Why the default account is an administrator and not a standard use

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

The first user account in Windows Vista beta2 is an *administrator* protected
by UAC (go to management console to see the account type). But why it's not a
*Standard user* protected by UAC?
I think the best is that the first account is by default a standard user
protected by UAC and not administrator and during installation is also
created another account administrator protected by UAC, non visibile, but
with a password chosen by the user. Only in this way there's a chance that
many users will run Vista as standard account.
 
Because you shouldn't (and generally can't) use the built-in account to log
in. After you create the first user, which is put in the administrators
group by default, all subsequent user accounts are "standard" ones by
default. This makes sure you have at least one account to manage your
machine with, without having to use the (super-privileged) built-in
"Administrator" one. As soon as the first admin account has ben created,
"Administrator" becomes unavailable for login except in safe mode. This UAC
protection for the Administrators group is overkill, IMO, but then many
people will omit the creation of standard accounts for their day-to-day
work, so I suppose it's a necessary precaution. It *would* be awfully nice
and thoughtful of Microsoft, to turn off the f(censored)g UAC warnings for
the Administrators as soon as at least one standard account has been created
and initialized (I mean, used at least once), though.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"BillD" <[email protected]> a écrit dans le message de (e-mail address removed)...
| The first user account in Windows Vista beta2 is an *administrator*
protected
| by UAC (go to management console to see the account type). But why it's
not a
| *Standard user* protected by UAC?
| I think the best is that the first account is by default a standard user
| protected by UAC and not administrator and during installation is also
| created another account administrator protected by UAC, non visibile, but
| with a password chosen by the user. Only in this way there's a chance that
| many users will run Vista as standard account.
|
 
Pierre Szwarc said:
This UAC
protection for the Administrators group is overkill, IMO, but then many
people will omit the creation of standard accounts for their day-to-day
work, so I suppose it's a necessary precaution.
Click to expand...

Microsoft should force the users to create 2 accounts: Administrator with
UAC + Standard with UAC.
It *would* be awfully nice
and thoughtful of Microsoft, to turn off the f(censored)g UAC warnings for
the Administrators as soon as at least one standard account has been created
and initialized (I mean, used at least once), though.
Click to expand...

I like UAC warnings for administrators. Anyway in the next RC1 UAC will be
improved to reduce elevation prompts: http://blogs.msdn.com/uac/
Remember that Vista is still in beta.
 
"BillD" <[email protected]> a écrit dans le message de (e-mail address removed)...
|
| Microsoft should force the users to create 2 accounts: Administrator with
| UAC + Standard with UAC.

Agreed.

|
| I like UAC warnings for administrators. Anyway in the next RC1 UAC will be
| improved to reduce elevation prompts: http://blogs.msdn.com/uac/
| Remember that Vista is still in beta.

Each to his own tastes <g> I know it's still Beta. What irritates me is that
so little thought seems to have been put into this feature. It's as though
MS were unable and/or unwilling to learn from user feedback. Also, the
features are frozen by the time the public Beta is released, so it's largely
useless except for bug identification and correction. That's something
important, of course, but no enough by far.
 
I think that two accounts should be created during the install. An
administrator and a standard user. Both should be protected by UAC by
default. You can always turn it off yourself for the administrator if you
desire. It is an extra level of protection for non-expert users which are
the vast majority. It will make them think twice about what they are doing.
I have set up this computer for use as a standard user logged on to a SBS
domain with a separate local admin and another domain admin account. So far
for everyday use UAC is not that intrusive. I do have UAC turned off for the
domain admin account.
 
Pierre Szwarc said:
Because you shouldn't (and generally can't) use the built-in account to
log
in.
Click to expand...

You can if. you assign it a passowrd.

Control Panel---->Administrative Tools----->Computer Management---->Local
Users and Groups----->Users.

Then right click on the Administrator account in the middle column and
select "Set Password". The rest is self-explanatory. This account will
still be hidden from the login screen, but you'll now have a password for
the hidden Administrator account.
After you create the first user, which is put in the administrators
group by default, all subsequent user accounts are "standard" ones by
default.
Click to expand...

Not in my case. I created a total of three accounts. All were
Administrators by default. I had to manually change two of them them.
That's been Microsoft's biggest screw-up for years. Most users are too
ignorant or lazy to change an account (or two...) from an Administrator to a
User.

On the other hand. a of software progammers (who should know better) write
software with use by any user in mind, but then require everyone have
administraive privlidges (Symantec - A "Security Company" is a big offender
in this area).
 
You're correct, unfortunately. Let's hope MS changes that before RTM. As for
offending the security principle, up to Vista, MS itself was the biggest
offender. Just as the MS developpers all assume every user out there has a
19" 1600*1200 monitor, if one judges by the screen real estate required by
the new GUI and widgets.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Scott" <[email protected]> a écrit dans le message de
news: (e-mail address removed)...
[snip]
|
| On the other hand. a of software progammers (who should know better) write
| software with use by any user in mind, but then require everyone have
| administraive privlidges (Symantec - A "Security Company" is a big
offender
| in this area).
|
 
Back
Top