Originally Posted by Curio
Many thanks to both Curio and Kane. I can only concur with Rik's comment, well done!
Kane identified the definitive Microsoft article, but it does not say how the problem arose, ie where those pesky desktop.ini files came from.
Microsoft's first suggestion, to delete the offending files, did not work, because the files were in use, presumably by Windows. The second suggestion did work, to use Msconfig.exe and untick the desktop startup entry for each user.
The desktop.ini files store information regarding the layout of the desktop or display options of a folder for example to arrange the icons in alaphabetical order.
The reason why you normally can't see them is because Windows Explorer is hiding them from you but you can view another user's because their's aren't being used by Explorer. If you try to delete them Windows will replace them as it saves the default folder/desktop view options.
You can also force Windows to show them for you from a folder windows choose Tools>Folder Options>File Types and uncheck "Hide protected operating system files"
Really for security reasons (read to help protect you from viruses) all users should use limited accounts (this is even more important if they have Internet access), this also means that they can't see any other user's files unless you're the administrator, the only disadvantage is it breaks some old software - the choice is yours security vs backwards compatibility.
[bitch]This is one of the annoying things about Windows
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
wtf is -21787?[/bitch]
Thanks for your suggestion Aloone_Jonez. I've always been of the same opinion, and originally did have just one Administrator user.
However, because some things did not work, I restored each user back to Administrator type.
Following your comments, I'll have another try at having a single Administrator user with all 'normal' users restricted to Limited type.
What programs are you having trouble with?
Providing they don't access the Internet (I wouldn't recommend using browsers/file sharing software like Imesh that insists on being as admin) it's moderately safe to create links to them with the runas command.
http://www.microsoft.com/resources/d..._shortcut.mspx
This also works in XP Home.
For example if I want a open a command line with administrator privilages on my machine I create a new short cut on the desktop and where it says "type the location of the item" I enter the following:
runas /user:Admin cmd
You'll be promped for the password for the administrator account if you've set one which is a pain but I recommend it.
Two examples I came across today that do not work or have reduced functionality in a Limited account are:
(1) Publisher 95 refuses to save any document with an error 'Publisher cannot create a temporary working file.'
(2) Nero 6.3.1.18 does not show some of the selection icons, eg CD and DVD, and does not work to write to DVD.
Your suggestion of using Runas works when selecting Run as for the normal desktop shortcut, but I could not create a specific Runas shortcut that works.
I created the Runas shortcut by right-click on desktop, select New, select Shortcut, and type in
runas /user: pc\superadmin :"C:\Program Files\Microsoft Publisher\MSPUB.EXE"
Double-click on the Runas shortcut brings up a DOS window requesting the administrator user password, but nothing happens after the correct password is typed and Entered.
The specific Runas shortcut does not save much time, but would be useful if there was also a way to save the password, so that the program runs without a need to enter the administrator name and password.
[OT: I had to insert a space between : and p in the Runas command above, to stop that those two characters turning into a smiley. What's the proper way to prevent this smiley substitution, other than ticking 'Disable smilies in text'?]
You can run program as admin without having to type password using vb script. Copy and paste the following code into notepad and save with a VBS extension. Create shortcut to the script on the desktop of the limited account or other convenient location and change its icon. Since many anti-virus programs block VB scripts you may need to set it to allow this script. Change the dummy password with your admin password (Line:4) include the tilde at the end and add the full path of executable (Line:2). You can use environment variables (%WINDIR%, %PROGRAMFILES%....etc) in the file path.
Code:set oShell= Wscript.CreateObject("WScript.Shell") oShell.Run "runas /user:administrator ""path of executable""" WScript.Sleep 100 oShell.Sendkeys "youradminpassword~" Wscript.Quit
Last edited by Kane; December 29th, 2005 at 17:48 PM.
Posting Permissions
Reply With Quote
Bookmarks