hey hello!
i read the guide about win2003.
the guide say: You should create a user account immediately. Leave the Administrator account in its default state and create your user name using these steps.
well my question is, what if i use the admin account by default? there is something bad? because i allready use my winxp as admin....
thanks for help!
Full Version: win2003 login question
Admin account = larger attack surface.
Limited account = less chance that you're gonna do something that will screw up the entire system
Limited account = less chance that you're gonna do something that will screw up the entire system
but what kind of attack?
do you mean if on my own, i open a virus or something else?
or im more vulnerable juste at idle ? (like blaster since 1 year)
do you mean if on my own, i open a virus or something else?
or im more vulnerable juste at idle ? (like blaster since 1 year)
What does "Leave the Administrator account in its default state" mean? The admin account created at install is what is used. The "state" of the server is determined by its role within the Domain or Forest and, as such, its "state" is controlled by the Domain Controller and Active Directory.
You install W2K3, set its roles and thats it. There is no need to create other logins. When last did you, on a regular basis, log off the Admin account and on as another account, on a server? (not talking RDP).
You install W2K3, set its roles and thats it. There is no need to create other logins. When last did you, on a regular basis, log off the Admin account and on as another account, on a server? (not talking RDP).
In a Windows 2003 enviroment you are not at risk of using the Administrator account such as you would under a *nix enviroment with the root account. It's always a good idea to create multiple users for different enviroments\purposes, but realistically...if you are the admin, using the machine with the Admin account isnt that much of a risk...
Not so sure I agree with at view cultavix - it's a very bad habit to get into, using a FULL admin account to perform your day to day functions, surfing, email, etc...
Your day to day account should not be a FULL admin account! Be it in a domain or just on the local machine, be in the windows world or nix.. From a security standpoint - you should only use the min permissions required to perform the function.. You sure do not need the ability to wipe out any file on the system, or change any file, etc.. etc.. every minute your using the machine.. Running as a FULL admin account gives you this - and leaves the system open to mistakes (deleting something, changing something, etc..) Any exe that you run can run with YOUR permissions, so it would have FULL admin rights (be in on the local machine only - or the whole domain) too..
Do quite a few people do - sure they do, does not mean its a good idea!
Your day to day account should not be a FULL admin account! Be it in a domain or just on the local machine, be in the windows world or nix.. From a security standpoint - you should only use the min permissions required to perform the function.. You sure do not need the ability to wipe out any file on the system, or change any file, etc.. etc.. every minute your using the machine.. Running as a FULL admin account gives you this - and leaves the system open to mistakes (deleting something, changing something, etc..) Any exe that you run can run with YOUR permissions, so it would have FULL admin rights (be in on the local machine only - or the whole domain) too..
Do quite a few people do - sure they do, does not mean its a good idea!
thanks guys
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.