User account can access admin folders

Dvc / NA
August 14, 2009 at 08:59:20
Specs: XP Pro srv pk 2, Dual PIII500
I create a Limited User account yet when logged in, it can access the administrator documents files and folders which Im pretty sure it shouldnt be able to.

The same happens when I create a folder, set the Security to Administrators only, and it still manages to access it. Ive double checked the Limited user is a member of Users only. It will only deny access, if I tick Deny for the User account in the folders security options. But I dont want to have to keep manually setting deny for every folder. I can actually change security settings for the folders within Limited account too.

I can uninstall drivers in Device Manager too which Im sure isnt right. Basically its acting like an admin account and Ive checked the Local Users and Group settings under Computer Managment.

Help appreciated. Thanks.

Bill


See More: User account can access admin folders

Report •


#1
August 14, 2009 at 11:18:58
Interesting and a unique issue.

Question: Did you password protect the Administrator account?

Suggestion:
1) Check in the user profile if it is a member of administrator.
2) Check in the Administrator group if the user is there, just in case.
3) Create another user with Limited access and check if it has the same issue.

I tried the same at my end and it works OK. Need to know more details of your configuration.


Report •

#2
August 14, 2009 at 15:33:58
Hi.

My Administrator account is password protected.

1) Check in the user profile if it is a member of administrator.
Yup, checked that. Theres only "Users" in it.
2) Check in the Administrator group if the user is there, just in case.
Yup, checked. Not there.
3) Create another user with Limited access and check if it has the same issue.
Yep, tried that too. Any new limited user account can access anything!

Weird huh!

Some more info which may be of use:

Under Administrator group, members are:

\LOCAL
Administrator
BillAdmin
NT AUTHORITY\SERVICE (S-1-5-6)

Under Users group, Members are:

ASPNET
BillUser
NT AUTHORITY\Authenticated Users (S-1-5-11)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
SQLDebugger
User

Hope that helps. Im wondering if a Group Policy has changed, but I looked under gpedit.msc and couldnt find a policy specific to Users.

Bill


Report •

#3
August 14, 2009 at 16:19:27
Another odd thing, If I tick the Deny boxes for the User account in the Security options, then nothing can access that folder, even when Administrator! The Administrator is set to Full Control.

Bizarro or what.

Bill


Report •

Related Solutions

#4
August 20, 2009 at 10:36:44
Fixed by removing \LOCAL from the Administrator group.

Bill


Report •


Ask Question