Sign-in / Sign-up
Your question

Password

Tags:
  • My Documents
  • Microsoft
  • Windows XP
Last response: in Windows XP
Anonymous
September 14, 2005 3:19:02 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

My Son and I are both set-up as Administrator on our home PC. My son was
able to log on under his name, go to User Account, cnahge my account log on
password and log back in under my name with full access to "My Documents"
Folder. Why? how can I stop this.

More about : password

Anonymous
September 14, 2005 4:28:11 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Maybe you can limit his access to controlpanel via Group Policy?

Start > Run > gpedit.msc

UserConfiguration > Admin. templates > Control Panel > prohibit access
to control panel

You should test this with both your user and your son's user since it
very well might affect both.

To skip this setting for your user change your rights to the file
"C:\WINDOWS\system32\GroupPolicy\GPt.ini " to deny all. Of course this
will prevent you from altering the grouppolicy too, but since you can
just change your rights right back to read+modify this will be no big
problem.

And of course if your Son knows how to do this, he can too(as he is
admin) if he is allowed to open the gpedit.msc. Therefore you may want
to change his rights so that he can't run
C:\WINDOWS\system32\gpedit.msc <--- this file
Anonymous
September 14, 2005 4:40:57 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Maybe there is an even better way
once again via gpedit.msc

Start > Run > gpedit.msc

>From there

UserConfiguration > Admin. templates > Control Panel > Hide specified
controlpanel applets

Add: nusrmgr.cpl

This will allow him to use everyting in the controlpanel except the
user account managment

There are ways around this as well, you will of course need to secure
the same way as above, still it will not be waterproof.
Related resources
Can't find your answer ? Ask !
Anonymous
September 14, 2005 4:45:26 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

aybe there is an even better way
once again via gpedit.msc

Start > Run > gpedit.msc

>From there

UserConfiguration > Admin. templates > Control Panel > Hide specified
controlpanel applets

Add: nusrmgr.cpl

This will allow him to use everyting in the controlpanel except the
user account managment. However if he start the nusrmgr.cpl from
explorer(c:\windows\system32) he will be allowed to open it and change
whatever he wants. You might want to change his rights according to
this file too. I'm not sure if he change his own rights to this file
then? Check it out!

There are ways around this as well, you will of course need to secure
the same way as above, still it will not be waterproof.
September 14, 2005 9:45:52 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Nelsonace wrote:
> My Son and I are both set-up as Administrator on our home PC. My son was
> able to log on under his name, go to User Account, cnahge my account log on
> password and log back in under my name with full access to "My Documents"
> Folder. Why? how can I stop this.

Your son accessed your files the stupid way. Since you've made him Admin
(bad move if he can't be trusted), he could have just read your My
Documents files w/o changing your password (and thus tipping you off)

Anyway, some options:

1. Enable EFS on your My Documents folder

(Windows Explorer > C:\Documents and Settings\<user> > right click on My
Documents > Properties > General > Advanced > Encrypt contents to secure
data)

2. Use some other encryption software, like PGP
September 14, 2005 9:49:46 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Z wrote:
>> My Son and I are both set-up as Administrator on our home PC. My son
>> was able to log on under his name, go to User Account, cnahge my
>> account log on password and log back in under my name with full access
>> to "My Documents" Folder. Why? how can I stop this.
>
>
> Your son accessed your files the stupid way. Since you've made him Admin
> (bad move if he can't be trusted), he could have just read your My
> Documents files w/o changing your password (and thus tipping you off)
>
> Anyway, some options:
>
> 1. Enable EFS on your My Documents folder
>
> (Windows Explorer > C:\Documents and Settings\<user> > right click on My
> Documents > Properties > General > Advanced > Encrypt contents to secure
> data)
>
> 2. Use some other encryption software, like PGP

One more thing ... when you write "how can I stop this?" I assume you
mean stopping him from reading your files.
September 14, 2005 11:28:32 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Only by changing his account to a "limited" account via Control Panel > Add
/ Remove Programs

Jon


"Nelsonace" <Nelsonace@discussions.microsoft.com> wrote in message
news:F5DE6A74-B5A3-4B22-846A-2EE92B0D3917@microsoft.com...
> My Son and I are both set-up as Administrator on our home PC. My son was
> able to log on under his name, go to User Account, cnahge my account log
> on
> password and log back in under my name with full access to "My Documents"
> Folder. Why? how can I stop this.
September 14, 2005 12:38:44 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Sorry. Typo.

