[SOLVED] Staff/Students can delete Windows directory contents?!
I'm not sure if this is normal behavior or not for a Windows Domain. All clients are running Windows XP Pro and servers are 2003 Standard/Enterprise. All users are configured as standard users with no elevated privileges. For whatever reason, yesterday I was playing around in my teacher clone account on a student computer and was testing to see if something worked, but noticed I could also delete folders and add folders to the Windows directory and Program Files. That shocked me, I wasn't expecting that. I tried a student account too, and to my surprise, I could do the exact same thing. These systems were deep frozen so I wasn't concerned about data loss, but I'm concerned that they have that level of privileges. I've already gone into Active Directory and double checked that no users are Administrators and no groups the users are a part of are Administrators. Policies are being applied, I still can't access Computer Management and everything else that should be locked down according to policy, is. But is this normal?! Have they been able to do this all along?
One of the things that made me clue in before I tried the Windows dir and the Program Files dir, was that I could go into documents and settings, and open another user profile folder that I had just logged in as. Correct me if I'm wrong, but those should all say Access is Denied upon trying to access a Documents and Settings folder that isn't yours.
Any thoughts of how to stop this? I'm puzzled. Students and staff obviously don't know they have this privilege but I'd rather fix it fairly quick. I don't want to band aid fix it either, I'm curious as to what actually made this happen.
Thanks as always :D