Windows 7 Admin & Standard Accounts

Topic

New Reply

Why should a standard account be used in Windows 7 if UAC is turned on? It seems to me the whole point of UAC is for safety and so what extra safety is provided by the Admin account?

Martha
:confused:

Reply | Quote

Replies

Martha,

The one advantage I see is that you can’t do things that UAC will warn you about in an Admin account and then you just click through the warnings because you have become accustomed to them. Back in the days of yore the old “Are you sure [y/n]” prompts in DOS were automatically answered in the affirmative w/o the user’s reading the preceding messages because they just got tired of them and always answered “Y”. That is of course until they entered “Format C:” by mistake when they wanted “Format A:” and the rest is history!:o:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Why should a standard account be used in Windows 7 if UAC is turned on? It seems to me the whole point of UAC is for safety and so what extra safety is provided by the Admin account?

Martha
:confused:

Martha, Welcome to the new Lounge.

I guess my answer to your question would be another question, How comfortable and proactive are you in setting up your PC security and maintaining that security? If your knowledge and experience allows you to keep your PC secure without the extra help Win 7 provides then turn UAC off. If you do not feel comfortable enough yet to keep your PC secure, then leave UAC on. Same with using a Standard account compared to the default Administrator accout. Again, how knowledgable are you in keeping your PC secure?

In my case, my wife and I use the default Administrator account. I feel very comfartable in keeping our PC’s secure. I have UAC turned off on my PC, she has it turned on with her PC. I keep UpTo Date Images on both, so in my case I do feel comfortable in my knowledge to allow us to use our PC’s in this way.

Reply | Quote

Why should a standard account be used in Windows 7 if UAC is turned on? It seems to me the whole point of UAC is for safety and so what extra safety is provided by the Admin account?

Martha
:confused:

Hello,

The UAC, per itself, won’t ensure complete safety. There are security vulnerabilities where the malware will bypass the UAC. That means you cannot trust the UAC to protect you against every possible threat.
Does this mean you should use a standard account instead of an admin account? I can only give you my personal opinion and what I will tell you is that I find standard accounts too restrictive for what I do on my PC. So I use only admin accounts. However, I take additional protection, as I run a security application (Online Armor), which keeps tabs on programs and components running on my computer and only those that I allow can run. Of course, I also run an anti-virus.

Thus my HIPS (Online Armor), coupled with an antivirus and the UAC set at the default Windows 7 level (which I find quite non-intrusive and hardly disturbing), together with what I’d say are rather defensive behavioral habits while using the internet, seem to provide a layer of protection that allows me to choose to use an administrator account.

I also take other precautions, like keeping up to date backups which, in case something would go badly wrong, would allow me to restore my PC to a known safe state very quickly. All this considered, it’s my choice to use admin accounts only. It’s not totally risk free, but it has worked quite well for me.

In your case, it’s your choice to make, your experience, knowledge and habits taken into account. Using a standard account is a least risk strategy. Whether you feel comfortable to make choices that mitigate the risks of using a higher risk strategy is really the key to answer your question. A straight use of an admin account without a risk mitigating strategy has a greater likelihood of bringing you future problems, but that doesn’t necessarily mean that you will have them.

Regards

Rui

Reply | Quote

Running routinely as a member of the Administrators Group is playing Russian Roulette with your system. Any malware that may find its way to your sytem automatically has elevated privileges if you’re logged on as a member of the Administrators Group.

It can also make simple mistakes on your account become global mistakes on the entire PC.

Why make trouble easy?

But don’t take my word for it. Look through these threads of folks asking for help and see how many of them are running using an account that is a member of the Administrators Group.

All my machines have at least two Administrators Group accounts (one being the default Administrator, which is disabled) but I rarely logon to such accounts. I use them only for deep maintenance, or global installations. For all other activities, I use a Power Users account, with UAC active.

I want to know what’s going on with my PC’s.

I also use drive images for backup, but I’d just as soon not have to restore a backup to a trashed machine. The only times I’ve used my drive images have been for testing purposes, or due to hard drive failure, or for a seamless hardware upgrade.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Running routinely as a member of the Administrators Group is playing Russian Roulette with your system. Any malware that may find its way to your sytem automatically has elevated privileges if you’re logged on as a member of the Administrators Group.

I must have steel nerves, then :). My first PC was bought around 1988 and I was never infected by any virus or malware, regardless of what OS I have used. I have used all Microsoft’s OSes, even the infamous Windows ME. The current Microsoft OSes are the most secure they have ever created and the current security software is the best ever, too.
Every defense strategy includes a degree of compromise to offer a certain degree of security. I am comfortable with the degree of security I have now. With my 10 year old starting to use Facebook intensively, I may have to harden security somewhat, at least on his laptop.