Control Panel > User Accounts

Jon


"Jon" <Email_Address@SomewhereOrOther.com> wrote in message
news:o qUaIWPuFHA.2076@TK2MSFTNGP14.phx.gbl...
> Only by changing his account to a "limited" account via Control Panel >
> Add / Remove Programs
>
> Jon
>
>
> "Nelsonace" <Nelsonace@discussions.microsoft.com> wrote in message
> news:F5DE6A74-B5A3-4B22-846A-2EE92B0D3917@microsoft.com...
>> My Son and I are both set-up as Administrator on our home PC. My son was
>> able to log on under his name, go to User Account, cnahge my account log
>> on
>> password and log back in under my name with full access to "My Documents"
>> Folder. Why? how can I stop this.
>
>
September 14, 2005 12:43:13 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

As long as he doesn't discover the "net user" command line command ..... :) 

Jon


"matsr" <mostue@gmail.com> wrote in message
news:1126683657.441105.130300@g47g2000cwa.googlegroups.com...
> Maybe there is an even better way
> once again via gpedit.msc
>
> Start > Run > gpedit.msc
>
>>From there
>
> UserConfiguration > Admin. templates > Control Panel > Hide specified
> controlpanel applets
>
> Add: nusrmgr.cpl
>
> This will allow him to use everyting in the controlpanel except the
> user account managment
>
> There are ways around this as well, you will of course need to secure
> the same way as above, still it will not be waterproof.
>
September 14, 2005 1:43:21 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Nelsonace" <Nelsonace@discussions.microsoft.com> wrote in message
news:F5DE6A74-B5A3-4B22-846A-2EE92B0D3917@microsoft.com
> My Son and I are both set-up as Administrator on our home PC. My son
> was able to log on under his name, go to User Account, cnahge my
> account log on password and log back in under my name with full
> access to "My Documents" Folder. Why? how can I stop this.

There's no watertight way of doing this.
You have two options: get a removable HDD , put all your data on that ,
remove it and lock it away when you finish on the machine, or, go to a
properly secure Operating system such as a Linux distro.
September 14, 2005 8:01:11 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Z wrote:

> Nelsonace wrote:
>
>> My Son and I are both set-up as Administrator on our home PC. My son
>> was able to log on under his name, go to User Account, cnahge my
>> account log on password and log back in under my name with full access
>> to "My Documents" Folder. Why? how can I stop this.
>
>
> Your son accessed your files the stupid way. Since you've made him Admin
> (bad move if he can't be trusted), he could have just read your My
> Documents files w/o changing your password (and thus tipping you off)
>
> Anyway, some options:
>
> 1. Enable EFS on your My Documents folder
>
> (Windows Explorer > C:\Documents and Settings\<user> > right click on My
> Documents > Properties > General > Advanced > Encrypt contents to secure
> data)
>
> 2. Use some other encryption software, like PGP

EFS won't work if the son can login to the father's account. Then efs
is transparent.

--
Rock
MS MVP Windows - Shell/User
September 14, 2005 9:37:42 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Rock wrote:
>> Anyway, some options:
>>
>> 1. Enable EFS on your My Documents folder
>>
>> (Windows Explorer > C:\Documents and Settings\<user> > right click on
>> My Documents > Properties > General > Advanced > Encrypt contents to
>> secure data)
>>
>> 2. Use some other encryption software, like PGP
>
>
> EFS won't work if the son can login to the father's account. Then efs
> is transparent.
>

Unless I misread the orig. post, the son can only login to the parent's
acct by changing the password on the parent's acct. Forcing a new pw
from another acct should leave EFS secure. Right?
Anonymous
September 14, 2005 11:01:53 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Nelsonace wrote:
> My Son and I are both set-up as Administrator on our home PC. My son was
> able to log on under his name, go to User Account, cnahge my account log on
> password and log back in under my name with full access to "My Documents"
> Folder. Why?


Because you've granted him administrative privileges. That's the same
as giving him a blank check and dropping him off at the mall.


