Are there any methods to secure a single user account on a computer running Windows 7? By secure I mean protect the user folder from being accessible by other users on the computer and possibly from external examination (e.g. if someone mounts the HDD externally).
答案1
Change the file permissions, like in http://answers.microsoft.com/en-us/windows/forum/windows_7-security/how-do-i-get-round-windows-7s-file-permissions/d048994f-7a95-469d-b2f5-b334b236a5e3 explained
Other ways are using policies, blocking all access with a firewall or only having 1 user ;)
答案2
Generally in Windows 7, a user's folder is not accessible by other users, unless they have administrative rights. You cannot block an admin from accessing or taking ownership, because otherwise you risk making files inaccessible. But if the other users are just regular users, they can't see each others' folders/files unless the user explicitly makes the location shared.
In fact, in Windows 7 by default you don't even have full rights to everything under your own profile structure.
But if you wish to lock it down more, you can set the ACLs on that folder tree to give rights -only- to the individual user (except for admins), i.e.
to remove "Users" and added "whoisit" you'd use the following commands:
icacls c:\users\whoisit /inheritance: d
icacls c:\users\whoisit /grant:r "whoisit": (oi)(ci)F
icacls c:\users\whoisit /remove "users"
The first line sets the inheritance. Second line grants "whoisit" rights, replacing rather than adding the permissions being set, and using inheritance. Third line removes "users", blocking all other regular users (which may not even be necessary.)
Note that Home editions of Windows don't generally allow you to restrict sharing in the same way.