Windows 7: User Accounts - Rights

Hi ... i have read so much about the User Accounts, admin rights and so on but now i am so confused that someone has to explain it to me.

Within the Installation u create an useracc - Is this the admin if u havent change the rights after the installation? ( in the control Panel stands that he is the Admin .. but i have read that this acc is not a real admin )

Within the installation something went wrong with the name of the acc so i changed the same after installation but the personal folder (also in the network) etc. still have the wrong name - I work with 2 acc (just for installtion i use the Admin) and i want to know if i can delete the admin account without any problems? or waht else i can do to have the right account names ... everwhere!


Hope my english isnt that bad und u understand my prob
greetz.mowh

Don't get too hung up on the distinction between "real admins" and supposed non-real. Any account in the local "Administrators" group has full power over the machine, irrespective of whether it's the built-in (first) admin account, or any subsequent admin accounts.

By the way, the in-built admin account cannot be deleted, at least not without a lot of determination. That's to prevent situations where all administrative access to the machine has been lost due to all admin accounts being either deleted or locked out.

Hi mohw!

I experienced the same as you described first with the 7 Beta, and later with the RC. (It would be helpful if you would fill in your sys specs so we know what you are using, like for example what build of 7 and 32 or 64) Even though one can change the name of a user account, I was never able to get that name change to show in the user account files in explorer. I would suggest since you did not like the "admin" name (something went wrong) that you change the current name of that account back to the original, create a new account (administrator account) with the name of your choice, then you can delete (or disable) the account you do not want to use (where something went wrong) and still have the admin account in case you need to repair your user account. (very smart to use the "admin" just for installation!)

Here is a tutorial about the built-in Administrator account:

Built-in Administrator Account - Enable or Disable

Cheers!

Robert

So there is no difference between the built-in Admin or the "selfmade"-admin. And it doesnt matter if i activate the built-in or create another selfmade to delete the account with the wrong name!

ok ... so far so good!

But is there a difference between the different versions (Prof., Ultimate etc.) and builds? I am asking because u wanted me to fill it in

I just want to understand my OS


PS: i corrected the specs and i use the admin just for installation and virusscanning

The built in administrator account has two differences from any other administrator account

• It cannot be deleted
• It is not subject to the UAC restrictions

If you choose to disable the UAC then the differences are just the deletability

If UAC is on (good idea IMO ) the normal administrator is stripped of some of the normal admin powers dependent on the level set for UAC.

As malware runs with the rights of the current user running as admin with UAC on deprives the malware of the power to do damage.

Where as normal best practice was to run two accounts a standard for day to day use and an admin only when required, the UAC enables this to be modified (although the older method is still valid, and essential if UAC is off).

My advice is to switch UAC on, create and use an admin account under UAC control for your day to day running, (it does make things easier due to prompted elevation)

If you come to a rare situation where the normal admin is insufficient (sometimes happens due to special UAC controls on the program files and windows folders), enable the full administrator, perform the actions required then disable the account again.

If you share the machine with others in a family - give the other users a standard account only, this will protect the system files from accidental damage

Hope this helps

mowh;

Yes there are differences between the versions, for example Home Premium, Pro, and Ultimate, but more important are the differences between the RC (build 7100) and the RTM (build 7600). Including such info in your specs will definitely save time when answering your future questions. Thanks!

Cheers!

Robert

Nigel;

I found your post very helpful, a lot of good info.

However, I came across a situation where the OP (original poster) had only one user account and when that account became corrupted his only solution was to reinstall. If he had created an Admin account just for administration, I suspect he could have repaired the damage to his corrupted account without reinstalling and saved himself much grief.

With millions of compromised computers world wide doing the bidding of criminal hackers, I am dismayed when some are so quick to disable the UAC. I would like to see the Internet remain "free", but it won't be free if it is controlled by the criminal element. The improved security in Windows 7 seems such a small price (in convenience) to pay for the free access to our global community. I hope people will take your advice to heart and take responsibility for securing their computers.

Happy surfing!

Robert

Hi Robert,

The excelent advice on the additional Admin account is something I always tend to forget to include in my advice .

In my defence this is because you do not need to be inside windows to enable the full administrator account, which is of course always available.

I will not elaborate on the method as this is a public access forum and the security implications of this can be quite severe

As a very minor point, I don't think there are any security implications. "Obfuscating" the built-in admin account (RID=500) is done to discourage its use for daily tasks by users who may not care (much) for security best practices, and the benefits of relying on low-privilege accounts, and for yadda yadda... Since they can't "see" that account unless they go looking, they're unlikely to stumble upon it and stick with it.

The mechanism which allows access to the account may be "trivial", but that's OK since it's still necessary to provide valid credentials. If a sysadmin actually goes looking, telling them how to get presented with an auth prompt doesn't violate any principles. The procedure appears approximately 538 times on various *.microsoft.com websites

I'll of course refrain from saying more following your lead.

Thank you for the great posts and great info!

=====================================

EDIT: In conversing with Barman58 in PM, I came to realise that I had misunderstood his earlier post, for reasons which are entirely my fault. Please disregard the stuff I wrote in this post (shouldn't be difficult ).

It isnt necessary to add something