simple ques about standard and admin

  • Thread starter Thread starter Puppy Breath
  • Start date Start date
P

Puppy Breath

They're both protected in Vista. The only real difference is that if you can
password-protect the admin account, which prevents standard users from
elevating their privileges (if they don't know the password). Still, it
makes sense to use a standard account for your day-to-day stuff. There's
really no reason to use an admin account for day-to-day stuff. I only use my
admin account for those rare situations where you can't just elevate from a
standard account.
 
I am new to Vista. I previously used XP and set up an admin account that I
used when needed. Otherwise, I did all of my activity on the limited
account. My question is; with all of the new UAC controls in vista, is it
necessary to do a similar set-up? In vista, can I just use and operate from
an admin account? Or is that unsafe?

Thanks!
 
The password protect isn't much of an issue since it is just me using the
computer. So I am still not clear why it would be better to even set up a
standard account and to operate from that.
I know in XP it is a bit more work to have to switch user accounts to the
admin to do anything. So if I operate from a standard account in Vista, will
it be more "work"? Will I have to continually switch to an admin account all
of the time if I want to do anything?
Sorry to be so petty. I am just trying to get a clear picture of the new
set-up. Thank you!
 
The password on accounts is still important, even though you are the only
user on the PC. Without a password, anyone who can break-in and sit at the
computer has access to all of your private information such as bank account
information or any other private information on the PC.

Also, any malicious program that accesses the system can more easily use
your admin account.

The way you operated on XP is excellent. Use the same setup for Vista and
you will add even more layers of protection.
 
Hello,

I would personally recommend using an admin account for your situation.

Using a standard user account would involve a slight amount of extra work,
as it would require you to enter a password every time you wanted to perform
as an administrative action, as opposed to just being asked yes or no when
running as an administrator.

But, the reason why I suggest using an administrator account, is that some
programs may get confused between the two users on your system that you are
using.

When you perform an administrative action from a standard user account, you
are really using your other administrator account to do that operation, and
this can lead to some issues.

When you are using an administrator account, there is only one account
(although the protection is still there), and so you avoid these issues.

That being said, it is likely that it would be even more secure to use a a
standard user account *only* for non-admin things, and log out of that
standard user account and log in to an admin account in order to *only* do
admin things, and then never mixing the two (never entering your admin
password from your standard user account).


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/
 
hmmmm...? I understand what all of you are saying, I guess I am not
convinced either way. It sounds like using a standard account for non admin
things and using an admin account for admin things is the most secure way to
go.....but the most work. In addition, this set-up and the extra work may
not be entirely necessary. Perhaps the ambiguity in the answer to this
dilemma lies in the fact that we are taking precautions based on risk. This
particular risk cannot be accurately measured.

So, my interpretation is.......If any sort of security breach (even though a
very small risk) is totally unacceptable, then I should set up the multiple
accounts and operate accordingly. If I am willing to take a bit of risk in
order to operate my computer without the bother of passwords and multiple
accounts, then I will just run as the admin account.

I think I will go with the latter.

Should I set-up a personalized admin account or just use the default admin
account?

By the way, thanks so much for your advice.

gpzbc
 
Yes, this is a risk management decision :).

From least secure to most secure:

1) Using only an admin account

2) Using a standard user account, and then elevating to an admin account
when doing an admin operation

3) Using a standard user account ONLY for non-admin tasks, and an admin
account ONLY for admin tasks, and never mixing the two

The more secure decisions have less risk, but are more inconvienent.

I certainly wouldn't say that if you follow the most secure way you will
never have a security incident. However, you are more at risk of such an
incident by choosing a less secure method.

That being said, I am personally content to run in an administrator account
on my machine, because I think it is an acceptable risk for me. You are
right that these are things that are hard to quantify in order to make a
good call on.

I suggest that you never use the account named "Administrator" (it is hidden
and disabled by default) - it is not protected by UAC and so is very
insecure to use. Any other administrator account is fine to use, and you can
have as many as you want.



--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/
 
Back
Top