Security Question

[solar]

Hi there... I need to get something straight with the underlying security layers or permisisions of vista (ultimate).

I have created a group SUPERUSER in which I have added my admin user account (NOTE, not administrator but another account with Administrative privileges, i.e. is part of group Administrators).

I have only added this one account to the superuser, and NOT the administrator.

Now... This is because I wish that the superuser has a folder lets say where not even the other administrators can access!

Question is this: Should I add SYSTEM as well as SuperUser (both with full rights) and remove ALL OTHER GROUPS to this folder..

Or CAN I LEAVE OUT SYSTEM? If I leave out system, can the folder get unstable due to hmm attempts to defragment or other things.

Also, if system is part of the groups which can have full rights.. Does that compromise security? i.e. Can a script or a cloaked accesser access then this folder through running as a SYSTEM process?

Final question as well.. when creating the SuperUser group... should I add system to it? (As in, is SYSTEM , implicitly part of the adminstrator group or not?)

Cheers... I really want to be the 'boss' of my system.. I allow other administrators on this system but to be honest.. Vista is so insecure.. I mean another administrator accounts just need to type net [user] PASSWORD or so and voila.. has changed the password and can access the account.

I really think this is ridiculous.. although it is good of course when you wanna save your computer... However... I want one SUPERADMIN to be above all accounts, inncluding the internal administrator... As mentioned, can anyone give me advice on if SySTEM has to/doesn't have to have access to that folder(s) .

PS. If I do this to a drive root... would it be crazy NOT to add SySTEM to it? (again with the same reasonings).

PPS. Of course.. there is also a possibility or adding SYSTEM temporarily if I would wish it to defrag the drive/folder or other operations. I just need to know if it is stable in the course of time during 'normal' use.

And FINALLY LOL (sorry), I would like to make a script which I could run on a folder or file or drive (a location) which automatically removes all user rights and adds only SuperUser with full rights. Alternatively add more usability like.. exporting current settings first.. so that it can be reversed by a simple argument.

Any ideas on all this? Please... I really thought security by now should be able to become quite persistent in vista ultimate.

waiting for useful ideas : )

(SO far, I only have provided help on these forums.. no one ever seems to bother replying to my issues lol )

solar

Edited February 6, 2009 by solar
made topic title conform to rule 11

[solar]

Oh sorry Geek.. I didn't know the topic was incorrect :/

[cluberti]

If this is a local folder that is not accessible over the network, I would suggest SYSTEM account also have access. However, if this is accessible over the network, and you don't store any Windows-needed or service-needed files here, removing SYSTEM should not be ultimately harmful.