All XP Home Users Read This (Multiple Users App Problems)
Darren Greenwald
"Mark Sowell" <rmso...@mem.bellsouth.net> wrote in message
news:3C2824C8...@mem.bellsouth.net...
> First of all, Share Program Folder only gives read access to limited
> users. If you are running Netscape which users a common "Users" file
to
> store each users configuration, your application will crash when a
> limited users try to save their profile. The "Program Files" directory
> again is only read access for limited users. Any program
configurations
> will not get saved.
> So you have already figured this out and guess that the only hope is
to
> upgrade to Windows Professional so you can get full file security
> access. Well, not necessary! There is a comand that will allow you to
> set privileges to what ever you want for whatever file. Here is a step
> by step procedure (which Microsoft told me after hours on the phone)
to
> fix this problem:
>
> Hit Start (you know that annoying Green Button)
> Click on RUN and type CMD
>
> This starts the command interpreter.
> Disclaimer - All you professional users, don't bother to reply since
you
> do not know what the pain-in-the-ass problem this is. You go ahead and
> use your GUI and set you privileges the easy way. For us home users,
> this is the next best thing. Now where is that bottle of whiskey!
Well independent of whether you use the command line, or the properties
page tool to set the access control lists of the files/folders..
The problem is simple and a basic understanding of the problem is
useful.
What happened is that in Windows 2000 Microsoft made the decision to
protect the Windows folder,and Program Files folder in an attempt to
improve system reliability and security. One of the changes then is
that in a default secured installed of Windows 2000 (and XP) user
accounts do not have permission to write to the program files folder.
The idea of course is simple. Administrators install programs
(requiring read/write/delete privs) but users only run programs
(requiring read privs only). That makes it a lot harder for a user to
accidently erase or damage a program installation. Also it protects
against accidental or malicious damage due to a system crash, or a
virus.
The idea is simple, but as you observed many programs write data (often
config files and game saves) to the program folder where the program is
installed.
Still this is easily worked around.
The best thing to do is install such applications on a FAT32 partition
(FAT32 does not support security), or you can create a folder on an NTFS
partition and give it and all sub-folders r/w/d permission for everyone.
Simply install the games in that folder and the games will be able to
write files to the program files folder where the game is installed.
I don't recommend changing the security of the default Program Files
folder - you can install modern apps and utilities (most anything that
is XP certified) in to the protected program files folder, but older
applications and many games will need to be installed to an unsecured
folder(s).
Note that having done this there are additional issues that can cause an
applicaiton (most often games) not to run correctly from a user account.
These include security of the HKEY_LOCAL_MACHINE branch of the registry,
install script problems that write required keys to HKEY_CURRENT_USER
and cannot be found from other user accounts, problems with Macrovision
SafeDisc protected games not being able to find the CD from any account
but the administrator account, some other misc problems.
Jynx
features are only available on an ntfs drive) how would I preclude all users
except for my account and the normal (not safe mode) admin account from
using my only ntfs drive?
I wish to use this drive for programs only I have full access to, like my
home accounting software etc.
This is what cacls f:\ says
f:\ BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)R
BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA
BUILTIN\Users:(CO)(IO)(special access:)
FILE_WRITE_DATA
EVERYONE:R
I only have XP Home and this is about the only reason I would have wanted
Pro but thought it too much extra for just this one bonus.
Hopefully my hunch that a workaround would become apparent wasn't
unfounded.......
Thanks for any help.
Jynx.
"Mark Sowell" <rmso...@mem.bellsouth.net> wrote in message
news:3C2824C8...@mem.bellsouth.net...
| If you home users have not already pulled all your hair out why limited
| users cannot run common programs and have them work properly, here is
| your answer.
|
| First of all, Share Program Folder only gives read access to limited
| users. If you are running Netscape which users a common "Users" file to
| store each users configuration, your application will crash when a
| limited users try to save their profile. The "Program Files" directory
| again is only read access for limited users. Any program configurations
| will not get saved.
|
| So you have already figured this out and guess that the only hope is to
| upgrade to Windows Professional so you can get full file security
| access. Well, not necessary! There is a comand that will allow you to
| set privileges to what ever you want for whatever file. Here is a step
| by step procedure (which Microsoft told me after hours on the phone) to
| fix this problem:
|
| Hit Start (you know that annoying Green Button)
| Click on RUN and type CMD
|
| This starts the command interpreter.
|
| Using standard DOS command (remember the CD.. stuff), go one level above
| the directory you want to change the privileges. You cannot changes the
| privileges in the directory you are in!
|
| type CACLS xxx where xxx is the directory name of interest
|
| This will display the current privileges. Note "BUILT-IN" read
| priviledges for users.
|
| To set USER privileges to full, do the following, type:
|
| CACLS xxxx /E /T /G USERS:F
|
| You just set all USERS privileges for the xxxx directory and all sub
| directories to Full access. If you do not want to set all users to
| full, you can substitute USERS to any login username you would like or
| EVERYONE. If you choose EVERYONE, beware since this opens it up to
| internet folks.
|
| If you want to get the command for CACLS, type in by itself.
|
| Use this at your own risk. This has allowed me to open my Program Files
| so that users can run games and other programs and save their games.