TweakUI and LUA (Limited User Account)

Hello Wilders friends.

Just installed TweakUI (using administrator privileges) in order to easily disable autoplay of flash drives and CD/DVD's.
Problem is that, in a Limited User Account (LUA), windows does not automatically block autoplay on pens and CD's. Instead, it asks what to do (which is what I had specified in each drive's Properties > Autoplay settings).

Is it some kind of bug on my system (XP SP2 Home) or is it just that restrictions implemented with TweakUI in an administrator account do not transfer to a LUA ?

By the way, I have a pen drive (just one, the other ones behave OK) that, no matter how I configure its autoplay settings, insists on opening (through explorer) automatically when I insert it (in a LUA). Does someone have any ideas on this?

Any help is much appreciated.

I hope you are enjoying the end of the year.

Jomsviking

 

Hello,
You cannot set the asked for settings as LUA, you must be admin to do that. Maybe RunAs could work - or editing through security policies.
Mrk

 

I temporarily change the LU to an Admin acct, make the changes I need and then switch the acct back to a LU.

 

HAN's suggestion was on the money. I changed each LUA temporarily to Administrator status, used TweakUI to disable autoplay of CD/DVDs and flash drives in each account, and then changed the accounts back to LUA status, and now everything works as it should.

It's strange though, that changes made in autoplay features with TweakUI in an administrator account do not extend to the other accounts in the system; it is necessary to use TweakUI in each account, with admin. privileges.

Thanks to Mrkvonic and HAN for your help.

 

How are you changing the Limited user account to have temp admin priv? Are you trying to harden your system?

 

I'm not sure I understand your question.
Anyway, maybe my posts were not clear. So here's another attempt:

1- I want to disable autoplay of CD/DVDs and USB drives on my system, in all accounts, both administrator and LUA ones. For this, I installed (in an administrator account) TweakUI.

2- I supposed that, by using TweakUI in an administrator account, there would be no need to use it in other accounts, as the changes made as administrator would transfer/apply to all other accounts, irrelevant of account type. Hence my first post on the subject.

3- This supposition was wrong. You have to run TweakUI in every account and disable USB and CD/DVD drives. For this, you will need administrative privileges (in a LUA, TweakUI does not show the advanced Autoplay settings), so you will have to temporarily convert LUAs in administrative ones, apply the changes, and then change them back to LUA.

4- This is not logical, in my opinion. One would expect that changes made with TweakUI from an administrator account - regarding autoplay features, that is; some settings are of course user-dependant - would automatically transfer to LUAs.

I don't know if wanting to disable autoplay is considered hardening but, from my point of view, that's how windows should be distributed/installed in the first place: with no autoplay features.

 

I just looked through my old notes about disabling AutoRun.

1) Disabling manually: in HKEY_CURRENT_USER, NoDriveTypeAutoRun Key;
then repeat for all HKEY_USERS profiles and user logins

2) Using TweakUI: [x] Disable Data CD AutoRun
then repeat for all user logins


----
rich

 

Yes, disabling autorun is hardening (IMO)

 

dont really need to disable auto run if your using vista thou since it will prompt you.
lodore