To add the discussion. not even regular accounts will ensure full protection. There are privilege escalation vulnerabilities too.

In the end it’s one’s habits and strategies that account for one’s security issues. I haven’t fared bad in the last 22 years.

Reply | Quote

I may be playing “Russian Roulette” with my PC’s, but it seems successfully so far. No viruses, no malware. I am very proactive with my security and believe as Rui does that I can protect my PC’s as well as MS can. I do keep Up To Date Images of my PC’s in case while “playing” with them I screw something up, and so far the only restorations on my laptop were because of my personal actions. I have never had to restore my wife’s PC (She does not play the way I do). Perhaps for the average user, who is not proactive with their PC security (let’s face it, there are most likely many more in this group than in my group) the separate Standard User account is a great idea. For me, it’s too restrictive.

Reply | Quote

I come here to offer help and advice to Windows users who are having difficulties with their machines. In my view, to advise anyone that it is okay to always use an account that is a member of the Administrators Group is irresponsible.

Best practices imply the use of a standard user account for everyday use, and the use of an Administrator account only for specific tasks which require those privileges and only for the duration of those tasks.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I come here to offer help and advice to Windows users who are having difficulties with their machines. In my view, to advise anyone that it is okay to always use an account that is a member of the Administrators Group is irresponsible.

Best practices imply the use of a standard user account for everyday use, and the use of an Administrator account only for specific tasks which require those privileges and only for the duration of those tasks.

Users are owners of their machines. They should be able to know that there is not a single way to do things. There are many ways to achieve the goal of having malware free computers. The standard user account is just part of a possible strategy to accomplish that. I won’t even bother to comment on the irresponsibility statement, but to say that I do not share your vision of a single truth world.

My belief is that people should have the information that enables them to make decisions about their own computers. That’s what I do. I have no intention to preach to anyone on how they should use their computers or anything else, for that matter. If you do, that’s your decision. In this, as in anything else, people read and make their choices. That works for me.

Reply | Quote

I come here to offer help and advice to Windows users who are having difficulties with their machines. In my view, to advise anyone that it is okay to always use an account that is a member of the Administrators Group is irresponsible.

[/FONT]

I have not so far, nor has Rui, advocated that it is alright to always use an administrators account. We have just given our side of this topic. In point of fact I did say that for the average user that is not proactive with their security the Standard account may be a great idea (see post #6 above) I agree with Rui that we all own our PC’s and thus have every right to set up and use our PC’s as we see fit. That includes power users such as yourself and novice users alike. Like Rui, I also have had PC’s for quite some time and do not remember ever having a virus infection. Perhaps I’m lucky, who knows, but I am proactive with my security and with Imaging and feel that I can recover quickly even if something does ever get through my defenses.

Reply | Quote

“3 – Change Windows settings for safety

Create a user account: Most people get a new PC with just one administrator account, typically with a name such as Admin, Owner, or even something silly such as Satisfied Customer. Whatever it’s called, this default admin account usually doesn’t have a set password. You know the dangers of unrestricted system access, but many PC users don’t.
Give them a leg up on safe computing by first assigning a password to the default admin account (it doesn’t have to be anything fancy). Then, set up a new account –under the user’s name– that is set to the more restrictive Standard user security level. You can add a password for that new account, too, or create additional accounts– whatever the situation dictates. Give your friend the password to the admin account, but emphasize that only the standard account should be used.“

I’m in agreement with Woody.

I work on computers. I clean malware infections. I give the same advice to my clients, many of whom consider themselves experienced users, as I give here. Of course, my malware clients have already had first hand experience of some possible consequences of running routinely under an Administrators Group account, and I’ve never had a complaint about using a Standard user account routinely from that point forward.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

You do what you think is right and I have nothing against that. I respect your opinion and I respect Woody’s opinions, but I find I don’t need to follow them on this matter (and I disagree with Woody on Homegroups or Windows updates too, just considering the advice given on the latest newsletter). Personally I have followed the strategy I described and I am quite happy with it. There quite a few people help who resort to me for help with their computers and they never had an issue with the combination of security apps I recommend.

I believe the best way to fight malware is to have informed users. I will agree that some users don’t care about that, others won’t have the patience or the inclination to do it but others, like the original poster here, want to know more. To those, it’s only fair that they get the information they need to make their own decisions about their own computers.

Reply | Quote