Results 1 to 10 of 10
  1. #1
    Star Lounger johjue's Avatar
    Join Date
    Dec 2009
    Location
    Chicago,Illinois
    Posts
    99
    Thanks
    1
    Thanked 9 Times in 9 Posts
    If this question has already been addressed, please forgive me! I have been running under an administrator account for some months now without any problems, but now see that it is more secure to run at a lower level for security reasons. I really like how I have the admin account set up, and don't want to lose everything or have to re-setup a new account like the current admin account. If I create a new admin account, and then "down grade" my current one to a lower privilege level, is that going to accomplish what I want to do without losing anything? If so, what is the best privilege level to use when online? I'm running Win 7 64-bit on a desktop, and Win 7 32-bit on a laptop. Thanks for any advice!

    John
    Dell Inspiron 530 Intel Pentium E2180 dual core @2.00 GHz 4GB Ram Win7 64 bit

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,188
    Thanks
    47
    Thanked 984 Times in 914 Posts
    See this thread for ideas / comments.

    cheers, Paul

  3. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I run as an administrator all the time, in fact I do not have a regular account set up on my PC. My wife's PC is the same, and so is our desktop (not used nearly as often since we purchased laptops). I use a router with a hardware firewall, use Win firewall, MS MSE which includes AV and Anti-malware protection, and regularly scan with Anti-Malware Bytes and Spybot. I keep my OS up to date, and regularly clean all temp files including IE temp files using IE own cleanup as well as CCleaner. I feel very secure and have never had problems with anything getting through my protection scheme. The difference is I do not have others using my PC. If I had several people regularly using my PC, I would limit their access to a more restricted account, but still use the admin account for my use.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #4
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,760
    Thanks
    26
    Thanked 424 Times in 338 Posts
    Quote Originally Posted by Ted Myers View Post
    I use a router with a hardware firewall, use Win firewall, MS MSE which includes AV and Anti-malware protection, and regularly scan with Anti-Malware Bytes and Spybot. I keep my OS up to date, and regularly clean all temp files including IE temp files using IE own cleanup as well as CCleaner. I feel very secure and have never had problems with anything getting through my protection scheme.
    With the exception of Spybot and CCleaner (I have other methods), so do I. I still consider it ill-advised to offer Administrator Privileges freely to the internet. It isn't a matter of "if" you become the object of a malware attack, it is a matter of "when". Just recently there have been a number of reports of malware attacks through ads on otherwise legitimate and trustworthy web sites. Ads are nearly always fetched from a server other than the server hosting the trustworthy web page. I have been hit twice from different sites in just the last week, once on my laptop and once on my desktop, and MSE flagged the attack in both cases and cleaned the offending files from my machine.

    However, by running under a Power User account, the malware was severely limited in what it could do. I used Task Manager to close Internet Explorer, let MSE do its thing, and that was that.
    Jerry Pournelle is considered fairly knowledgable in the workings of computers and software; wrote a column for Byte magazine for years until it went under. From what I can gather, he runs routinely using an account in the Administrators Group.

    I believe that running routinely as a member of the Administrators Group is similar to leaving a key in your front door along with a note telling passersby that you aren't home.

    I feel very secure also, but it is only because I routinely use drive images for backup, so if I do get pooched, I can recover easily without any damage carrying over.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    San Diego, CA
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by John Juergens View Post
    I have been running under an administrator account for some months now without any problems, but now see that it is more secure to run at a lower level for security reasons.

    John
    In Windows XP, without User Access Control features of Vista/Win7, it was very important to do most tasks as a limited user. Vista added the UAC feature, but it was very noisy, leading some people to turn it off and lose the security features. In Windows 7, Microsoft has toned down the noise of UAC and given users some control over the notification frequency. Here is what I have found: In Windows 7 with default settings for UAC, the only difference between admin and limited user is that UAC asks for an admin password when performing privileged actions as a limited user and does not ask for the password when running as admin. All the UAC popups are the same between limited and admin. The only difference is the password request.

    It's making me wonder if there are any differences between admin and limited accounts, for protecting against unauthorized changes, in Windows 7. The only really annoying thing about Windows 7 access control is that it still uses the context of a different account, instead of simply elevating the current logged on account. The way Linux does it with sudo is better in my opinion. Linux also has a more fine-grained access control system than Windows 7, but Win7 is now "good enough".

  6. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I should have specified that I use Win 7 on all our PCs. I also feel Win 7 does a much better job of protecting my PC, and that protection (UAC) along with the other items I mentioned provide a very secure system. As I stated, I have not suffered any attacks yet. MSE has stopped a couple of attempts, but as I said they did not get through. I do not click any links in pop ups that routinely occur. Most are stopped by the built in pop up blocker, and those that get through are deleted manually by me. I do NOT investigate unsolicited junk, just delete them. My feeling is that if I want something I will research and solicite info manually, not use the unsolicited junk. I believe that if everyone simply deleted this junk, eventually the junk would disappear since the spammers would not get anything from their spam. Yea, I know, when did I get back from Oz?
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. #7
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,760
    Thanks
    26
    Thanked 424 Times in 338 Posts
    My advice to anyone who wishes to run routinely as a member of the Administrators Group, not matter what version of Windows you are running, is to stay current with drive images religously.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Thibodaux, LA
    Posts
    17
    Thanks
    1
    Thanked 1 Time in 1 Post
    I too, recently read enough about using Admin priveledges all the time, and created an account to use day-to-day. As John first posted above, I had been on this pc for a few months and was "comfy" with how it was set up, and feared it would be a pain in the toucas to start over; well it was, and wasn't. The hardest things were using Outlook on the new account (had to start over), then point to the old PST files.
    Other parts of it went seamlessly, and I've finally gotten used to providing the Admin password when doing things like installing, deleting, gettting files off the Admin's My Documents.

    There seemed to be no easy way to get all the things migrated over, other than deal with them as I went along.

  9. #9
    Star Lounger johjue's Avatar
    Join Date
    Dec 2009
    Location
    Chicago,Illinois
    Posts
    99
    Thanks
    1
    Thanked 9 Times in 9 Posts
    Quote Originally Posted by Craig Campo View Post
    I too, recently read enough about using Admin priveledges all the time, and created an account to use day-to-day. As John first posted above, I had been on this pc for a few months and was "comfy" with how it was set up, and feared it would be a pain in the toucas to start over; well it was, and wasn't.

    There seemed to be no easy way to get all the things migrated over, other than deal with them as I went along.

    My sincere thanks to all of you for replying to my question! I haven't seen enough yet to decide one way or the other. Craig has most accurately stated my primary reason for being reluctant to "demote" myself. I am doing the same security things as the rest of you suggest- that gives me some peace of mind. My concern is that if I do get nicked, it will be a doozy! I think that I will hold off for now on any change. Any other input would be very much enjoyed and appreciated.

    Thanks again,
    John
    Dell Inspiron 530 Intel Pentium E2180 dual core @2.00 GHz 4GB Ram Win7 64 bit

  10. #10
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,188
    Thanks
    47
    Thanked 984 Times in 914 Posts
    My concern is that if I do get nicked, it will be a doozy!
    That's what backup to another disk is for!

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •