I recently switched from Windows XP to Windows 7. I have an admin account and a limited account. I noticed that on the limited account, if you search for a file on your computer, the limited account can access even admin files. How do I fix that?
Everything says it's only shared with me. On music the security tab shows the groups/users that have permission are system, my account, admin, and WMPNetworkSvc (groups/users on all most of my files have system, my account, and admin with permission). Also pictures and videos have the WMPNetworkSvc on them. Maybe that's what's letting the other accounts access my stuff?
WMPNetworkSvc is part of the WMP network sharing service and has nothing to do with this problem.
As for removing access you are already on the right way... to make it better understandable I will call the account whose files you want to protect "MyUser"
1. login with MyUser
2. right-click and select properties on the users folder C:UsersMyUser
3. click on edit and remove all the users you don't want to have access
Do not remove any other entry like the SYSTEM or Administrator group, WMPNetworkSvc, etc...
This method applies to any "MyUser" no matter if it's an administrator or standard account.
An administrator account however will always be able to access another users (or admins) files and folders regardless of these permissions
Well all I had on that was system, "MyUser", admin, and home users. I removed home users and that didn't solve the issue.
Sorry for revisiting this but are you sure you changed the permissions for the correct user and folder?
You said your limited user is able to access the admin files. So obviously you will need to login with the admin and remove the "limited user" from the permission list [of the admins folder e.g C:Usersadmin]
These permissions are NTFS ACL (Access Control List) that means if the user is not on that list he simply shouldn't be able to access it ~ independent from Windows 7.
The only exception being if that user has administrator privileges [and therefor isn't a standard user account].
I tested this on a clean Windows 7 installation and my result was:
By default a standard user account cannot access any other users folder.
If the standard user tries to access it he is prompted for the password of this specific user. Once the password is entered he is added to the folders permission list. Once removed from there access is denied and the password prompt reappears.
Therefor I would like you to do the same test ~ at least to the point where your newly created standard user should be prompted for the password.
Other then that the only thing I can come up with (for now) is trying to change the admins password and see if that helps.
I did change the permissions on my admin account. Should I just leave the permissions as system and admin and not leave myself on the list even though I'm the admin (and wouldn't that result in me having to type the password to do Everything)?
Sorry, I'm a bit confused about your comment all together.
Which user account is the administrator of the computer (has administrator privileges) and which one is the standard account that you don't want to access the other users files & documents?
If you yourself - that is your account - is the administrator then it's normal behavior that you can access other users files, Music, Documents and whatever.
My account is the admin account that I was changing permissions for so that the limited account couldn't access my files in windows search (start menu search/search feature in windows explorer) but it didn't work right since the limited account can still access my files.
Then try it the other way round:
add the limited account to the permission list and select DENY on all permissions
One last resort option would be to entirely wipe and reset the permissions including a deny for the limited account. However this should be done carefully because if you mistype you may end up locking yourself out of your files.
1. click on Start and type "cmd" in the search box
2. right click the command line result and select "Run as administrator"
3. type the following command replacing with your actual account name and with the limited accounts name
cacls C:Users /t /p SYSTEM:f Administrators:f :f :n
*** one additional warning is that depending on the language settings the Administrators group may be named different
ok i guess i understand what you mean .
in Win 7 , when you click on the libraries button in the start menu ,
it shows you various contents of the libraries .
and all that .....
now Right click on the Music folder and go for Properties .
now click on sharing and configure it to be shown only to you , that is the Admin
and restrict its usage to any other account holders ...
it works ...
right click , and stop sharing .
Well I'm not sure if it shows all files but, it does end up showing my documents, music, and pictures. I can't just relocate my music folder because itunes will act all wacky. Right clicking on the music folder on libraries (as this is windows 7) doesn't have a security tab.
You have to right-click on the Music folder within your users directory e.g.
The Music folder within libraries is no actual folder but a consolidated view of all files and locations specified as music ~ a library.
Right click on the file or folder, select "properties" and navigate to the "security" tab. Edit the permissions to only allow administrators (or your user/group) to read these files.
File and Folder Permissions
How To Change File/Folder permissionsUnderstanding File Permissions
its simple .
take ownership of that file .!
heres how ,
create a special folder and name it what ever you want . , say -- xyz .
now put the file or folder which do not want to show to any one else and restrict its usage , inside it ,
now Right Click on the Folder you Just Created , ' xyz '
just right click on it ,
and scroll to where it says --- " Share With "
and click -- " NoBody "
click on what ever users name you want to share with ..!
the file set as not to be shared with any one will now be blocked from read and right access from all except the owner .!
( there are certain files , which Windows wont allow you to take ownership . just run this tool , and it would enable an option of -- " Take Ownership " in the context menu ... http://www.softpedia.com/get/System/OS-Enhancements/Rizone-Take-Ownership-Shell-Extension.shtml )