From: Tim Meddick on
The term "Private" is a Windows term - used when creating a new profile (a
new user), you are asked : "Do you want to make your files and folders
private?" and if you answer "Yes" to this ; the system automatically
re-sets file and folder security permissions to REMOVE the
"Administrator's" group access to that user's profile and, ergo, their "My
Documents" folder also.

That will just leave the "user" and "SYSTEM" as the only users granted

From what you have been posting, I believe that you have a competent grasp
of the security file and folder permissions and how to add / remove users /
groups from them.

As John has been saying (in this thread), you need to not only add the
"Administrator's" group (with full-access granted to it) to the folder that
contains all the folders / files you want to be able to access in a Win7
admin-level account, but also, tick the box labelled :

"Inherit from parent the permission entries that apply to child objects.
Include these with entries explicitly defined here"

....the word "parent" in this instance, refers to the folder you are
changing permissions on - i.e. the current folder.

*NB Once a folder has the "Administrator's" group added to it's security
permissions, and with all the granted access boxes ticked (i.e. full-access
granted to it) - then ANY user that is a member of the "Administrator's"
group in ANY Windows version, can then have access to it - not only the
operating system in which the folder was created / set permissions, but ANY
version of Windows that can "see" the drive the folder is on.

As you by now may realise; this is NOT so for the user named
"Administrator" - as this user, though named "Administrator" , has a
unique SID assigned to it - not so with groups.

In fact - that IS the reason for "groups" in NTFS file-system security.


Cheers, Tim Meddick, Peckham, London. :-)

"Larry Lindstrom" <larryl_turbo(a)> wrote in message
> < clipped >
> Thanks Again Tim and John:
> First, perhaps I have my nomenclature wrong. Is "private" some
> special flag or designation of a particular kind of file or folder?
> Other people will occasionally be using this PC. I'd like to have
> some files that only I can read or modify. I'd like these available only
> "larryl" on either XP or Win7. This is the meaning I attach to the word
> "Private".
> I will be the only administrator of this PC, so allowing only
> "administrators" access should be safe enough. I'm curious as to why I
> can't do the same with "larryl" when accompanied with a location that
> specifies the Win7 boot of this machine.
> I'll be posting the screen shots in another post.
> Thanks
> Larry

From: Larry Lindstrom on
On 6/10/2010 2:10 PM, Tim Meddick wrote:
> Agreed...
> ==
> Cheers, Tim Meddick, Peckham, London. :-)
> "John John - MVP" <audetweld(a)> wrote in message
> news:e1GaFhICLHA.4308(a)TK2MSFTNGP04.phx.gbl...
>> He also needs to replace the inheritance flag on all the files and
>> folders within the folder hierarchy, he has to propagate and replace
>> permissions entries on all child objects.

Thanks Again Tim and John:

I'm sorry I've abandoned my own thread. I've been overwhelmed with
a tide of work.

At this point I'm wondering. I've loaded Win7/64 on that other
drive. It's been useful for running remote assistant on my client's
Win7 system.

Any reason not to move everything over to Win7 as my base system,
and just use the XP partition for compatibility testing?