Page 7 of 7 FirstFirst ... 567

  1. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       29 Sep 2016 #61

    I am not using a public network, nor a homegroup of any kind.

    I had a chance to test the windows repair program on Tweaking.com yesterday, and it has an option to reset permissions to default. If you would like to try it, let me know. But I would remove all homegroup/network sharing before doing it, so you can start fresh.
      My System SpecsSystem Spec


  2. Joined : Aug 2016
    Posts : 157
    Windows 10 64 bit, 1607
       29 Sep 2016 #62

    simrick said: View Post
    I am not using a public network, nor a homegroup of any kind.

    I had a chance to test the windows repair program on Tweaking.com yesterday, and it has an option to reset permissions to default. If you would like to try it, let me know. But I would remove all homegroup/network sharing before doing it, so you can start fresh.
    Hi Simrick,

    Thanks for your offer. I've got a very helpful guy over at superuser.com helping me to reset the permissions so we'll see how that goes first...

    Basically the Users folder should not have been shared and the individual user accounts should not have inherited full control. Why it ended up like this I'm not sure yet.

    I'd still be interested to know more about your program...
      My System SpecsSystem Spec


  3. Joined : Aug 2016
    Posts : 157
    Windows 10 64 bit, 1607
       30 Sep 2016 #63

    Hi Simrick,

    I'd like to try the program you have. Unfortunately it's become to complex to workout with back and forth comments over the forum.
      My System SpecsSystem Spec


  4. Joined : Aug 2016
    Posts : 157
    Windows 10 64 bit, 1607
       30 Sep 2016 #64

    Steve C said: View Post
    If you try to access another user's files from your local account, I you should get a UAC prompt requesting the admin password for access after which the permissions will be changed allowing you permanent access to the other user's folder. See the enclosed prompt when I just tried to access my backup admin account from my user account - I would get permanent access if I followed through and entered the admin password.
    Attachment 102770
    I think this has been my issue all along. Being new to multiple accounts I must have granted one time access to to the administrators user folder from my newly created standard account and not thought anything of it. I've then totally overlooked what you guys were saying about the ONE TIME ACCESS still thinking that I shouldn't be able to access the admins user folder from my standard user account!

    I'm so sorry, I've probably really confused you guys!

    I've run @fdegrove's acl.bat again in the hope that it has restored any wrong changes that I've made along the way. Should you know if the acl.bat has been successful once you've run it?

    On a side note, why does access to administrator locked folders/files only need a one time permission to access?
      My System SpecsSystem Spec

  5.    30 Sep 2016 #65

    It doesn't matter if your user is part of the Administrator group or not (as long as you don't mess with UAC).

    In both cases you will by default start processes as a standard user. The difference is that if you are part of the Administrators group you can override the prompt "Do you want this app to make changes to your device". If you are not then you have to enter the password from an administrator. That is all.

    The end result is the same - the launched process will have Administrator privileges and can do what it wants. It has been this way since Vista. You can check this by looking in the details tab in task manager if you right click and add the elevated column - here are 2 command prompt windows - one running as Administrator permissions (I accepted the prompt) and one not.

    Click image for larger version. 

Name:	cmd.PNG 
Views:	0 
Size:	32.7 KB 
ID:	103746

    Do whichever you find more convenient but just don't (in either case) just say "OK" if you aren't sure what the program is or you don't trust it. Except for installation most program should not require Administrator privileges unless they are utilities looking into the whole system not just your data. If a program asks you for this permission you should question why they do and (by default) say no unless you are sure.

    In regards to your question "Why do you only have to do it once" about accessing folders that is because after you have given it authority to do so your user is granted permanent authority to the folder. The one time task has been done and you now have permanent authority.

    It tells you this at the time...

    Click image for larger version. 

Name:	Capture.PNG 
Views:	19 
Size:	12.9 KB 
ID:	103750

    Personally my profile is set as local admin and there is not (afaik) any risk from doing this.

    Other users on my PC I set as standard users as I don't trust them not to just click "OK" on everything.
      My System SpecsSystem Spec


  6. Joined : Aug 2016
    Posts : 157
    Windows 10 64 bit, 1607
       01 Oct 2016 #66

    After granting permanent access let's say you wanted to make it inaccessible again how would you do that?
      My System SpecsSystem Spec


  7. Joined : Aug 2016
    S/E England
    Posts : 1,112
    10 Home x64 (1607), Pro x86 (1511 & 1607)
       01 Oct 2016 #67

    Kol12 said: View Post
    After granting permanent access let's say you wanted to make it inaccessible again how would you do that?
    In File Explorer, right-click on the folder and select Properties. On the Security tab you will see your user account is listed as having full control. Click the Edit button, select your user account in the list. DO NOT TOUCH any of the other names. Click Remove, then Apply (or OK).

