New User Account

  • Thread starter Thread starter JamesJ
  • Start date Start date
J

JamesJ

Since lurking in this ng I've learned that creating a non-administrative
user account
will enhance security.
How does this work?
I'm the only user and the Administrator.
If I create another account will I need to create a password for both
accounts?
When my system starts will I be prompted as to which user is to log in or
can
I select a user to automatically log in?
Can I delete the user account using Vista Basic?

James
 
JamesJ said:
Since lurking in this ng I've learned that creating a non-administrative
user account
will enhance security.
How does this work?
I'm the only user and the Administrator.
If I create another account will I need to create a password for both
accounts?
When my system starts will I be prompted as to which user is to log in or
can
I select a user to automatically log in?
Can I delete the user account using Vista Basic?
Click to expand...

General Recommendations For Setting Up Users In Vista:

You absolutely do not want to have only one user account. Like XP and all
other modern operating systems, Vista is a multi-user operating system with
built-in system accounts such as Administrator, Default, All Users, and
Guest. These accounts should be left alone as they are part of the operating
system structure.

You particularly don't want only one user account with administrative
privileges on Vista because the built-in Administrator account (normally
only used in emergencies) is disabled by default. If you're running as
Administrator for your daily work and that account gets corrupted, things
will be Difficult. It isn't impossible to activate the built-in Administrator
to rescue things, but it will require third-party tools and working outside
the operating system.

The user account that is for your daily work should be a Standard user, with
the extra administrative user (call it something like "CompAdmin" or "Tech"
or the like) only there for elevation purposes. After you create
"CompAdmin", log into it and change your regular user account to Standard.
Then log back into your regular account.

If you want to go directly to the Desktop and skip the Welcome Screen with
the icons of user accounts, you can do this:

Start Orb>Search box>type: netplwiz [enter]
Click on Continue (or supply an administrator's password) when prompted by
UAC

Uncheck the option "Users must enter a user name and password to use this
computer". Select a user account to automatically log on by clicking on the
desired account to highlight it and then hit OK. Enter the correct password
for that user account (if there is one) when prompted. Leave it blank if
there is no password (null).

Malke
 
Done.
I'm just going to have trouble getting used to all the restrictions.

Thanks,
James

Malke said:
JamesJ said:
Since lurking in this ng I've learned that creating a non-administrative
user account
will enhance security.
How does this work?
I'm the only user and the Administrator.
If I create another account will I need to create a password for both
accounts?
When my system starts will I be prompted as to which user is to log in or
can
I select a user to automatically log in?
Can I delete the user account using Vista Basic?
Click to expand...

General Recommendations For Setting Up Users In Vista:

You absolutely do not want to have only one user account. Like XP and all
other modern operating systems, Vista is a multi-user operating system
with
built-in system accounts such as Administrator, Default, All Users, and
Guest. These accounts should be left alone as they are part of the
operating
system structure.

You particularly don't want only one user account with administrative
privileges on Vista because the built-in Administrator account (normally
only used in emergencies) is disabled by default. If you're running as
Administrator for your daily work and that account gets corrupted, things
will be Difficult. It isn't impossible to activate the built-in
Administrator
to rescue things, but it will require third-party tools and working
outside
the operating system.

The user account that is for your daily work should be a Standard user,
with
the extra administrative user (call it something like "CompAdmin" or
"Tech"
or the like) only there for elevation purposes. After you create
"CompAdmin", log into it and change your regular user account to Standard.
Then log back into your regular account.

If you want to go directly to the Desktop and skip the Welcome Screen with
the icons of user accounts, you can do this:

Start Orb>Search box>type: netplwiz [enter]
Click on Continue (or supply an administrator's password) when prompted by
UAC

Uncheck the option "Users must enter a user name and password to use this
computer". Select a user account to automatically log on by clicking on
the
desired account to highlight it and then hit OK. Enter the correct
password
for that user account (if there is one) when prompted. Leave it blank if
there is no password (null).

Malke
Click to expand...
 
JamesJ said:
Since lurking in this ng I've learned that creating a
non-administrative user account will enhance security.
Click to expand...

Creating *and using* a LUA (Limited User Account) for your day-to-day
activities will...
How does this work?
Click to expand...

....by offering the programs that you run less privileges than they would
have, had you executed them in any of the more privileged accounts.

Sort of 'minimalist' in the sense that programs are only given enough
power to do what they must - and any malware leveraging a flaw in one of
those programs would be as limited in scope.
I'm the only user and the Administrator. If I create another
account will I need to create a password for both accounts?
Click to expand...

No, but you can if you want to.
When my system starts will I be prompted as to which user is to log in
or can I select a user to automatically log in?
Click to expand...

I haven't done it, but I believe you can auto logon to the LUA.

My Vista machine has each family member as a separate passworded logon -
plus the Protected Administrator account (which I seldom use).
Can I delete the user account using Vista Basic?
Click to expand...

What user account are you planning to delete - and when?

Deleting or demoting the last available administrator level account is
*not* a good idea - does that help? :o)

As Malke suggests, create at least one *other* admin level account
before attempting to demote or delete any of your previous ones. It is a
good idea to have a spare, so that you don't have to activate the hidden
"Built in Administrator" account to get out of a jam.

Vista hid that "Real Administrator" account as a way of enforcing the
use of LUA upon the user (as the "Protected Administrator" account can
somewhat mitigate the 'malware runs as admin' scenario).

Still, to avoid those annoying elevation prompts (security can be such a
pesky thing), people will still migrate toward 'admin' - but on Vista
you will still have "Consent Prompts" so Protected Admin loses some of
it's sex appeal (no substitute for the real thing). This prods users
even further into userland where they belong or makes them defeat the
whole thing they call UAC because it is such a PITA.
 
I wouldn't bother, but it has been suggested - mostly, I suppose, to
avoid accidental demotion necessitating activating the hidden built in
admin account.
 
Ok.

Thanks,
James

FromTheRafters said:
I wouldn't bother, but it has been suggested - mostly, I suppose, to avoid
accidental demotion necessitating activating the hidden built in admin
account.
Click to expand...
 
Back
Top