User Privilege, Realistic on Xp?

[pointertovoid]

 Hello dear friends!

 

On W2k I always defined one admin and several "power user" identities. This does bring some better security than surfing as an administrator.

 

Trying to reinstall my Xp better, I defined my usual identity as "user" since I didn't find a "power user". Though, many applications work badly: window size and position not remanent, bookmarks forgotten, registry error messages when opening, and so on. It happens more on not-so-recent (=Win95) applications, but nearly all these work well on W2k with power users.

 

Meanwhile I've allowed users to write in all program folders, in the "all users" folder, and more. It seems that the register's protection makes more problems, and there, editing the protections didn't help much - some keys should be recreated everytime, unprotecting the existing one doesn't help, or something similar.

 

Is that a known issue with Xp? Are there remedies?

I slowly grasp that people have some reasons to define only identities with admin privilege on Xp, but that's a serious loss of security.

[jaclaz]

I have "Power Users" group fine in XP. so you should have that group as well:

https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_default_settings.mspx?mfr=true

 

My personal definition of Windows XP as "a Windows 2000 with some added bells and whistles" still stands, XP is fundamentally 2000, one year later.

 

jaclaz

[vinifera]

XP is tweaked 2000 with better gaming support

just as "7" is tweaked Vista

just as "10" is tweaked "8"

Edited June 1, 2015 by vinifera

[pointertovoid]

The picture about Xp accounts is clearer now.

 

Some older applications didn't care about multiple users nor file and registry protection as Win didn't offer any or was permissive then.

 

On W2k, I defined  "power user" accounts because they allowed such applications to run, without investigating the cause.

 

For Xp, Microsoft legitimately tried to encourage the safer "limited user" accounts instead of the "power user". The control panel only proposes "limited user" and "administrator" accounts. MS also created a label for applications that would run from a limited user account.

 

Though, computer manufacturers and individual installers observed that too many applications couldn't run from a limited user account, and consequently they create only administrator accounts, which goes against the security goal.

 

----------

 

On Xp, "power user" accounts can still be created and modified, by

C:\Windows\system32\compmgmt.msc

which offers more flexibility than the Control Panel.

 

This permitted me to run the older applications as they did in W2k with the "power user" accounts. Less safe than a "limited user" if this were possible, but safer than defining only "administrator" accounts.

 

One example of application that ran badly is Paint Shop Pro 4, because it tried to create new keys in [Hklm] which the limited users can't. I tried to grant to limited users the right to write in the registry section but only managed to brick my Xp, and its install Cd won't repair that.

[j7n]

The Users control panel has a dumbed down "web" style and seems to be ahead of its time.

The older Users dialog is still present in XP and can be called via this command:

rundll32.exe netplwiz.dll,UsersRunDll

But the Management Console works too.