question

72234637 avatar image
0 Votes"
72234637 asked 72234637 answered

Standard users are able to change permissions in AppData folder?

Why is this possible, and how do I fix it?

My goal was to block internet browsers from being accessible. I 'disabled inheritance' and removed the standard user, but within security settings they are able to still add their user name back and easily gain access...

Can anyone offer help???

windows-10-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @DustinWassner-1215,

Thank you for posting here.

To better understand your question, please confirm the following information at your convenience.

1.Based on "Standard users are able to change permissions in AppData folder?", do you mean the user is local user or domain user?

2.Based on "Standard users are able to change permissions in AppData folder?", do you mean the user is able to change permissions in his/her corresponding AppData folder?

For example:

user1=>can change permissions on AppData folder in user1's profile
user2=>can change permissions on AppData folder in user2's profile
user3=>can change permissions on AppData folder in user3's profile

3.Is your Windows 10 domain-joined machine or non-domain-joined machine?

4.Based on "My goal was to block internet browsers from being accessible. I 'disabled inheritance' and removed the standard user", did you make these changes when you log on their machine using local Administrator? If no, how did you make these changes?


Should you have any question or concern, please feel free to let us know.



Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

72234637 avatar image
0 Votes"
72234637 answered

I believe local user. This is for a laptop that has multiple users. One is an admin and the other is a standard user.

When logged in as the admin, I changed permission on folders in the AppData folder ie. chromium, etc. I disabled the inheritance permissions and removed all permissions from the standard user

When logged in as the standard user, I am able to add the standard user back and enable all permission again, rendering the program at hand fully functional.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @DustinWassner-1215,

Thank you for your update.

I have done a test in my lab.

And I got the same result as you.

Test:

1.Log on one machine with built-in local Administrator account.
2.I 'disabled inheritance' for AppData folder of another standalone user "test1" and removed all permissions on AppData folder of another standalone user "test1".
3.Log on the same machine with the standalone user "test1", I can add permissions AppData folder of the standalone user "test1".


Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

72234637 avatar image
0 Votes"
72234637 answered

My question - what can I do to prevent standard users from accessing certain programs? Apparently user permissions aren't actually a real thing, since anyone can change them...

Dustin

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.