Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Why Use a Standard Account Instead of Administrator?


07 Apr 2014   #1
TomBrooklyn

Win 7 Pro
 
 
Why Use a Standard Account Instead of Administrator?

Why ought somebody who has a PC and put's Windows on it, create a standard account and use it for their everyday computing, instead of just using the Administrator's account they created when they installed Windows?


The following page from microsoft.com,
Change a user's account type - Microsoft Windows Help
entitled "Change a user's account type, says:
When you set up Windows, you were required to create a user account. This account is an administrator account that allows you to set up your computer and install any programs that you'd like to use. Once you finish setting up your computer, we recommend that you create a standard account and use it for your everyday computing.



My System SpecsSystem Spec
07 Apr 2014   #2
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

An admin account runs with higher permission levels than a Standard one. If the account in use is Admin level it's easier for malware to infect the PC.

Having said that, I use only one, Admin, account on my machines.
My System SpecsSystem Spec
07 Apr 2014   #3
LMiller7

Windows 7 Home Premium 32 bit
 
 

By default programs run with the same privileges and rights as the active user account. This is very convenient for malware if the user is using an admin account as it can do pretty much anything it wants to. If the user is using a limited account that is bad news for malware as it will be under the constraints of the limited account. Much malware will give up. There are always easier targets elsewhere.

UAC provides many of the advantages of using a limited account with less inconvenience. With UAC enabled an admin account has only limited rights unless more is requested. It is a reasonable compromise between convenience and security. Using a limited account for general use is still better for security but depending on how you use the computer this may be quite inconvenient. Most people opt for the default behavior of using UAC.
My System SpecsSystem Spec
07 Apr 2014   #4
gregrocker
Microsoft MVP

 

I would use the Admin account set up when Win7 is installed, with UAC fully enabled. As stated that should be sufficient.
My System SpecsSystem Spec
08 Apr 2014   #5
King Arthur

Windows 7 Ultimate x64 SP1
 
 

I personally use an administrator account as plenty of software (especially older software!) expect to be running under administrator privileges, however this does come with heightened personal responsibility for maintaining your computer's and other computers' safety.
My System SpecsSystem Spec
08 Apr 2014   #6
andrew129260

Windows 7 Professional x64 Sp1
 
 

For the average customer: I do what Microsoft recommends. I set up their pc with a separate admin account called admin. I create a password for it and give them that password. I then disable the built in admin account. I then create a standard user account for them with uac at the highest setting to always notify. It sounds like a lot of work, but its actually done very quickly. I have them use the standard account and when they need to do something that requires elevation, the uac box pops up asking for the admin password. Since they have to type a password in instead of clicking yes or no, I find it helps them stop and think about what they are about to approve.

Results? I get way less support calls (about malware) and now make it my default strategy.

For myself:
admin with UAC always notify.
My System SpecsSystem Spec
08 Apr 2014   #7
Computer0304

Windows 7 Professional 32-bit/Windows 8 64-bit/Win7 Pro64-bit
 
 

Quote   Quote: Originally Posted by andrew129260 View Post
For the average customer: I do what Microsoft recommends. I set up their pc with a separate admin account called admin. I create a password for it and give them that password. I then disable the built in admin account. I then create a standard user account for them with uac at the highest setting to always notify. It sounds like a lot of work, but its actually done very quickly. I have them use the standard account and when they need to do something that requires elevation, the uac box pops up asking for the admin password. Since they have to type a password in instead of clicking yes or no, I find it helps them stop and think about what they are about to approve.

Results? I get way less support calls (about malware) and now make it my default strategy.

For myself:
admin with UAC always notify.
That's exactly how I have it too.
My System SpecsSystem Spec
08 Apr 2014   #8
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by andrew129260 View Post

~~~
For myself:
admin with UAC always notify.
So... if you ever visit a reputable website that is infecting visitors in a way that bypasses the UAC, then that infection will have admin rights on your computer.

If you had visited that same website as a standard user, the infection might still bypass UAC, but it would still need to ask for the admin's credentials.

:-)
My System SpecsSystem Spec
08 Apr 2014   #9
andrew129260

Windows 7 Professional x64 Sp1
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
Quote   Quote: Originally Posted by andrew129260 View Post

~~~
For myself:
admin with UAC always notify.
So... if you ever visit a reputable website that is infecting visitors in a way that bypasses the UAC, then that infection will have admin rights on your computer.

If you had visited that same website as a standard user, the infection might still bypass UAC, but it would still need to ask for the admin's credentials.

:-)

True, But I have not been infected since I have been a computer user, so ether I have been very lucky or very smart.

I don't know which lol. Anyways, I do most critical things in a Linux VM anyway, so it does not matter much. No such thing as 100% security

And do you run as a standard user? I doubt it
My System SpecsSystem Spec
09 Apr 2014   #10
UsernameIssues

W7 Pro SP1 64bit
 
 

You cannot say or know that you have not been infected.

You can only say that you have never found an infection.

There is a big difference. Sophisticated Spy Tool ?The Mask? Rages Undetected for 7 Years | Threat Level | WIRED


I run this employer supplied laptop via an admin account because that is what my employer wants. That is the only configuration the help desk supports. Like you, I do important stuff via a VM. But hey, how hard could it be to operate as a standard user? I can always promote my account back to admin if I need the company help desk.

I'll be right back - as a standard user :-)
My System SpecsSystem Spec
Reply

 Why Use a Standard Account Instead of Administrator?




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:53 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App