Group policy - which is a user interface control and not a file level control. This is to control the user's from making changes to the computer. It does not prevent other sources from making changes. Therefore a properly written attack can install objects to any of the connected user's area of access (<user>My Documents, <user>Desktop, and so on). An example is a patron sees a graphic on-line and right clicks the mouse for the shortcut menu and selects Save as Background. The graphic is now saved as the displayed wallpaper for the user. --- Ooops, bad example. I just remembered I can lock that out too. Well I hope you get the idea.RussellHltn wrote:How are you locking this? It sounds like a lock at the user interface rather then at the file level.
Must have admin rights to access another user profile and the sub folders.RussellHltn wrote:Which suggests that maybe it would be a good idea to set up a second user with the privileges needed to browse the Patron files but without having admin rights.
I'm just saying in my other posts is that having a good anti-virus is a very good idea if you want to protect your computer. Going without is risky business.