New
#11
Thanks.
At GrayGhost2,
If I had a lot of training, I might feel confident in explaining this stuff better. As it is, all I have is what I've read and a few classes that I did not want to take :-(
When Windows installs, it creates several accounts - most of which you never need to concern yourself about. One of those accounts is the built in Administrator account. Think of it as a user account that has been set up in a way that it cannot easily be deleted and the security settings are such that this particular account can do most anything. Because it is so powerful, it is disabled by default. You can enable it if all other accounts get messed up. It is the back door into the computer when all of the front doors get nailed shut.
During the Windows installation process (or upon first log on) the user is asked to pick a username (I have usernameissues :-) The account that you create at that time will be a user account with the account type set to administrator. Let's call this user/admin. This is what most people use and they never give it a second thought.
If the user is annoyed by the User Access Control (UAC) system that Microsoft has put in place, they sometimes turn it off. Once that UAC is turned off, then the user/admin account will be starting apps at the high integrity level.
Integrity levels:
High (elevated rights/privileges)
Medium
Low
[There are other levels too - but that is enough for now.]
If an app (or an infection) runs at the high level, then it can do lots of damage. If the UAC is turned off, then the damage can be done without any prompts to the user.
If the UAC is turned on, then apps start at the normal level. Some of those apps (like Internet Explorer) start copies of themselves at the low level to protect the user even more. The low level apps can (in theory) do very little damage to the computer.
If you use a user account that is set to standard and the UAC is turned on, then very little is different, You still need to give your consent for some things to happen on the computer, but you will also need to supply an admin password (if one has been set).
I can only hope that the info above is correct enough to be of help to you. From a practical stand point, it is best to leave the UAC turned on. There is not much practical value in understanding the differences between the built in admin account and any other user/admin account. You should be able to do everything that you need while using a user/admin or a user/standard account.
>I am unclear on what is "built-in" and "normal" administrator/s.
Microsoft did make the built-in account hard to delete. Other than that, I see no practical difference between the built-in admin account and a user/admin with the UAC turned off.
Quote