Windows 7: Standard User accounts issue

A few days ago, I heard about the .LNK file icon vulnerability, got a little concerned since there was no easy fix, and looked for ways to limit my exposure. After flailing about a bit, I decided it was time to look at the "Standard User" accounts in Windows 7.



I set up a new user, made it Standard, and copied over my Firefox profile, and I was up and running. It was surprisingly easy, and over 90% of my user experience is now running fine as "OrdinaryUser". I was surprised at how I rarely have to switch users. Most Administrator type tasks can be accomplished by just trying it, then Windows 7 notifies that I gotta be Admin for that, and asks me to pick an Administrator account, and give a password for it, then it just works. I think I am going to use this as my primary account--it gives me a (possibly unjustified) sense of heightened security.

However one complaint/question. As part of getting familiar with the new diggs, I edited the Registry, ( HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation )
was asked for the PW etc. and it worked fine. But now, I can go back to the same key and edit it WITHOUT any prompting, from the Standard account. I will experiment further, but it seems that my Standard User account now has unprotected access to the registry. Which makes my warm feeling of security just a little less comfortable.

Any wise words welcome.

Hi, periboob.

Have you restarted the computer since making the initial registry edit?

Had to test it. I had logged-off, but the computer is rarely powered off, so I made sure. Power-down completely, log-on with Std User, still can edit the registry key without challenge. Seems an unnecessary weakness in the generally accepted rule that Running without admin privileges gives a good extra layer of security.

However, editing/renaming files in the system areas still draws a credential check.