How do I change what files are accessible for limited accounts in Windows 7 search?

MarioMaster100 October 1, 2011

I recently switched from Windows XP to Windows 7. I have an admin account and a limited account. I noticed that on the limited account, if you search for a file on your computer, the limited account can access even admin files. How do I fix that?

  1. MarioMaster100
    October 2, 2011 at 6:34 pm

    Everything says it's only shared with me. On music the security tab shows the groups/users that have permission are system, my account, admin, and WMPNetworkSvc (groups/users on all most of my files have system, my account, and admin with permission). Also pictures and videos have the WMPNetworkSvc on them. Maybe that's what's letting the other accounts access my stuff?

    • Mike
      October 2, 2011 at 9:12 pm

      WMPNetworkSvc is part of the WMP network sharing service and has nothing to do with this problem.

      As for removing access you are already on the right way... to make it better understandable I will call the account whose files you want to protect "MyUser"

      1. login with MyUser
      2. right-click and select properties on the users folder C:UsersMyUser
      3. click on edit and remove all the users you don't want to have access

      Do not remove any other entry like the SYSTEM or Administrator group, WMPNetworkSvc, etc...

      This method applies to any "MyUser" no matter if it's an administrator or standard account.
      An administrator account however will always be able to access another users (or admins) files and folders regardless of these permissions

      • MarioMaster100
        October 3, 2011 at 12:12 am

        Well all I had on that was system, "MyUser", admin, and home users. I removed home users and that didn't solve the issue.

        • Mike
          October 3, 2011 at 1:31 am

          Sorry for revisiting this but are you sure you changed the permissions for the correct user and folder? 
          You said your limited user is able to access the admin files. So obviously you will need to login with the admin and remove the "limited user" from the permission list [of the admins folder e.g C:Usersadmin]

          These permissions are NTFS ACL (Access Control List) that means if the user is not on that list he simply shouldn't be able to access it ~ independent from Windows 7. 
          The only exception being if that user has administrator privileges [and therefor isn't a standard user account].

          I tested this on a clean Windows 7 installation and my result was:
          By default a standard user account cannot access any other users folder.
          If the standard user tries to access it he is prompted for the password of this specific user. Once the password is entered he is added to the folders permission list. Once removed from there access is denied and the password prompt reappears.

          Therefor I would like you to do the same test ~ at least to the point where your newly created standard user should be prompted for the password.

          Other then that the only thing I can come up with (for now) is trying to change the admins password and see if that helps.

        • MarioMaster100
          October 3, 2011 at 2:54 am

          I did change the permissions on my admin account. Should I just leave the permissions as system and admin and not leave myself on the list even though I'm the admin (and wouldn't that result in me having to type the password to do Everything)?

        • Mike
          October 3, 2011 at 5:53 am

          Sorry, I'm a bit confused about your comment all together.

          Which user account is the administrator of the computer (has administrator privileges) and which one is the standard account that you don't want to access the other users files & documents?

          If you yourself - that is your account - is the administrator then it's normal behavior that you can access other users files, Music, Documents and whatever.

        • MarioMaster100
          October 4, 2011 at 2:56 am

          My account is the admin account that I was changing permissions for so that the limited account couldn't access my files in windows search (start menu search/search feature in windows explorer) but it didn't work right since the limited account can still access my files. 

        • Mike
          October 4, 2011 at 4:37 pm

          Then try it the other way round: 
          add the limited account to the permission list and select DENY on all permissions

          One last resort option would be to entirely wipe and reset the permissions including a deny for the limited account. However this should be done carefully because if you mistype you may end up locking yourself out of your files.

          1. click on Start and type "cmd" in the search box
          2. right click the command line result and select "Run as administrator"
          3. type the following command replacing with your actual account name and with the limited accounts name

          cacls C:Users /t /p SYSTEM:f Administrators:f :f :n

          *** one additional warning is that depending on the language settings the Administrators group may be named different

  2. Mjevolve
    October 1, 2011 at 11:09 pm

    ok i guess i understand what you mean .

    in Win 7 , when you click on the libraries button in the start menu , 
    it shows you various contents of the libraries .
    and all that .....

    now Right click on the Music folder and go for Properties .

    now click on sharing and configure it to be shown only to you , that is the Admin 
    and restrict its usage to any other account holders ...

    it works ...

    right click , and stop sharing .

  3. MarioMaster100
    October 1, 2011 at 11:03 pm

    Well I'm not sure if it shows all files but, it does end up showing my documents, music, and pictures. I can't just relocate my music folder because itunes will act all wacky. Right clicking on the music folder on libraries (as this is windows 7) doesn't have a security tab.

    • Mike
      October 2, 2011 at 1:02 am

      You have to right-click on the Music folder within your users directory e.g.

      The Music folder within libraries is no actual folder but a consolidated view of all files and locations specified as music ~ a library.

  4. Jeff Fabish
    October 1, 2011 at 10:38 pm

    Right click on the file or folder, select "properties" and navigate to the "security" tab. Edit the permissions to only allow administrators (or your user/group) to read these files.

    See also:
    File and Folder Permissions
    How To Change File/Folder permissionsUnderstanding File Permissions

  5. Mjevolve
    October 1, 2011 at 10:24 pm

    its simple .

    take ownership of that file .!

    heres how , 

    create a special folder and name it what ever you want . , say -- xyz .

    now put the file or folder which do not want to show to any one else and restrict its usage ,  inside it , 
    now Right Click on the Folder you Just Created , ' xyz '
    just right click on it , 
    and scroll to where it says --- " Share With " 
    and click -- " NoBody " 
    click on what ever users name you want to share with ..!

    done !

    the file set as not to be shared with any one will now be blocked from read and right access from all except the owner .!

    ( there are certain files , which Windows wont allow you to take ownership . just run this tool , and it would enable an option of -- " Take Ownership " in the context menu ...    ) 

Ads by Google