Solved

Local Users - Can I disable them from downloading and executing files?

Posted on 2003-11-04
6
160 Views
Last Modified: 2013-12-04
On my home pc running windows xp home without the use of third party software is it possible to disable the guet accont from running writing to the hardisk.

I mean if this is not possible that means anyone can download a trojan horse or keylogger and infect the computer??
0
Comment
Question by:Ricky11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 9679866
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9679871
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9679875
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 24

Expert Comment

by:SunBow
ID: 9682622
a) disable guest account   (many recommend eliminating it, but I rather like having one, my XP home came with default of being  without one)

b) Right click shared folder(s) to protect.  Select 'security'.  Deny any access you care to for any user group, whether by name, ID, or what have you. Is 'everyone' still configured?  

Make sure of course everything is backed up well, a boot disk handy, and restore process in place, including backup admin persons

Two things to bear in mind.

1) Windows requires people to be able to write to their OS directories to function ! <ugh> ! Go figure.

2) hmm I've already forgotten what was #2. How about I repeat my above insert of- be sure to always be prepared to undo any 'mistakes', which in this case can be close to rebuild if things go awry.  You can, for example, restrict a shared space, and deny access to yourself by mistake. Be prepared.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9682714
> I mean if this is not possible that means anyone can download

Not really, or rather, not all the time.  Most of these require what are called Admin or System privelege. They take authority of user, who usually prefers to be in an admin group already so they can install easily themselves.

Better, to set even yourSelf up the other two IDs. One is your own separate ID as an Administrator as backup for mistakes, or tracking something in debug. The other is to give yourself less power, make yourself a regular user when not installing things, but accessing the internet.

Concerning the trojans, another thing they are is that they are executed, not usually among a bunch of downloaded files.

Where they are D/L'd, even for a 'guest' such as niece or nephew, they are part of perhaps an email system that requires write access to temp directories or Windows or something, so you sort of have to let them do just enough D/L to be danderous or there is nothing at all they can do on the system and they will go away in a huff.  Even trying to do a web browse, reading of internet files as for homework, the browser requires some tempory space available for downloading the webpages themselves, including som graphics, and maybe sound.  So you are stuck between a rock and a hard place there, if you cannot write to disk, then there's no mail, no internet, no game(save/net), no fun. So, why boher with a guest ID no one will want to use?

As I say, not easy to do entirely, but to keep them out of some places with the restrictions.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 9708134
- "I mean if this is not possible that means anyone can download a trojan horse or keylogger and infect the computer?? " 

- Yes if the files system is formatted with FAT32 or FAT16
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question