How would you restrict a user from accessing local documents?

[touch]

I have a computer which i'm working on which was set up by somebody else. It needs to be fixed before monday, so i wont get a chance to speak to the guy and ask him how he did it.
The computer was severely locked-down to restrict users from accessing pretty much everything.
Under the user's account, i click on 'my Computer', it wont open and says i dont have permission. (I have added the user account to local admins group)

I have local admin access to computer, domain admin access and admin access to domain controller.

So how would you have set this up? (and how would i undo it?)

 

[Spammeh]

group policy, local policy, etc

 

[RDM]

If you are an admin you should be able to take ownership of the folder, have you checked the permissions on it to see if Admins have been removed?

 

[Slobbo]

Not sure if I'm teaching grandma to suck eggs, but have you tried Properties / Security / Advanced, and messing about with ownership and permissions?

 

[Energize]

Live boot USB, sorted. It's never ideal to actually log on to a machine you're working on for these reasons.

 

[Pawnless Endgame]

He doesn't want strangers / PC repair technicians / law enforcement to know that he has warez and illegal pr0n on his 'puter.

 

[Housey]

Live boot USB, sorted. It's never ideal to actually log on to a machine you're working on for these reasons.

If it's that locked down I would suspect it's USB ports are locked down too.

 

[helmet]

Put Win XP on it, you wanted it fixed, right?

 

[Energize]

If it's that locked down I would suspect it's USB ports are locked down too.

Nope because the os that restricts everything isn't booted.

 

[Fuzz]

Reset the Admin password in the BIOS

 

[Housey]

Nope because the os that restricts everything isn't booted.

But surely a hardened environment would deal with that at BIOS level?

 

[grumpysculler]

But surely a hardened environment would deal with that at BIOS level?

Ours certainly does. The only available boot options on general machines are hard disk and PXE. On the secure machines, only a particular removable caddy will boot in a given tower.


If OP has an admin account, format c: should do the trick.

 

[Energize]

But surely a hardened environment would deal with that at BIOS level?

CMOS can be reset in an instant. Unless it's a machine custom built by MI6, restrictions are gonna be pretty easy to bypass. Judging by the fact that computer is not even encrypted I would assume it's not.

 

[Sin_Chase]

CMOS can be reset in an instant. Unless it's a machine custom built by MI6, restrictions are gonna be pretty easy to bypass. Judging by the fact that computer is not even encrypted I would assume it's not.

Custom BIOS.

Don't need MI6 to configure that.

But anyway, as you said. Local drive encryption is used in any serious environment anyway.

 

[wildman]

cut their hands off with a Machete, they won't be accessing a lot of things after that..................

 

[Sin_Chase]

cut their hands off with a Machete, they won't be accessing a lot of things after that..................

Copying body:\blood to floor:\blood
Transfer Rate: 2 Litres/Minute

 

[Energize]

Custom BIOS.

Don't need MI6 to configure that.

But anyway, as you said. Local drive encryption is used in any serious environment anyway.

So move hard drive to external computer then. Would make no sense using a custom BIOS if encryption is not used though.