Is there any way that I can convince Vista that Frank the Administrator and Frank the User are the same person, and that Vista should quit trying to tell Frank the User that he does not have permission to perform actions on his very own Franking Computer?
So that I don’t have to go give myself permissions all the Franking time?
See here. I recommend method #1 as the most painless method.
Is User Account Protection the thing that when I, for instance, open a file in a folder, modify it, and then “Save As” under a different name in the same folder, informs me that I don’t have write permission to that folder?
No. That is a problem with File System ACLs. I’d tell you how to address the problem, but I don’t use Vista (either personally or professionally), and don’t have a running copy anywhere. Basically, you should be able to right-click the folder in Explorer (while logged in as your Administrator-level account), select Properties, and choose the Security Tab. You will see the user accounts and groups that have been assigned rights. You probably need to add your user-level account with more than Read-Only permissions (your user-level account will probably inherit permissions via the Local Users group, so look for that).
Si
Do you have two separate users, both called Frank or some variation thereof, or just one? If it’s the latter, you simply need to disable UAC. If it’s the former, then this is a security feature of Windows / NTFS and you will need to log in with your admin account and grant the user account additional privileges. Go to Control Panel| Admin Tools | Computer Management and assign groups as desired, then in Windows Explorer, assign file permissions as desired.
Login as Administrator. In Start Menu, click Control Panel. Under “User Accounts”, click Change account type. Select Frank and click Properties. Make yourself Administrator.
If you are a member of the Administrator group, but still can’t save files wherever you want, you have to check the Access Control List on the folder in question, as mentioned above.
As Si has already said, this is a consequence of NTFS file level permissions.
There are some basic permissions:
N - No Access. This overrides all other permissions. Use with care.
R - Read Only access.
RX - Read and Execute.
L - List. Allows you to see what’s there but no more. Useful if you’re traversing to a subfolder to which you have more rights.
M - Modify access. This allows you to do most things.
W - Write. You can write to the folder.
F - Full Control. This allows you to do everything, including set permissions for other users. Use with care.
NTFS permissions are also additive, apart from the No Access which overrides everything.
So what you to do is give your user account Change access to that directory. To do this, in the Start Menu, go to Windows Explorer, right-click the entry and select Run as … Plug in your admin account credentials, UAC may kick in, just to be annoying. Then browse to the folder desired, right-click, Properties, click the Security tab. At the bottom of the Group or User names box will be the Users group. Click that then click Edit and grant the group Modify access in the Allow column.
That said, if you have a set of directories shared between user IDs - it is usually better to set up specific groups and make users members of those groups as required. For instance, you may share your computer with your children and not want them to see your porn stash. Equally, you will want access to their data. Doing it all explicitly by user ID is certainly possible, but doing it all by groups makes things much easier in the long run.
You can do all this from the Command Line, but it’s rather different.
Thanks, all, for your answers. I appreciate them.
It’s my personal computer; I’m the only one that ever uses it. I’ll just grant myself full control.
Just as an FYI, the permission-related security features in Vista aren’t just for a multi-user environment. They’re also there to provide protection against malicious software by making it more difficult for something running under a regular user account to fully infiltrate the system.
However, assuming you’re careful about keeping your system patched and not doing things that are likely to get your system infected, you should still be okay.
You may need to take ownership of the file first. Possibly best if you do it on the entire hard disk.
Right click on the hard disk and select properties.
Go to the Security Tab
Click the Advanced button
Click the Owner tab
Click the edit button
At this point you will see a list of names you can choose. If ‘Frank’ is among them, then select it. Check the ‘replace owner on subcontainers and objects’ box and click OK.
If you don’t see your account name then click on ‘other users and groups’ and enter it into the box. Click OK. You will now see Frank on the list.
Actually, the solutions proposed by si_blakely and Quartz are probably not necessary if you disable UAP (although they will work fine). There are directories in Vista that by default permit only administrator access. If you are logged in as an administrator and have UAP enabled, you will have to acknowledge that you are writing to a protected area. If you disable UAP, you will not have to do that extra step.
However, there are some folders created under Vista that even administrators don’t have access to by default. For instance, the folders for other users under C:\Users, and some of the check-point archive folders. Vista will automatically give you permission when you try to access the folder through Explorer and you confirm a prompt.
I’d also like to point out that there’s a very good and rational reason for not having default full access to all files on your system. Any program you run inadvertently while logged in (like say, a virus or trojan) will have all of the same read & write permissions that you do, and if you’ve disabled protection in the wrong place, you could be in a world of hurt.