Shadowprotect / backup related, but more just a general file / folder permission question - how to keep people out?

Take a windows 7 machine.  Create 2 users - bob and backup, both are local admins.

Bob will use the machine and you install shadowprotect on the machine. You connect an external usb drive to back up to - F:\images.

I am afraid that if machine gets crypto malware, it may encrypt the images.  People say to not give the user rights to that folder on the external drive.  Shadowprotect will run as 'system'?

I logged in as bob, right click on the f:\images folder, properties, security. I took out bob as having any rights. I gave the user 'backup' full rights (so I can get to that share if needed at some point).

When logged in as bob, if you click on that f:\images folder you get the message that you don't have rights  to the folder. >>>>  but (and here's the issue), it asks you if you want permanant access to that folder.

Is there a way to keep bob (yes, a local admin) from getting that simple prompt to get permanent access? Yeah, as an admin, he could add himself to the permissions / take ownership, etc.  I am OK with that. It's that simple 'want me to let you access the folder' question that I don't like.  I envision at some point they click on that folder, say yes, and then when crypto hits, the backups are trashed.

Or is the only way to get away from that message to make bob a standard user?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Never use a PC with an Account that has admin rights. That is terrible practice. Even Admins should run logon with a standard account, and if they need to do something that requires Admin rights, UAC pops up and they can enter the admin's account and password..

Always disconnect the USB disks you have backed up to once the backup is finished. Backups must always be removed when done. Cycle between several backup media, that reduces the risk.
That being said, think about this: Since uac is on, even crypto malware would nee to circumvent it, first. Since it cannot click away uac prompts it will fail running as Bob.

But why two admins in the first place, you should use only one if at all. Better elevate your processes when needed and work as non admin, since even uac has design flaws.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BeGentleWithMe-INeedHelpAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage Software

From novice to tech pro — start learning today.