Local User account can access files of Administrator account, BUG?

Hello,

I've created a Local account (Standard User) for family members to use my PC without having access to my personal files in my Administrator account. The problem is that I've noticed that you can bypass the password required to access the administrator's folder from the local account by just directly searching for files in the search bar.

Pictures:

Imgur: The magic of the Internet

Windows Pro version 21H2 (OS BUILD 19044.1586)

cereberus said:

But can you actually open files?

Yes.

Try3 said:

Might you have given access permission for that Admin's user folder to the std user account while you set it up?
Giving such permission to that folder is permanent but can be undone by examining & altering the properties of that folder while you are logged in as the Admin [which I assume means an Admin account you created rather than the Built-in Admin].
Change Permissions - TenForumsTutorials

By the way, you can post diagrams directly in your post.
How to Upload and Post Screenshots and Files - TenForumsTutorials

All the best,
Denis

Hi, I didn't give any permissions to the standard account while setting it up, in fact you're not given any way to do so when creating it. As you can see in the screenshot guest1 (standard account) doesn't even appear in the list, there's just system, my administrator account and administrators.

- - - Updated - - -

Update: For some reason, it appears that when creating a local account (standard user) windows automatically gives it permission to access files in the administrator folder (at least on my machine). So the solution is to add the local account to the list of users in the security tab of the administrator folder and deny the permissions.

The behavior you see is most probably, because the file "plan1.png" has access granted for the weak user. verify that. In that case, the behavior is normal and expected, since windows allows bypass traverse checking by default (which means, although the weak user may not enter c:\users\admin, he can still find files below it and access them if he's entitled to).