Creating a standard user account for security purposes?

gregrocker said:

There are different views on this so I'll give you mine as an Installation guy who tries to set up perfect installs as compiled in Clean Reinstall - Factory OEM Windows 7.

When WIn7 is installed it issues an Admin account to the user assuming he is the owner.

As long as User Account Controls are kept at default then the only protection that an Admin Account lacks is that it will not be prompted to okay any changes with a password. It will still dim the desktop and flash the warning that changes are being made. So ask yourself how much more important it is to you to have to insert your password for every change made which triggers UAC. For most it is too annoying a redundancy to bother with.

If others are using your PC it is always a good idea to create for them a Standard Account and then password yours, or use the built-in Guest account.

Others may have a different view which is equally as compelling.

A Standard User's UAC setting is "Always Notify". The Windows 7 "default" is one step below that. Not quite the same.

Personally, I have a standard user account set up. Entering my "root" password to make changes to the operating system is similar to the sudo/su permissions model in Linux, which I'm quite used to. It's all about layering, and a lot of documentation exists, not only from Microsoft, but other sources as well, that suggest that it is a good security practice to have a standard account for everyday use.

Again I find this very interesting, and I really appreciate you guys engaging in this discussion with me. I feel that I have gained a better perspective on this matter. To summarize what I believe is the overall opinion here, is that; if you are the only person using the computer, creating a SUA offers little, if any additional security, given you do not alter windows security functions at their default level. Although it is highly advisable to create or have created system restore, system repair, and an overall system image, all of which I have done in the past due to the advice of this forum.

So while there are always certain things we can do to boost our overall security, (no system can ever be secure enough) as several others have mentioned, creating a SUA is not really one of them.

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

Are some defaults really the "best practice" or "best choice for most users" ?

i.e.

I don't like the defaults for how Windows sets up Windows Updates...
I always change settings so I get notified for updates, but I choose when and what to install.
For most users I believe "default" auto install is a better setting, because they would not know to install updates...

There has to be a default install Admin account or folks would not be able to do many things without the built in Administrator account enabled...too geeky for the masses...

Once they have the default install User Admin account working, do most people know how to create and use a Standard account, and why that might be better for everyday use?

Even when users who get chronically infected use Standard Accounts they always still manage to get infected since they are letting the malware get past. I've never seen any evidence that malware can work its own way past UAC in either of the top two modes. So having the screen flash and needing to enter your own password isn't convincing protection to me.

What's always worked for chronically infected users for me is to keep MSE but add Malwarebytes Real Time protection - $30 for life.

That said, let's hear from the Security experts. It's always a learning experience.

gregrocker said:

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

Microsoft suggests a standard user account for all users (I'm not going to post a bunch of links, they're easily found by searching for them). Personally though, I think that they'd like to make a standard user the default, though my guess is, they are reluctant to force the use of one because the "always notify" was the standard in Vista, and it drove a lot of users nuts.

One of the advantages of Windows (if you want to call it that), is that their policy of backward compatibility with previous versions allows the everyday user to feel relatively comfortable with new versions. Unfortunately this policy of backwards compatibility has been the root of many, if not most, security vulnerabilities in Windows since they, in a more innocent world back then, by default, made the first user the administrator. They've rued that decision for years.

I have a son-in-law that in his formative years, worked for Microsoft in their code cave, and now has a consulting firm that administers several 1000+ seat windows clients. He has mentioned to me several times that if Microsoft would once and for all drop backward compatibility, that the expertise exists in Redmond to write a free standing operating system that would knock the industry's socks off. But alas, repeat customers drive Microsoft's business and, IMO, they're stuck, and that's why they continue with the first user being the administrator.

DavidW7ncus said:

Are some defaults really the "best practice" or "best choice for most users" ?

i.e.

I don't like the defaults for how Windows sets up Windows Updates...
I always change settings so I get notified for updates, but I choose when and what to install.
For most users I believe "default" auto install is a better setting, because they would not know to install updates...

There has to be a default install Admin account or folks would not be able to do many things without the built in Administrator account enabled...too geeky for the masses...

Once they have the default install User Admin account working, do most people know how to create and use a Standard account, and why that might be better for everyday use?

I've seen the following referenced by posters who offer help in setting up a standard account many times. (I think I've even seen it here once or twice in these forums.)

...UAC was introduced with Vista and was widely maligned due to its in-your-faceness, and though it's calmed down some as Vista has been updated, it seems to have really hit its stride in Windows 7. I like UAC a lot.

But even in its imperfect form, it was a good idea, attempting to brighten the terribly blurry line between administrative tasks and user tasks that has plagued Windows since the early days.

Much of this is due to the early consumer operating systems Win95, Win98, and WinME, which maintained no technical distinction between these roles: everybody was always an administrator, and software developers had no way of even thinking about a separation of roles.

But even with the more modern NT-based systems Windows 2000 and Windows XP, it was so painful to really get your work done as a non-administrative user that most people simply gave up and ran with an admin account. This was almost entirely due to poor habits by software developers: they themselves ran as admins, and simply wrote sloppy code that assumed everybody was one too.

Microsoft has been trying very hard to counter this everybody-is-an-admin mentality, and UAC was their attempt at compromise: if you're going to run as admin, at least we can make you aware of the role differences. This is what UAC is attempting to do...

Microsoft's pickup, and republishing of Steve Friedl's blog post:

Configuring Windows 7 for a Limited User Account

and, the original:

Configuring Windows 7 for a Limited User Account

MS contributor Friedl's MS blog post from 2009 urging use of Limited Account came before we had five years real-world experience with Win7, including helping here with tens of thousands of installs, all of which were configured as the owner/administrator during install.

I honestly do not see any real world experience pointing to the need to reinstall or convert Admin-level account to Standard, or to even urge that Standard account be default during install.

Bluesan said:

gregrocker said:

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

Microsoft suggests a standard user account for all users (I'm not going to post a bunch of links, they're easily found by searching for them).

Do you have a link for this from MS because I cannot find it? I also asked the top MVP at MS forums who isn't aware of it.

gregrocker said:

MS contributor Friedl's MS blog post from 2009 urging use of Limited Account came before we had five years real-world experience with Win7, including helping here with tens of thousands of installs, all of which were configured as the owner/administrator during install.

I honestly do not see any real world experience pointing to the need to reinstall or convert Admin-level account to Standard, or to even urge that Standard account be default during install.

Bluesan said:

gregrocker said:

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

Microsoft suggests a standard user account for all users (I'm not going to post a bunch of links, they're easily found by searching for them).

Do you have a link for this from MS because I cannot find it? I also asked the top MVP at MS forums who isn't aware of it.

Sorry, I almost forgot to mention, that if you really believe this to be true, you might want to petition Brink to modify his tutorial. As you said above, apparently part of it is no longer valid for the "real world":

Standard user (Users) - The standard account is an unelevated restricted users account. It can help protect your computer by preventing users from making changes that affect everyone who uses the computer, such as deleting files that are required for the computer to work. It is recommend to create a standard account for each user instead of an administrator account for the user. When you are logged on to Windows with a standard account, you can do almost anything that you can do with an administrator account, but if a standard user wanted to do something that requires elevated rights that affects other users of the computer, such as installing software or changing security settings, Windows will give the standard user a UAC prompt to enter the password of an administrator account for approval and confirmation before allowing the action.

Built-in Administrator Account - Enable or Disable

Nothing more to add to this thread.