Problems with my LUA

I had decided to try the LUA, SRP, KAFU type set up, but only opted for the LUA because right now I couldn't focus on setting up the SRP and KAFU.

However, I am having some unusual problems with my LUA. While I'm using my LUA, I cannot use a lot of regular features and software that I normally can use with my Admin account. Features and software such as YouTube and Flash Player, and even Yahoo email doesn't function properly. Plus, there's a forum that I post at(community.beliefnet.com) where I cannot log in when I'm using my LUA.

I don't know what know sort of problem that I'm having with this and I've talked to someone about this via private message and they told me that this shouldn't happen in a LUA, therefore, if anyone can offer help with this, I would really appreciate it.

 

LUA is only a user account. Did you remove your admin account from the admin group, thereby creating a user only account? There are some problems that can be formed from doing this. If so, create a new user only account and try everything again to see what happens.

A user account is one that is restricted from modifying anything it does not own or that is prescribed in the default security template. I have no idea how much you know of this, but it boils down to a user being read and execute only from c: drive root items, c:\windows and c:\program files. As well, all Documents and Setting directories are denied except for the current logged in user.

So, depending on what you are trying to do, it could be a number of things. But all roads "should" lead back to either it being a demoted admin account and the problems that brings, or simply that the user account does not have the correct privelages.

Sul.

 

No, I didn't remove may admin account from the admin group.

Actually, I don't think that I know anything about that. What you just said sounded like Greek. Unless of course, it has been explained to me in a more rudimentary way.

Well, there's no demoted admin account, however, why would the Limited User Account not have the correct privelages?

Oh, and BTW. I just read something that the person that I was conversing with via private message said, and they said that the things I had mentioned that I had problems with, must work in a LUA with SRP enabled. Well, unfortunately I don't have SRP enabled. Could that possibly be the problem?

 

Mmm.

LUA is another meaning for being a Basic User. This "group" exists from the start, the same way the Administrator group does. When windows is installed, every file and folder that it installs have certain rights applied. Administrators get to read AND write everywhere, while Users can read but only write in LIMITED places.

For example only the admin can install a program that writes its files to c:\Program Files. A User cannot because they are restricted. But a user may install a program if it only writes files to MyDocuments, because a User does have full rights there. This is the mechanism that keeps you safe when you use LUA -- only an Admin can do many things that might be detrimental. So being a User everyday greatly reduces the risks.

Now, you make note of SRP. That is Software Restriction Policy. In your case it sounds like you are going to use SRP to create a Default-Deny situation, where everything is denied from running except your specific files or folders. But for the moment, forget about SRP if you have not set it up. It is not part of the problems you are having unless you have already started mucking with it.

If I understand this correctly then, you have created a new account, lets call it FRED. FRED is a user only, not admin. Now, when you log in as FRED, you are saying there are some things FRED cannot do that the ADMIN could do.

If your system is still at defaults, then when FRED was created in the User group, FRED was denied certain things. If what you are trying to do is not allowed to Users, then FRED will not be able to, simple as that.

For a real-world example, suppose the ADMIN installed Opera into c:\program files. Suppose the Admin also did not use multiple profiles? So now, the profile for Opera exists within c:\Program Files. When FRED starts Opera, and Opera needs to modify something in the profile, guess what, FRED cannot because FRED is only a User, and Users are restricted in c:\Program Files.

Maybe not the best example for your exact situation, but you should get the idea that Users have restritions, and something as simple as where the files live can effect the User. If for some reason the security settings for Users or perhaps a specific directory have been modified, that too can cause restrictions.

I can guess, give you a dozen different things that might be happening. Or, you could give us some more specific details. For instance, does youtube open and play videos, just that the flash download utility will not save anymore? Maybe that would be because it is trying to save it somewhere that is off-limits for a User. You see that is a specific detail that might have an easy answer.

Sul.

 

What OS are you using? What browser do you use?

What security apps are you using, and what's 'KAFU'?

 

See here.

 

Thank you.

 

A new limited user has its own settings for your software.
The settings within your original admin account does not apply to them. Try changing the account type.

 

Update! My computer's been running slow, therefore, I did a whole lot of scans to see if I had some hidden malware on my computer. Well, I used Symantec's online Trojan Vundo scanner and it found 6 Vundo infections and suspended 5 processes.

Well, shortly after that I switched over to my LUA and lo and behold!...I was able to do all the things that I had mentioned in post #1. Youtube and Flash Player were now functioning, I was able to use Yahoo email, plus, I was able to log into Beliefnet's forum. .....Therefore, go figure.

However, my computer is still slow, plus, I'm having connectivity problems, however, I called my ISP and they confirmed that I am actually having connectivity problems, and they're having someone come out this weekend to look at it.

Therefore, once this connectivity problem gets fixed, it looks like I will be good to go.

 

Congrats RCGuy I'm glad you finally solved this issue.

Just to double check (and make sure you are really virus free) I'd run Malwarebytes Antimalware and maybe Hitman Pro too just to be sure. Second (and third) opinions never hurt

 

Thanks, zopzop.