    You will see a message window saying it is applying changes - then immediately an error message saying (basically) you can't see what you're doing because access is denied (well, it would be, wouldn't it - you've just denied yourself access). Despite the apparent errors, you have successfully removed your access to the folder (until next time you click on it and are asked if you want permanent access).
      My System SpecsSystem Spec


  8. Joined : Aug 2016
    Posts : 157
    Windows 10 64 bit, 1607
       01 Oct 2016 #68

    Bree said: View Post
    In File Explorer, right-click on the folder and select Properties. On the Security tab you will see your user account is listed as having full control. Click the Edit button, select your user account in the list. DO NOT TOUCH any of the other names. Click Remove, then Apply (or OK).

    You will see a message window saying it is applying changes - then immediately an error message saying (basically) you can't see what you're doing because access is denied (well, it would be, wouldn't it - you've just denied yourself access). Despite the apparent errors, you have successfully removed your access to the folder (until next time you click on it and are asked if you want permanent access).
    I thought it might have been something along the lines of this except instead of removing the user I thought you might have to limit their permissions. I tried it myself and limited the user from full control to only read & execute, list and read permissions but that didn't work. It makes sense to remove the user though...

    While doing this I received an error similar to what you describe, a "failed to enumerate objects in the container. Access is denied." It seemed to be for multiple files and folders. I edited these permissions as administrator and they were for a standard account.
      My System SpecsSystem Spec


  9. Joined : Aug 2016
    S/E England
    Posts : 1,112
    10 Home x64 (1607), Pro x86 (1511 & 1607)
       01 Oct 2016 #69

    Remove the user is the correct action. You can look at the permissions of a folder to which you don't have access by looking at the Properties/Security tab, clicking Advanced then 'Click Continue to attempt the operation with Administrator privileges'. You user account will not be listed. After trying to open the folder and clicking '...Continue to permanently get access to this folder' the only change is that your user account has been added to the list.
      My System SpecsSystem Spec


  10. Joined : Aug 2016
    Posts : 157
    Windows 10 64 bit, 1607
       01 Oct 2016 #70

    Bree said: View Post
    Remove the user is the correct action. You can look at the permissions of a folder to which you don't have access by looking at the Properties/Security tab, clicking Advanced then 'Click Continue to attempt the operation with Administrator privileges'. You user account will not be listed. After trying to open the folder and clicking '...Continue to permanently get access to this folder' the only change is that your user account has been added to the list.
    Thanks for providing that information. What other folders would a standard user usually not have access to? I seem to be able to browse around most of the OS in my standard account...

    I had a brief issue the other day when logging into the administrator account. It was almost stuck on loading when logging in and took a long time to open up to the desktop. When it did open I was greeted with an error similar to the one we've mentioned and it was something to do with access denied to the desktop. The background was black, there were no desktop icons and the start menu didn't work. I kinda started panicking as I didn't know what had happened and I couldn't recall making any changes anywhere. Another error then popped up very breifly that I didn't have time to capture. I then either restarted or shutdown and the account returned to normal.

    Does this sound like something to be concerned about?

    What stands out in Event viewer after this happened is this:

    "Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.


    System Error:
    Access is denied."

    Source: CAPI2

    Event ID: 513
      My System SpecsSystem Spec


 
Page 7 of 7 FirstFirst ... 567


Similar Threads
Thread Forum
should I use a standard user account?
Is it still recommended to do your daily tasks in a non-administrator user account, or is that obsolete advice in windows 8-10?
User Accounts and Family Safety
Move/copy-paste User Account data & docs to New User account same sys
Guys I have done this in the past but cannot recall how and don't want to botch. I had hoped Windows 10 corrected the "rename user account" function but nope. I renamed a User Account due to conflict on the LAN and sure enough, now I have two...
User Accounts and Family Safety
standard user account and drive formatting
In Windows 10 Pro is there a way to prevent a user without administrator privileges using a standard account from being able to format a usb drive? "Perform volume maintenance tasks" is set for Administrators (Group Policy), which must be the...
User Accounts and Family Safety
Solved How to disable a user account in W10 Home?
I know I can't access the local users and groups policy in this version, but I can't figure on how to -temporarily- disable my kid's user account so that it cannot be logged in. Thanks!
User Accounts and Family Safety
Something really annoying - Win 10 Home user account.
Yesterday I've upgraded to Windows 10 Home 64 bit, from my Windows 7 64 bit Home Premium. Then I clean installed it, after the OS was activated. I used a local account and I have never switched to any of my Microsoft's e-mail accounts. The...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:57.
Find Us
Twitter Facebook Google+



Windows 10 Forums