1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Use of Limited / Standard User Account for Security

Discussion in 'General Security' started by keith66, Jan 29, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. keith66

    keith66 Thread Starter

    Joined:
    Aug 19, 2008
    Messages:
    112
    I have heard that it is safer to be logged on only on a limited/standard account rather than an administrator when logging on to the Internet.
    Is this true?
    I am the main user here on a home computer – My grandchildren have access on a limited account.
    I am the only administrator and my user account is as administrator.
    Would I have to turn my present main user account (where all my documents are stored and which I use for everything on a daily basis ) into a limited/standard account and create a second user account with administrator rights and switch to the second ( administrator ) account when I want to download something or change settings?
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    8,890
    Yes, it is more secure to run your computer daily with a limited user account. Attackers take advantage of coding flaws in Windows and try to install malware when you chance upon their websites. If you are running as a limited user, some of these installs will fail, because only administrator accounts can make system changes.

    You will have to create a second administrative account first and then demote your present account to limited user.

    You don't have to use the admin account to do downloading. You only have to use it if you are installing a program. I normally download applications to the Public/Downloads folder ( on Vista, or a subfolder of All Users on XP )
     
  3. keith66

    keith66 Thread Starter

    Joined:
    Aug 19, 2008
    Messages:
    112
    Thanks Lunarlander.:)
    I have created a second user account with administrative privileges and demoted my main user account to standard.
     
  4. cwh803

    cwh803

    Joined:
    May 12, 2008
    Messages:
    6
    In addition to LunerLander's advice, consider the followning:

    Principal of Least Privilege: which is “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” Windows Vista User Account Control (UAC) function manifests this principal. UAC in Vista protects against attacks that rely on elevation of privileges. Internet Explorer 7, when running on Vista, leverages UAC to run in Protected Mode, which keeps Web applications from writing to system folders and system portions of the Registry. IE7 doesn't run in Protected Mode on XP. Until then, you can use a limited manifestation of this principal to mitigate malware attacks, including root kit attacks, when using Internet Explorer (IE) in XP to visit web sites that may be intentionally configured or attacked and compromised to install malware on your computer.

    The idea is that you can stop running IE with full administrator rights, which most folks do in XP. Using IE with full administrator rights makes it easy for malware, once it gets into your environment by exploiting a defect exploitable through IE, to infect every sytem file. When you run IE with limited privileges, the malware is also running with limited privileges, and therefore is limited to which system files can be infected.

    I’ve implemented the Principal of Least Privilege using a shortcut icon for DropMyRights which then starts IE. I normally run in XP as an administrator, and DropMyRights disables SIDs and removes privileges from my access token, and then uses this restricted token to start IE. Before using DropMyRights with IE, I also set “Active Scripting” to Disable and set “Run ActiveX controls and plug-ins” to Prompt; both in the Internet Properties->Security->Internet Zone.

    DropMyRights can also be used with XCEL, WORD, or an E-Mail client. Installing and Configuring DropMyRights August 2007 blog entry.

    DropMyRights was written by Microsoft programmer Michael Howard. Mr. Howard’s article, Every Windows XP user should drop their rights, includes a download.

    See also Applying the Principle of Least Privilege to User Accounts on Windows XP Published: January 18, 2006
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/795574

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice