Installing games/apps to only 1 W7 user account?

[TJCS]

Possible to install your games and apps like EA Origin to one user-account only, so that there will be no background services running or snooping unless you log onto that account?

I am hoping to do run all my the work and private stuff on one clean account, and have the games and mandatory crapware installed in another isolated account.



Ideas? Group Policy maybe?

 

[VirtualLarry]

Dual-boot two copies of the same OS on the same hardware. Put all your DRM into one install, and all of your private data in another.

 

[TJCS]

Dual-boot two copies of the same OS on the same hardware. Put all your DRM into one install, and all of your private data in another.

I thought about Dual-booting too, but having to reboot every time to switch between them is not an ideal solution for me. Also, this method doesn't really stop Origin from scanning your hdd...

Sandboxie seems like a promising solution though though. This user did a guide on how to block Origin from scanning your hdd using Sandboxie(free-version).

Thanks for the input though, if you think of a way to limit Origin's access please let me know.

 

[Gooberlx2]

Maybe install all your games to a particular "Games" folder, and restrict permissions on that folder to only that single game user?

The sandboxing thing is a nice idea if you're concerned, though surely a hassle.

 

[TJCS]

Maybe install all your games to a particular "Games" folder, and restrict permissions on that folder to only that single game user?

The sandboxing thing is a nice idea if you're concerned, though surely a hassle.

I know that under Windows 7 you can define a location where programs can be executed for a given user, but is there a way to circumvent where the program may have access to?

For example: install the program on C: but block access to D: and E:

 

[kamikazekyle]

Folder permissions, essentially, like Gooberlx2 said. You'd have to do a manual Deny on the parent folders for everything you don't want Origin to access. Say Origin runs under the account Play. You'd go to the folders where you don't want it to access (including drives) and add the user account Play with a Deny for Full Control. That way, even if your Play account is part of Users or something, they'll be explicitly denied access. You can do similar if you want to deny your Work account access to your Games folder. Direct all game installs to a parent folder for good measure.

If Origin tries executing under your Work account, you can remove the autorun or set the Origin excutable's permissions with your Work account as Deny Full Control.

The key here is explicit deny's on the ACLs. Just don't go overboard and deny your Play account access to somewhere critical. For added walling, you can remove the Play acocunt from admin access and use your Work/Admin account credentials whenever something needs Admin access.

Also, you can remove the Start Menu and Desktop icons as you see fit. If it shows up on all accounts it's buried in the Public area of Users.

Besides that, you're probably looking at something like Sandboxie or other software to ..well...sandbox Origin or the program in question.

 

[TJCS]

kamikazikyle,

Thank you for that input, I find the system-wide permissions explanation interesting and helpful.

For added walling, you can remove the Play acocunt from admin access and use your Work/Admin account credentials whenever something needs Admin access.

To clarify, do you mean to give the Game Account standard/non-admin user account status?​