Anti-virus programs and multiple WinXP user accounts

Discussion in 'other anti-virus software' started by Rory, Dec 3, 2003.

Thread Status:
Not open for further replies.
  1. Rory

    Rory Guest

    Hi all,
    When I do a scan with my Norton Anti-Virus or Ad-Aware software, does it scan all of the users' Documents and Settings (D&S) folders, or just that of the logged-on user?
    As all the users have set their D&S folders to 'private' I cannot actually look in them, but can the AV programs?
    Many thanks

  2. wizard

    wizard Registered Member

    Feb 9, 2002
    Europe - Germany - Duesseldorf
    No. As file/folder permissions are a security feature of the operating system and therefore no software can violate against that. If you want to scan those 'private' folders you have to do this under an user account (eg Admin) that has these access rights.

  3. Rory

    Rory Guest

    Thanks Wizard, I thought as much!
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Nov 20, 2002
    Run As ??
  5. nameless

    nameless Registered Member

    Feb 23, 2003
    An excellent suggestion. Yes, use the "Run as" feature of Windows XP to launch the scanner, and scan directories and files you wouldn't be able to as the current user. Besides just directories and files, certain parts of the system are restricted from limited users (such as boot sectors, which you cannot scan as a limited user).

    Here is Microsoft's explanation on how to use the "Run as" service. I have found that shortcuts can simply be right clicked, and holding the Shift key is unnecessary. Certain system objects (such as if you have the Control Panel "System" icon on your Desktop) won't display the "Run as" menu item unless you hold the Shift key down while right clicking.

    The "Run as" functionality is in WinXP Pro and WinXP Home. Make sure the "Secondary Logon" service is set to Automatic before trying to use it.

    Also, you can modify shortcuts so that right clicking is unnecessary. Just edit the shortcut properties, click the "Advanced..." button on the Shortcut tab, and select the option to "Run with different credentials". From that point on, when you launch that shortcut, you will get a dialog which prompts you to either run as the current user, or as a different user. (Note: The "Protect my computer and data from unauthorized program activity" option, when selected, prevents the launched program from accessing the HKEY_CURRENT_USER registry, and from changing user files. Most of the time, you will want to deselect this option, when running a program as the current user.)

    There are a couple caveats to using the option mentioned in the paragraph above. If you use shortcuts that point to directories (like I do), you will find that the "Run with different credentials" option is greyed out. The solution to this is to change the shortcut target to include Explorer.exe, rather than just the directory path (e.g. use "C:\WINDOWS\explorer.exe D:\ERUNT" rather than just "D:\ERUNT"). Also, if you create a shortcut to a batch (i.e. BAT or CMD) file, the option will be greyed out for it as well. Similar to the Explorer.exe workaround, the solution here is to point the shortcut to the command interpreter, CMD.EXE, rather than to the batch file directly (e.g. use "C:\WINDOWS\system32\cmd.exe /c D:\Data\Batch\ERUNT.cmd" rather than just "D:\Data\Batch\ERUNT.cmd"). The "/c" parameter simply makes the command window close after the batch file terminates.

    Another idea is to use a toolbar or "launcher" utility (such as those found here), and do a "Run as" to run it. Since any applications launched by an application that is running as a given user also run under that same user's credentials, this is a very convenient way of running several applications with elevated privileges, without having to enter a password over and over.
Thread Status:
Not open for further replies.