1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Why you shouldn't run your computer as an administrator." - Plz Explain - Help.

Discussion in 'Windows XP' started by jonasdatum, Jan 22, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    Hello. Ok I use my administrator account all the time although I know it isn't the most secure thing to do with an NT based OS. My questions amongst many is that some of the related help files said add my current administrator account to the "power users" group. That way it will be a member of both group how would that work exactly and would it make a difference in terms of security?

    Also I have done alot to reduce possiblity of infection. One thing I've done is disable the file and network sharing on my DSL connection. I am sharing the connection with my old win98 box. Dispite the occassional defeat of a worm by my firewall when I dumb down the security settings for the connection-share, nothing has come up in the years I've been doing this. Constant scans have come up negative of anything that can't be isolated and destoryed.

    Here is what the XP Pro Help File Said:

    Why you should not run your computer as an administrator
    -------------------------------------------------------
    Running Windows 2000 or Windows XP as an administrator makes the system vulnerable to Trojan horses and other security risks. The simple act of visiting an Internet site can be extremely damaging to the system. An unfamiliar Internet site may have Trojan horse code that can be downloaded to the system and executed. If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on.

    You should add yourself to the Users or Power Users group. When you log on as a member of the Users group, you can perform routine tasks, including running programs and visiting Internet sites, without exposing your computer to unnecessary risk. As a member of the Power Users group, you can perform routine tasks and you can also install programs, add printers, and use most Control Panel items. If you need to perform administrative tasks, such as upgrading the operating system or configuring system parameters, then log off and log back on as an administrator.

    If you frequently need to log on as an administrator, you can use the runas command to start programs as an administrator. For more information, see To start programs as an administrator.

    Related Topics
    -none-
    ---------------

    Here is what detail the help files gave me on user account types:


    Groups overview
    ---------------
    Groups displays all built-in groups as well as groups you create. The built-in groups are created automatically when you install Windows 2000 or Windows XP. Belonging to a group gives a user rights and abilities to perform various tasks on the computer.

    Administrators

    Members of the Administrators group have the largest amount of default permissions and the ability to change their own permissions.

    Backup Operators

    Members of the Backup Operators group can back up and restore files on the computer, regardless of any permissions that protect those files. They can also log on to and shut down the computer, but they cannot change security settings.

    Power Users

    Members of the Power Users group can create user accounts, but can modify and delete only those accounts they create. They can create local groups and remove users from local groups they have created. They can also remove users from the Power Users, Users, and Guests groups.

    They cannot modify the Administrators or Backup Operators groups, nor can they take ownership of files, back up or restore directories, load or unload device drivers, or manage the security and auditing logs.

    Users

    Members of the Users group can perform most common tasks, such as running applications, using local and network printers, and shutting down and locking the workstation. Users can create local groups, but can modify only the local groups that they created. Users cannot share directories or create local printers.

    Guests

    The Guests group allows occasional or one-time users to log on to a workstation's built-in Guest account and be granted limited abilities. Members of the Guests group can also shut down the system on a workstation.

    Replicator

    The Replicator group supports directory replication functions. The only member of the Replicator group should be a domain user account used to log on the Replicator services of the domain controller. Do not add the user accounts of actual users to this group.
    --------------

    Comments, suggestions, insight, etc please.
    Thank you all.
     
  2. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    Hello. How do I share applications with other users when the inital install doesn't ask if I want to be the only user who uses it?
     
  3. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    Hello. Can anybody anr this question and/or contribute to the thread in any significant way?
     
  4. Sequal7

    Sequal7

    Joined:
    Apr 14, 2001
    Messages:
    2,382
    Not sure what your asking, but...

    My setup user accounts of Windows NT, XP and 2000 PRO, and server2003 are always set as limited users using the "run as" command. The user is always logged in as guest or limited account, and I only login as admin if I need to change settings, I never stay logged in for long under the admin account though.
    If and when you need to install or modify programs or services in use, right click and choose the "run as" command. This basically stops un-authorized access, either through hacks, trojans or other viruses from having esentiall power user access. If you are limited, then so too is the powers of the viruses or remote connections.


    I am not sure if you can decide whether or not to allow all users access to programs, you can obviosly turn off simple file sharing and deny access to folders and programs .exe files for certain user accounts or groups, but Im not positive this is what your referrring to?
     
  5. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    I want to maxiumize my security on my home PC. Now I've been reading up on this. I have reverted back to using a power user account as my primary. My question is should I stay with power user or should I go down to user?
     
  6. bearone2

    bearone2 Banned

    Joined:
    Jun 4, 2004
    Messages:
    5,809
    it sounds like you're the only one who uses the computer.

    i'm the admin, the only user and don't use a login screen when it boots.
    it makes my life simple on all computers in the sig.

    i can add/remove programs, defrag, do what i need without remembering a bunch of passwords.

    as a user you can't do a lot and you can't mess it up.
     
  7. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    Has anybody had unfortunate situations invovling user accounts? I was reading the news on some new security issues with Windows NT/2000/Xp/Vista; made me use a power user account.

    Anybody?
     
  8. techkid

    techkid

    Joined:
    Sep 1, 2004
    Messages:
    2,339
    First Name:
    David
    Personally no. But you stay on these forums for long enough, and there's stories there...

