|25 Jul 2010||#1|
| || |
Standard User accounts issue
A few days ago, I heard about the .LNK file icon vulnerability, got a little concerned since there was no easy fix, and looked for ways to limit my exposure. After flailing about a bit, I decided it was time to look at the "Standard User" accounts in Windows 7.
I set up a new user, made it Standard, and copied over my Firefox profile, and I was up and running. It was surprisingly easy, and over 90% of my user experience is now running fine as "OrdinaryUser". I was surprised at how I rarely have to switch users. Most Administrator type tasks can be accomplished by just trying it, then Windows 7 notifies that I gotta be Admin for that, and asks me to pick an Administrator account, and give a password for it, then it just works. I think I am going to use this as my primary account--it gives me a (possibly unjustified) sense of heightened security.
However one complaint/question. As part of getting familiar with the new diggs, I edited the Registry, ( HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation )
was asked for the PW etc. and it worked fine. But now, I can go back to the same key and edit it WITHOUT any prompting, from the Standard account. I will experiment further, but it seems that my Standard User account now has unprotected access to the registry. Which makes my warm feeling of security just a little less comfortable.
Any wise words welcome.
|My System Specs|
|25 Jul 2010||#3|
| || |
Had to test it. I had logged-off, but the computer is rarely powered off, so I made sure. Power-down completely, log-on with Std User, still can edit the registry key without challenge. Seems an unnecessary weakness in the generally accepted rule that Running without admin privileges gives a good extra layer of security.
However, editing/renaming files in the system areas still draws a credential check.
|My System Specs|
|Similar help and support threads for2: Standard User accounts issue|
|How do I block access to my external drive for standard user accounts?||System Security|
|windows user accounts issue||General Discussion|
|Customizing standard user accounts - adding system access without uac||General Discussion|
|Cant Access Administrative Rights in Standard User Accounts||General Discussion|
|How to remove programs in standard user accounts?||General Discussion|
|How to place restrictions on standard user accounts beyond parentals||General Discussion|
|aero for standard user accounts||General Discussion|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 06:43 PM.