User Accts on New Install


Recommended Posts

What is the best practice for user accounts on a new install of Win7 when only a single user (me) will be on the machine? In XP I had only the single acct that was also the administrator. Should I be setting myself up as a non-admin user for security? If so, what would I lose?

I know this all came up with Vista but I skipped that OS all together. If someone could point me to a white paper, or any other articles on dealing with this, I would appreciate it.

Link to comment
Share on other sites

MS encourages everyone to use Standard accounts for their daily routines. You can stay logged into the Standard account and still perform admin tasks as long as you have UAC enabled. This obviously wasn't possible under XP.

With that said, my user account is currently set up as an Administrator Account (not the real Administrator account) but I still get the benefits of UAC.

Link to comment
Share on other sites

I HIGHLY advise no one enable the real admin account. Even if you're the only user, it's still not OK to enable it.

Link to comment
Share on other sites

I HIGHLY advise no one enable the real admin account. Even if you're the only user, it's still not OK to enable it.

There is is no harm in enabling the administrator account as long as you have a normal user for everyday tasks. Certain operations can only easily be accomplished with the actual admin account. To enable do: net user Administrator /active:yes Log out and select Administrator, then create a password.

Link to comment
Share on other sites

Nobody has yet to explain to anyone "why" we should not enable the real Administrator account or not.

By using the real Administrator account, it is far easier to have your system hacked. Standard security policy is to:

1. Rename the real administrator account to something else, best if you use a long name

2. Use a hardened password for this account

3. Rename the "Guest" account and leave is disabled.

Doing this will confuses most virus and trojan programs because the default names are no longer available to attack.

Disabling the real Administrator account and using a second admin account is no different then just renaming the real Administrator account and using it as your normal login.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.