Power Users, and basically they were somewhere between regular users and admins.

So, if you go to the control panel -> system and security -> administrative tools -> computer management -> local users and groups -> users -> your_user_name -> member of tab Hit the add button, and you should be able to add Power Users to your user account. You have to hit the advanced button, then find now (they REALLY buried this), but you should get a listing of users and groups. Find power users, hit okay all the way back, log out and back in, and see what happens.

Having a power user account will make you somewhat more vulnerable to viruses and the like, but generally speaking power user accounts never had access to system critical portions of the system, so it's a calculated risk. Just want to make sure you're aware of what you're getting into beforehand.

And if you really want to learn about groups and permissions, get a book on Unix. Seriously. Microsoft's system is largely modeled on the Unix system anyway, and once you get the basic idea of how Unix works, you'll have a far easier time understanding Windows' permission schemes.