Running As Administrator

Topic

New Reply

If this question has already been addressed, please forgive me! I have been running under an administrator account for some months now without any problems, but now see that it is more secure to run at a lower level for security reasons. I really like how I have the admin account set up, and don’t want to lose everything or have to re-setup a new account like the current admin account. If I create a new admin account, and then “down grade” my current one to a lower privilege level, is that going to accomplish what I want to do without losing anything? If so, what is the best privilege level to use when online? I’m running Win 7 64-bit on a desktop, and Win 7 32-bit on a laptop. Thanks for any advice!

John

Reply | Quote

Replies

See this thread for ideas / comments.

cheers, Paul

Reply | Quote

I run as an administrator all the time, in fact I do not have a regular account set up on my PC. My wife’s PC is the same, and so is our desktop (not used nearly as often since we purchased laptops). I use a router with a hardware firewall, use Win firewall, MS MSE which includes AV and Anti-malware protection, and regularly scan with Anti-Malware Bytes and Spybot. I keep my OS up to date, and regularly clean all temp files including IE temp files using IE own cleanup as well as CCleaner. I feel very secure and have never had problems with anything getting through my protection scheme. The difference is I do not have others using my PC. If I had several people regularly using my PC, I would limit their access to a more restricted account, but still use the admin account for my use.

Reply | Quote

I use a router with a hardware firewall, use Win firewall, MS MSE which includes AV and Anti-malware protection, and regularly scan with Anti-Malware Bytes and Spybot. I keep my OS up to date, and regularly clean all temp files including IE temp files using IE own cleanup as well as CCleaner. I feel very secure and have never had problems with anything getting through my protection scheme.

With the exception of Spybot and CCleaner (I have other methods), so do I. I still consider it ill-advised to offer Administrator Privileges freely to the internet. It isn’t a matter of “if” you become the object of a malware attack, it is a matter of “when”. Just recently there have been a number of reports of malware attacks through ads on otherwise legitimate and trustworthy web sites. Ads are nearly always fetched from a server other than the server hosting the trustworthy web page. I have been hit twice from different sites in just the last week, once on my laptop and once on my desktop, and MSE flagged the attack in both cases and cleaned the offending files from my machine.

However, by running under a Power User account, the malware was severely limited in what it could do. I used Task Manager to close Internet Explorer, let MSE do its thing, and that was that. Jerry Pournelle is considered fairly knowledgable in the workings of computers and software; wrote a column for Byte magazine for years until it went under. From what I can gather, he runs routinely using an account in the Administrators Group.

I believe that running routinely as a member of the Administrators Group is similar to leaving a key in your front door along with a note telling passersby that you aren’t home.

I feel very secure also, but it is only because I routinely use drive images for backup, so if I do get pooched, I can recover easily without any damage carrying over.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I have been running under an administrator account for some months now without any problems, but now see that it is more secure to run at a lower level for security reasons.

John

In Windows XP, without User Access Control features of Vista/Win7, it was very important to do most tasks as a limited user. Vista added the UAC feature, but it was very noisy, leading some people to turn it off and lose the security features. In Windows 7, Microsoft has toned down the noise of UAC and given users some control over the notification frequency. Here is what I have found: In Windows 7 with default settings for UAC, the only difference between admin and limited user is that UAC asks for an admin password when performing privileged actions as a limited user and does not ask for the password when running as admin. All the UAC popups are the same between limited and admin. The only difference is the password request.

It’s making me wonder if there are any differences between admin and limited accounts, for protecting against unauthorized changes, in Windows 7. The only really annoying thing about Windows 7 access control is that it still uses the context of a different account, instead of simply elevating the current logged on account. The way Linux does it with sudo is better in my opinion. Linux also has a more fine-grained access control system than Windows 7, but Win7 is now “good enough”.

Reply | Quote

I should have specified that I use Win 7 on all our PCs. I also feel Win 7 does a much better job of protecting my PC, and that protection (UAC) along with the other items I mentioned provide a very secure system. As I stated, I have not suffered any attacks yet. MSE has stopped a couple of attempts, but as I said they did not get through. I do not click any links in pop ups that routinely occur. Most are stopped by the built in pop up blocker, and those that get through are deleted manually by me. I do NOT investigate unsolicited junk, just delete them. My feeling is that if I want something I will research and solicite info manually, not use the unsolicited junk. I believe that if everyone simply deleted this junk, eventually the junk would disappear since the spammers would not get anything from their spam. Yea, I know, when did I get back from Oz?

Reply | Quote

My advice to anyone who wishes to run routinely as a member of the Administrators Group, not matter what version of Windows you are running, is to stay current with drive images religously.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I too, recently read enough about using Admin priveledges all the time, and created an account to use day-to-day. As John first posted above, I had been on this pc for a few months and was “comfy” with how it was set up, and feared it would be a pain in the toucas to start over; well it was, and wasn’t. The hardest things were using Outlook on the new account (had to start over), then point to the old PST files.
Other parts of it went seamlessly, and I’ve finally gotten used to providing the Admin password when doing things like installing, deleting, gettting files off the Admin’s My Documents.

There seemed to be no easy way to get all the things migrated over, other than deal with them as I went along.

Reply | Quote

I too, recently read enough about using Admin priveledges all the time, and created an account to use day-to-day. As John first posted above, I had been on this pc for a few months and was “comfy” with how it was set up, and feared it would be a pain in the toucas to start over; well it was, and wasn’t.

There seemed to be no easy way to get all the things migrated over, other than deal with them as I went along.

My sincere thanks to all of you for replying to my question! I haven’t seen enough yet to decide one way or the other. Craig has most accurately stated my primary reason for being reluctant to “demote” myself. I am doing the same security things as the rest of you suggest- that gives me some peace of mind. My concern is that if I do get nicked, it will be a doozy! I think that I will hold off for now on any change. Any other input would be very much enjoyed and appreciated.

Thanks again,
John

Reply | Quote

My concern is that if I do get nicked, it will be a doozy!

That’s what backup to another disk is for!

cheers, Paul

Reply | Quote