Results 1 to 14 of 14
  1. #1
    4 Star Lounger
    Join Date
    Mar 2004
    Posts
    461
    Thanks
    37
    Thanked 1 Time in 1 Post

    Standard user vs administrator (SP1)

    As far as I can tell, the only difference between a standard user account and an administrator account (the regular admin account, not the hidden admin account) is that when it is necessary to elevate the rights for the task at hand, the standard account needs to input an admin username and password, while the regular admin account only needs to click Continue in the UAC dialog.

    Is this the only difference, or are there any other differences? It seems they both get the same number of prompts for elevation of rights, for the same tasks. Am I missing something here?

    Thanks

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,543
    Thanks
    1
    Thanked 614 Times in 550 Posts

    Re: Standard user vs administrator (SP1)

    That is pretty much it. See these discussions - Standard user or administator account in Windows Vista General Discussion & Running as an Admin with prompts vs Standard? - Vista Forums. Microsoft added the additional work for the user to make it somewhat more unlikely that users would just install anything without notice. One could make a point that UAC is just another dialog that most people ignore.

    Joe

  3. #3
    4 Star Lounger
    Join Date
    Mar 2004
    Posts
    461
    Thanks
    37
    Thanked 1 Time in 1 Post

    Re: Standard user vs administrator (SP1)

    Thanks Joe. Actually that first thread you referred to was one I started. I was disappointed in the reponses I got on that MS board, so I decided to post here once I remembered there was a Vista board here, and the posters here always seem knowledgeable.

    Since there seems to be so much mis-information about these account types, I decided to run a few limited tests of my own. I've found that an unelevated standard user account is definitely NOT the same as an unelevated (regular) administrator account.

    This can be seen if you open either regedit or services.msc. The admin is presented with the UAC elevation prompt, and can then make changes. On the other hand, the standard user is NOT presented with a UAC prompt, and the standard user is only able to view the settings, and is unable to change them. If the standard user instead right clicks and selects Run As Administrator, then he is able to make changes.

    So since it is clear that this difference exists, I am (still) wondering what other differences there are between an unelevated standard user and an unelevated administrator. Of particular interest is whether malware that gets installed on a standard account (whether when elevated or not) is limited in the harm it can do.

    Thanks

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,543
    Thanks
    1
    Thanked 614 Times in 550 Posts

    Re: Standard user vs administrator (SP1)

    If malware is installed under a standard account it WILL be limited in what it can do. It will be subject to the same limits as any software run under that account. So, if it tries to modify a protected part of the system it won't be able to.

    If part of the malware install package is malware and the package is run with admin privilges then it (the install package) can do whatever any other program with admin privilieges can do.

    Joe

  5. #5
    4 Star Lounger
    Join Date
    Mar 2004
    Posts
    461
    Thanks
    37
    Thanked 1 Time in 1 Post

    Re: Standard user vs administrator (SP1)

    Thanks Joe.

    But as far as I can tell, no software can be installed under a standard account. The standard user gets the elevation prompt and supplies the admin password, then the software will be installed under the admin account. I've not come across anything that could be installed without elevation of rights. (I am not sure if malware from a driveby can be installed without triggering an elevation prompt).

    I could be wrong on this, but It seems to me that most standard users will get used to supplying the admin password whenever prompted, just like admin users get used to clicking Continue. When a website requires Java or Flash, you are prompted for elevation by UAC and people will be used to allowing it when a website triggers a prompt. And if a site is trying to install malware, it seems the standard user will supply the admin password there too, since the average user will not know it is malware, will just assume it is java, flash, quicktime, etc or not think about it at all.

    It seems like the only users that will be more secure are ones that do not have an admin password. But that is not what I am asking about here. I'm talking about users who are the only ones using the computer.

    Thanks

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,543
    Thanks
    1
    Thanked 614 Times in 550 Posts

    Re: Standard user vs administrator (SP1)

    Well, I guess it is semantics but the installation is running under alternate credentials in the same account. I agree that a standard user must install with alternate credentials and that makes it more difficult for drive by software to be installed. BUT, I also agree that users, either standard or admin, will become too used to UAC and just 'get by' it without thinking or paying attention.

    The tough part is that UAC and privilege elevation is well intentioned but getting users to break bad habits is very very hard.

    Joe

  7. #7
    4 Star Lounger
    Join Date
    Mar 2004
    Posts
    461
    Thanks
    37
    Thanked 1 Time in 1 Post

    Re: Standard user vs administrator (SP1)

    OK thanks.

    I've converted my user account to standard user, and I've found so far that I've received very few elevation prompts. Everything seems to run ok.

  8. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,543
    Thanks
    1
    Thanked 614 Times in 550 Posts

    Re: Standard user vs administrator (SP1)

    Thanks for posting back and continued good luck with it. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    Joe

  9. #9
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Standard user vs administrator (SP1)

    Just remember to ALWAYS keep a protected "Admin" account so you can get back in. A standard account can NOT be changed to a Admin from the Standard account.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  10. #10
    4 Star Lounger
    Join Date
    Mar 2004
    Posts
    461
    Thanks
    37
    Thanked 1 Time in 1 Post

    Re: Standard user vs administrator (SP1)

    Yes, thanks.

    I did create another admin account for that reason. I had also previously enabled the hidden administrator account, but I generally would not have done that, so I wanted to duplicate a real world situation as I might set up another computer.

    When you say "protected" I assume you mean with a password?

    Thanks

  11. #11
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Standard user vs administrator (SP1)

    Yes, PASSWORDED.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  12. #12
    4 Star Lounger
    Join Date
    Mar 2004
    Posts
    461
    Thanks
    37
    Thanked 1 Time in 1 Post

    Re: Standard user vs administrator (SP1)

    OK thanks

  13. #13
    Bronze Lounger
    Join Date
    Apr 2001
    Location
    Peterborough, Ontario, Canada
    Posts
    1,450
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Standard user vs administrator (SP1)

    I suspect it is more than semantics. A single user who has a second account can browse and have a safer time with a lot of things, but when it comes to updates a lot of programs have a normally-welcome 'check for update' feature that kicks in automatically, but which will be disabled if the account is not an admin account.

    That doesn't mean don't take the safer route, but it does mean that when you do use the admin account it may be helpful to do a round-robin of your programs to check that they are up-to-date.

  14. #14
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,543
    Thanks
    1
    Thanked 614 Times in 550 Posts

    Re: Standard user vs administrator (SP1)

    The OP was talking about installing software using admin credentials not the everyday tasks. It will take some time for users and software vendors to get used to the standard user in a Windows environment. I agree if you choose to run as a standard user that may cause issues with software updating and that you should periodically check for software updates.

    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •