|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
09-07-2007
| #1 (permalink) |
| | Administrator account - Built-in vs. new one It is generally recommended to use a standard account for day-to-day operations, and to reserve the administrator account for any actions that affect all user(s) on a system. Even when there is only one user, say on a home PC, if I understand things correctly, it is best to have both an administrator and a standard account. But what is the better alternative, if any: enable the built-in administrator account and convert the administrator account that is created automatically when installing Vista to a standard one; or create a second, standard account alongside the administrator that is created when installing Vista, and leave the built-in administrator account disabled. Any thoughts or recommendations? -- Luc |
My System Specs |
|
09-07-2007
| #2 (permalink) |
| | Re: Administrator account - Built-in vs. new one Luc wrote: Quote: > It is generally recommended to use a standard account for day-to-day > operations, and to reserve the administrator account for any actions that > affect all user(s) on a system. Even when there is only one user, say on a > home PC, if I understand things correctly, it is best to have both an > administrator and a standard account. > Correct. Routinely using a computer with administrative privileges is not without some risk. You will be more susceptible to some types of malware, particularly adware and spyware. While using a computer with limited privileges isn't the cure-all, silver bullet that some claim it to be, any experienced IT professional will verify that doing so definitely reduces that amount of damage and depth of penetration by the malware. If you get infected/infested while running as an administrator, the odds are much greater that any malware will be extremely difficult, if not impossible, to remove with formating the hard drive and starting anew. The intruding malware will have the same privileges to all of the files on your hard drive that you do. Vista's UAC adds an additional layer of protection, even if you don't enter a password each time it warns you; the important thing is that you're being warned, and can then make your own decision. A technically competent user who is aware of the risks and knows how to take proper precautions can usually safely operate with administrative privileges; I do so myself. But I certainly don't recommend it for the average computer user. Quote: > But what is the better alternative, if any: enable the built-in > administrator account and convert the administrator account that is created > automatically when installing Vista to a standard one; or create a second, > standard account alongside the administrator that is created when installing > Vista, and leave the built-in administrator account disabled. > > Any thoughts or recommendations? > The built-in Administrator account really was never intended to be used for day-to-day normal use. The standard security practice is to rename the account, set a strong password on it, and use it only to create another account for regular use, reserving the Administrator account as a "back door" in case something corrupts your regular account(s). I create both an administrative account and a regular account for my use, reserving the built-in Administrator account (after renaming it and placing a strong password on it) for emergency use should my "normal" administrator account become damaged or otherwise unavailable. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrand Russell |
| My System Specs |
|
09-07-2007
| #3 (permalink) |
| | Re: Administrator account - Built-in vs. new one Hi Bruce, Thank you for your detailed explanation. To be on the safe (safest) side then, I had better create a second, standard account for myself (I'm the only user, by the way) to be protected best against malware, use the administrator account that was created when installing Vista only for those actions that do require administrator-privileges, and leave the built-in but unabled administrator account untouched (the built-in one doesn't seem to be subject to UAC, if I understand correctly, so doesn't provide quite the same protection that any other administrator account does). -- Luc "Bruce Chambers" wrote: Quote: > Luc wrote: Quote: > > It is generally recommended to use a standard account for day-to-day > > operations, and to reserve the administrator account for any actions that > > affect all user(s) on a system. Even when there is only one user, say on a > > home PC, if I understand things correctly, it is best to have both an > > administrator and a standard account. > > > > Correct. Routinely using a computer with administrative privileges > is not without some risk. You will be more susceptible to some types of > malware, particularly adware and spyware. While using a computer with > limited privileges isn't the cure-all, silver bullet that some claim it > to be, any experienced IT professional will verify that doing so > definitely reduces that amount of damage and depth of penetration by the > malware. If you get infected/infested while running as an > administrator, the odds are much greater that any malware will be > extremely difficult, if not impossible, to remove with formating the > hard drive and starting anew. The intruding malware will have the same > privileges to all of the files on your hard drive that you do. > > Vista's UAC adds an additional layer of protection, even if you > don't enter a password each time it warns you; the important thing is > that you're being warned, and can then make your own decision. A > technically competent user who is aware of the risks and knows how to > take proper precautions can usually safely operate with administrative > privileges; I do so myself. But I certainly don't recommend it for the > average computer user. > > Quote: > > But what is the better alternative, if any: enable the built-in > > administrator account and convert the administrator account that is created > > automatically when installing Vista to a standard one; or create a second, > > standard account alongside the administrator that is created when installing > > Vista, and leave the built-in administrator account disabled. > > > > Any thoughts or recommendations? > > > > The built-in Administrator account really was never intended to be > used for day-to-day normal use. The standard security practice is to > rename the account, set a strong password on it, and use it only to > create another account for regular use, reserving the Administrator > account as a "back door" in case something corrupts your regular > account(s). > > I create both an administrative account and a regular account for my > use, reserving the built-in Administrator account (after renaming it and > placing a strong password on it) for emergency use should my "normal" > administrator account become damaged or otherwise unavailable. > > > > -- > > Bruce Chambers > > Help us help you: > http://dts-l.org/goodpost.htm > http://www.catb.org/~esr/faqs/smart-questions.html > > They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety. -Benjamin Franklin > > Many people would rather die than think; in fact, most do. -Bertrand Russell > |
| My System Specs |
|
09-07-2007
| #4 (permalink) |
| | Re: Administrator account - Built-in vs. new one Luc wrote: Quote: > Hi Bruce, > > Thank you for your detailed explanation. To be on the safe (safest) side > then, I had better create a second, standard account for myself (I'm the only > user, by the way) to be protected best against malware, use the administrator > account that was created when installing Vista only for those actions that do > require administrator-privileges, and leave the built-in but unabled > administrator account untouched (the built-in one doesn't seem to be subject > to UAC, if I understand correctly, so doesn't provide quite the same > protection that any other administrator account does). You're welcome. However, I don't recommend leaving the built-in account disabled. If you do that, you'll be unable to use it when you need it. I'd recommend enabling it, renaming it, and setting a strong password on it. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrand Russell |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Built-in Administrator Account - Change Name | Tutorials | |||
| Built in Administrator account disabled? | Vista account administration | |||
| Built-in administrator account | Vista General | |||
| Built-in administrator account | Vista account administration | |||
| Built-in Administrator account | Vista security | |||