> how can I stop this.


1) Teach your son some manners and proper respect for your property and
privacy.

2) Make you son's account a Limiter User. Monitor his computer usage
closely.

3) Don't forget to put a strong password on the built-in Administrator
account.


HOW TO Create and Configure User Accounts in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;279783

HOW TO Set, View, Change, or Remove File and Folder Permissions
http://support.microsoft.com/default.aspx?scid=kb;en-us;q308418

HOW TO Use the Internet Explorer 6 Content Advisor to Control Access
to Web Sites in Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;en-us;310401

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

For some requirements, you may find it easier to invest in a
3rd-party solution, such as NetNanny or CyberPatrol.

You need to be aware, however, that *NO* technical or software
solution is 100% child/fool-proof, and _none_ can ever adequately take
the place of live adult supervision. If you cannot trust your son to
safely/properly use the computer without supervision, you may have to
consider limiting his access to it.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
Anonymous
September 14, 2005 11:09:45 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Only/Best solution is buy him the $299 Dell weekly special.
Then lock your own PC down, Boot Password, Single user,
password protect the Administrator account. You can play
the "Cat-&-Mouse" security (Stay out of My Account) game
but it seldom if ever works.

"Rock" <rock@mail.nospam.net> wrote in message
news:o QMd0AYuFHA.2008@TK2MSFTNGP10.phx.gbl...
>Z wrote:
>
>> Nelsonace wrote:
>>
>>> My Son and I are both set-up as Administrator on our home PC. My son
>>> was able to log on under his name, go to User Account, cnahge my account
>>> log on password and log back in under my name with full access to "My
>>> Documents" Folder. Why? how can I stop this.
>>
>>
>> Your son accessed your files the stupid way. Since you've made him Admin
>> (bad move if he can't be trusted), he could have just read your My
>> Documents files w/o changing your password (and thus tipping you off)
>>
>> Anyway, some options:
>>
>> 1. Enable EFS on your My Documents folder
>>
>> (Windows Explorer > C:\Documents and Settings\<user> > right click on My
>> Documents > Properties > General > Advanced > Encrypt contents to secure
>> data)
>>
>> 2. Use some other encryption software, like PGP
>
> EFS won't work if the son can login to the father's account. Then efs is
> transparent.
>
> --
> Rock
> MS MVP Windows - Shell/User
>
September 15, 2005 1:31:00 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Z wrote:

> Rock wrote:
>
>>> Anyway, some options:
>>>
>>> 1. Enable EFS on your My Documents folder
>>>
>>> (Windows Explorer > C:\Documents and Settings\<user> > right click on
>>> My Documents > Properties > General > Advanced > Encrypt contents to
>>> secure data)
>>>
>>> 2. Use some other encryption software, like PGP
>>
>>
>>
>> EFS won't work if the son can login to the father's account. Then efs
>> is transparent.
>>
>
> Unless I misread the orig. post, the son can only login to the parent's
> acct by changing the password on the parent's acct. Forcing a new pw
> from another acct should leave EFS secure. Right?

No I don't think so. Any administrator can change the password on any
account. Once logged into the account, EFS is transparent.

--
Rock
MS MVP Windows - Shell/User
September 15, 2005 2:05:04 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Rock wrote:
>> Unless I misread the orig. post, the son can only login to the
>> parent's acct by changing the password on the parent's acct. Forcing
>> a new pw from another acct should leave EFS secure. Right?

> No I don't think so. Any administrator can change the password on any
> account. Once logged into the account, EFS is transparent.

http://support.microsoft.com/default.aspx?scid=kb;en-us;290260

EFS, Credentials, and Private Keys from Certificates Are Unavailable
After a Password Is Reset
....
CAUSE
This issue can occur if the password was forcefully reset by an
administrator or owner, instead of being changed by the user.

RESOLUTION
NOTE: For any of the following resolutions to work, the user's original
account must still exist, and the user's profile must be present and
unchanged since the user last had access to the data.

To recover all of the data, you must have one of the following:

o The original password. This is the password with which the user last
logged on successfully and was able to access their credentials and files.

o Password Recovery Disk (PRD). This password recovery disk must have
been created while the user had access to the files.