How can I limit other (administrator) users access to my profile?
Solution 1
You can't, it's as simple as that.
Solution 2
Try to change your point of view: change every account in common users, then give 'em permission to install softwares, thus holding your super-admin-powers for yourself!
Solution 3
Probably the best solution is for each user to encrypt their files using EFS. While you cannot prevent other admins from listing the contents of each folder, EFS will encrypt the files to where not even an Admin can decrypt them unless it has been provided a copy of the private key or a backup certificate.
Since the Administrator group is built in, you cannot change the permissions for it.
Related videos on Youtube
Comments
-
yitzih over 1 year
We in our club have a computer with Windows 7 Professional that every club member may use. And everyone has their own separate account.
Those accounts have to have administrator priveleges since I want everyone to be able to install any software and use any feature they want. However, there is a single thing that they shouldn't be allowed to do - that is, look into another users' profiles. Now when anyone goes to 'c:\Users(Any User Name)' a little prompt appears that this folder is secured and whether you really want to look inside. Simply clickinh 'ok' give you access to any profile.
I tried disabling taking ownership for Administrators group in Group Policies but that had no effect. How can I effectively prohibit administrators looking into each others' profiles and documents?
-
yitzih about 14 yearsThought of that. Though, it seemed to me that difference between User and Administartor in Windows 7 is not only installation of sofware. They should be able to succesfully elevate in UAC and be detected by legacy software as administrator. I just thought there must be an easier way.
-
yitzih about 14 yearsAny prooflink on that? Isn't there any way to protect a directory from an administrator on NTFS partition?
-
MDMarra about 14 yearsHow can you protect a directory from an administrator? The administrators group inherently has the ability to change permissions on NTFS volumes, so no matter what you change it to, they can change it back.
-
MDMarra about 14 years@kojo - I think you're trying to solve this problem the wrong way. Having users keep files on a network share with the necessary ACLs or even a flash drive that you carry with them would be more appropriate than trying to neuter the Administrators group.
-
surfasb about 13 yearsThis is true. The admin group is a built in group. The permissions cannot be changed.