    Personally, I think it's best to have 2 accounts, one an administrator (best to have it password protected), and a user. If you need to run programs that require admin access (games are pretty notorious for this for some reason), you can just right-click the shortcut and click "Run as..." and type in your admin username and password. It's only active in the time you run that program.

    Anything requiring explicit admin access (Windows updates, adding/updating hardware and drivers and software installs/uninstalls), log in as the admin user for as long as you need it, and log off when you're done.

    General usage (web browsing, word processing etc) can just be run under the normal user account.

    It's not a "perfect circle of protection", but it's heaps better than running as an admin alone.
     
  9. Rich-M

    Rich-M

    Joined:
    May 3, 2006
    Messages:
    22,443
    Foolish paranoia for the average user as far as I am concerned. For those who are inclined to take big risks, well it isn't a bad idea to have a second user as Admin, especially if you get into a situation where the main user becomes so badly corrupted you need to dump it, but that has never happened to me and I like the simplicity of booting right up and also have nothing to hide in my user/admin. But switching users to go on the internet? nah makes more sense to be careful with what you do and have adequate backup capability if you stray. between my weekly Acronis backups and Argentum hourly file and data backups, I can be back real close to where I was in 20 minutes, clean of any problems.
     
  10. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    "Yes I am paranoid."

    I wipe my system and do a clean install of the OS twice a year for two reasons:

    1) You never know what's been in your system for x amount of time.

    2) I normally have to dump a user account because it gets corrupted at least once a year.

    Either or both I wipe the system. Rarely can I simply remove the user account. I get tired of typing in my administrator password; thus I revert back to administrator only. I'm not a fool about it though. I dumb down my network settings, turn off remote access, turn off remote asistance, and disable all unused accounts. Learned that since I've installed windows 2000 or xp a total of 15 times in 5 years. I don't even use the default accounts, I create new ones since hackers or crackers (there is a difference) are surely going to try to compromised those first. My computer's security isn't top of the line, but should at least slow a skilled threat down if not stop it.

    As far as I can tell those are general differences between and Administrator and a Power User Accounts.

    Sometimes I would goto a family members house and access critical files via dailup (been so long I forgot how to do it). That was a pain in the butt, all those security measures taken just to asscess my passowords. Thank goodness for flash drives :).
     
  11. Rich-M

    Rich-M

    Joined:
    May 3, 2006
    Messages:
    22,443
    See I agree there could be reasons to do a new Os yearly, but if you use the right programs, and that means you pay for them and they are highly rated, and shut down pc when not in use, I never have these issues.
    I remember in the days of "buggy" Windows 98 I was formatting every month until I locked onto idea of 2nd hard drive and a program called Drive Image. That ended all that and also had Datakeeper running in the background (the single stupidest thing PQ and then Symantec ever did was not realize the value of Datakeeper).
    I use the best antivirus program known to man (www.nod32.com before anyone asks) and the best antispyware program (www.superantispyware.com) and give all the free programs to all my friends and enemies for their pleasure.
    I never have virus, never have spyware and it sure isn't because of how careful I am where I go. I use no 3rd party firewalls, yet an experienced hacker could not get into my system (hardware firewall and Vista Fw)....and I have 1 user and never password anything I do not have to, to run.
     
  12. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    My AntiVirus is Trend Micro www.trendmicro.com. Before them I used a free antivirus by Computer Associates. I miss that program. Saved me $100s in antivirus, worked great. As far as I can remember it "never" crashed and "never" failed to stop a virus. Then I tried MacApuke, with mixed results.

    Software these days isn't about using the same stable app for life, it's about "the license." Getting users to pay for the next great upgrade, will probably use Windows XP Pro on the next machine I buy and won't stop using it until the end of of it's support lifecycle. Which seems to be about 7 to 10 years.
     
  13. jonasdatum

    jonasdatum Thread Starter

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    This is why I prefer to use Administrator; this morning on my Power User Account I tried to erase a bunch of old files on my backup hard drive and access was denied. Why was I unable to erase or even delete the files on my backup drive? Those files were created months ago on an Administrator account. Those files were on there before I reinstalled windows xp this week, can somebody explain this? Do I need to make my power user account a member of the backup operators' group?

    I've also been having problems with Microsoft Word 2000. It's been so long forgot the work around, but I had to uninstall it from my Administrator account to install AND use while a Power User. Currently trying to figure it out. Should just need to install it under Administrator again. I think you had to install it under the weaker account first before you install under Administrator - man it's been so long.
     
  14. bearone2

    bearone2 Banned

    Joined:
    Jun 4, 2004
    Messages:
    5,809
    it depends on what you think is serious.

    my wife and son have separate user accounts on a dell laptop and a dell desktop, in both cases, password protected.

    on the desktop, i've had to restore xphome/sp2 twice and had to slave the main drive to another hd, jumpered as master.

    as a slave the data could be seen but not accessed/recovered.

    you have some serious issues that makes me think you question everything and try to over protect yourself.
    i use xppro with no sp's, behind a router for wired pc's and wireless laptops with w2k/sp4 and have no security issues that keep me up at nite.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - shouldn't computer administrator
  1. Buffalo19
    Replies:
    1
    Views:
    686
  2. Marcella253
    Replies:
    2
    Views:
    701
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/322369

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice