Solved New User Does Not Appear In Security Tab

slick

New Member
Messages
7
I'm far from an expert, but what I'm trying to accomplish is I need to have one User Account that has Administrative rights to access all aspects of the computer (W 8.1 Pro) EXCEPT for two folders. My plan was to create a new Administrative user which I did, and then go to the Properties window of the folder I want to exclude, choose Securites, choose the User I want to exclude and then choose Deny for all permissions for that folder. I thought it would be simple, but unfortunately, this new User Account does not appear under Group Or User Names in the Security Window and I don't understand why. I'm sure it is a simple explanation, but I do not want to aimlessly muck around and screw the whole computer up. I just want to exclude two folders in this manner, and hope someone more knowledgeable can describe how to accomplish this.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy M6
    CPU
    Intel i5-3210M 2.5Ghz
    Memory
    8 GB
Hello slick, and welcome to Eight Forums.

It would basically be a waste of time to do this since that account has administrator rights. The user could just as easily change the access rights.

The only way to prevent them from access it to make them a standard user, then deny them read/write access.

Hope this helps, :)
Shawn
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Hmm. My problem is that I need to have a software developers log into this machine to do testing and they need access to everything (system level, etc.) but I have two folders of business stuff that I have a duty to protect. I wanted to set them up as a User with Admin. rights so they can access the rest of the machine. It seems strange that with all of the complexity of the system, it is not possible to exclude two folders. I have another User that is set as an Administrator that does show in the list for some reason and the permissions for this User can be set to Deny Access, and after doing that they cannot access the folder. That is what lead me to believe I could do the same for this new User. If I make them a Standard User, I don't think they will have the access they need to test with this computer. I really don't want to go out and buy a new computer to give them access for a day or two of testing.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy M6
    CPU
    Intel i5-3210M 2.5Ghz
    Memory
    8 GB
If you have another hard drive, you could encrypt it with BitLocker and keep the folders on it. This will prevent access by anyone but your account.

Another option would be to use a free program like 7-Zip to password protect the folders to prevent access by anyone that doesn't know the password.

How to Use 7-Zip to Encrypt Files and Folders
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thanks for the suggestions but I can't move the folders from my machine because I have to travel with them and it is about 65GB of data that I have to access all the time so zipping probably isn't an option either. If I follow your first suggestion and make the User a Standard User, and then block access to the two folders, how do I go about allowing access to everything else (Programs, all aspects of the System, etc.) for a Standard User? Is this possible? Thanks for you patience--I warned you that I don't really know much about Permissions, etc.!
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy M6
    CPU
    Intel i5-3210M 2.5Ghz
    Memory
    8 GB
That really wouldn't be a viable option since it's for everything but two folders. If you were only going to allow access for a few things, it would be a great option.

I'm not sure of any other easy option to use other than to password protect the folders. :(
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thank you for all of your help, Shawn. FYI: I finally figured out that I could log into my Main User account (it is set as an Administrator with total control) and get the New User account to appear by clicking on Edit below the Group or User Names box in the Security tab of the Properties window for the Folder that I wanted to lock out. I then clicked on Add... and then entered the New User name in the Enter The Object Name To Select Box, clicked Check Names and then clicked OK after the New User name appeared in the box. This added the New User to the Security Tabs Group Or User Names list and then I selected this New User name and set the Permissions to Deny for everything listed (all of this was done from the Main User account using the Security Tab of the Properties window for the Folder that I wanted to lock out). It seems to have worked, because I still have access to everything from my main Administrative account (I hope!), and the New User account has access to everything except the folder I wanted locked out (in my case I did this for two folders). If you try to access those folders from the New User account you keep getting access denied errors so I suppose it is enough of a barrier that it would take some work to get in. I don't really know enough to understand if there is a method around this (there may be), but at least it would take some work to get in. My assumption is that because I set this up in the Main User account and I won't be sharing that account's login info with the people who will be logging into the New User account, it may be difficult. Am I right, or is this just wishful thinking? At least it makes me feel a little better that it has a bit of a barrier.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy M6
    CPU
    Intel i5-3210M 2.5Ghz
    Memory
    8 GB

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Trying to restrict an admin account with permissions is an exercise in futility. Any permissions you may remove or deny can easily be taken back. This right cannot be denied any admin account. It is really quite simple to do with instructions to be found all over the Internet. This is by design and a fundamental aspect of the Windows security model.

You need to find some other solution to your problem.
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    PC/Desktop
As usual, a good plan is thwarted by Microsoft! What I envisioned was an Administrator not being able to change the action of another Administrator without access to the originating Administrators account. Guess not. It wish there was the ability to have a "Super" Administrator that could have a level of control over all other Administrators...it seems this would open up more options for controlling access. So if I am understanding correctly, the locked out Administrator could gain access by taking Ownership of the folder? If that is the case, that is the part I didn't understand was possible.

As for other options, Bitlocker was mentioned. I read up a little about Bitlocker yesterday and it appears that it has the capability of encrypting an individual partition (Data Partition), which would work for us as long as the separate System partition is unaffected (I am partitioned into a System and a Data Partition). If this is true, does the Bitlocker encryption stay in place if a User other than the User that set it up logs on? In other words, if I log on with my Main User account and apply Bitlocker to just the Data Partition (leaving the System Partition unencrypted), will the New User unlock the Bitlocker encryption when they log in, or will the encryption protect my Data Partition from them while still allowing them access to all of the Programs, System Files, etc.?

I know my ignorance of all of these issues is probably frustrating (it is for me!) but I greatly appreciate all of the advice...and I'm learning a bit in the process.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy M6
    CPU
    Intel i5-3210M 2.5Ghz
    Memory
    8 GB
As usual, a good plan is thwarted by Microsoft! What I envisioned was an Administrator not being able to change the action of another Administrator without access to the originating Administrators account. Guess not. It wish there was the ability to have a "Super" Administrator that could have a level of control over all other Administrators...it seems this would open up more options for controlling access. So if I am understanding correctly, the locked out Administrator could gain access by taking Ownership of the folder? If that is the case, that is the part I didn't understand was possible.

As for other options, Bitlocker was mentioned. I read up a little about Bitlocker yesterday and it appears that it has the capability of encrypting an individual partition (Data Partition), which would work for us as long as the separate System partition is unaffected (I am partitioned into a System and a Data Partition). If this is true, does the Bitlocker encryption stay in place if a User other than the User that set it up logs on? In other words, if I log on with my Main User account and apply Bitlocker to just the Data Partition (leaving the System Partition unencrypted), will the New User unlock the Bitlocker encryption when they log in, or will the encryption protect my Data Partition from them while still allowing them access to all of the Programs, System Files, etc.?

I know my ignorance of all of these issues is probably frustrating (it is for me!) but I greatly appreciate all of the advice...and I'm learning a bit in the process.



Don't worry about it. None of us know everything, and that's what asking questions is all about. :)

Yes, you could encrypt only a data partition with BitLocker. No other user (including an administrator) will be able to access it without having the password or recovery key.

http://www.eightforums.com/tutorials/21115-bitlocker-turn-fixed-data-drives-windows-8-a.html
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Any admin account can take ownership of any folder belonging to any user and change permissions for any file or folder. Such an account can also change the password or other account details of any user account, including an admin account, without knowing the existing password. All admin accounts are equal. The built in Administrator account has some differences but none are relevant to your situation. I agree with all of this 100%. In a limited context it may seem desirable that you could limit an admin account. But in a general sense not being able to do any of the above could create some serious problems. Such as an administrator not being able to do his job.

The intention is that each computer will have one or a small number of TRUSTED administrators. Trust is essential. They have full access to everything on the computer. Whatever access they may not have initially they can easily obtain. An admin that does not have all of these rights isn't really an admin at all.
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    PC/Desktop
I understand now how this won't accomplish what I wanted it to. It does seem odd to me though that a complex system like Windows would have no capability to keep an individual folder or file private while allowing access to the rest of the computer. I'm always trying to go against the grain in all things, I guess!

I apparently need to look at Bitlocker as a solution, but don't have a TPM chip in my computer. I guess I can still use Bitlocker but need to manually enter a password key each time I log on, right? I trust that Bitlocker has proven to be reliable and won't hose all of my data unless I lose the key.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy M6
    CPU
    Intel i5-3210M 2.5Ghz
    Memory
    8 GB
You could set to have to enter a password each time before being able to access the encrypted drive.

An alternative, is to have Windows automatically allow you access to the encrypted drive. Other users will still be denied access.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Shawn,

Thank you and everyone else for all of the great information. It sounds like Bitlocker is the best solution to my problem. Again, I really appreciate the help and I will mark this as solved.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy M6
    CPU
    Intel i5-3210M 2.5Ghz
    Memory
    8 GB
You're most welcome. I'm glad we could help. Please let us know how it went. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top