Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    San Diego, CA
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Folks;

    It's very important to run Windows XP in a limited privilege mode because XP doesn't have any UAC capability and malware installs itself most easily when the user account that encounters it has full administrative privilege to change anything on the system. Windows 7 still has the idea of limited user and privileged (administrator) user and, of course, it is still very useful for restricting certain users from making system changes that might damage or disable the system. But for the purpose of blocking malware installations, does limited user mode have any advantage over admin mode? When I run Win 7 in limited user mode, UAC asks me for permission to make changes and requests an admin account password. When I run as an administrator, UAC asks me for all the same permissions, but doesn't require the password. I simply need to click an OK button on the secure desktop.

    So, why should I run Windows 7 as a limited user? Isn't this advice now obsolete for Win 7?

  2. #2
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    If you are the only user and you are the administrator, then no, it probably doesn't effectively matter, especially if you trust yourself. But if you are the administrator and someone else is the user, a standard user account makes a lot of sense.

  3. #3
    2 Star Lounger zigzag3143's Avatar
    Join Date
    Dec 2009
    Location
    NYC
    Posts
    195
    Thanks
    13
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by Kent W. England View Post
    Folks;

    It's very important to run Windows XP in a limited privilege mode because XP doesn't have any UAC capability and malware installs itself most easily when the user account that encounters it has full administrative privilege to change anything on the system. Windows 7 still has the idea of limited user and privileged (administrator) user and, of course, it is still very useful for restricting certain users from making system changes that might damage or disable the system. But for the purpose of blocking malware installations, does limited user mode have any advantage over admin mode? When I run Win 7 in limited user mode, UAC asks me for permission to make changes and requests an admin account password. When I run as an administrator, UAC asks me for all the same permissions, but doesn't require the password. I simply need to click an OK button on the secure desktop.

    So, why should I run Windows 7 as a limited user? Isn't this advice now obsolete for Win 7?
    Kent Hi and welcome

    Some people see it as an added layer of security, some simply turn it off. I am one who turns it off. I am the only user in a secure environment with firewalls, AV's and malware.


    Hope This helps


    Ken J
    Microsoft Most Valuable Professional-- Windows Expert Consumer 2009---2015
    MCC 2013-2015

    Wanikiyi & Dyami--Team ZigZag3143

  4. #4
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Hi all,

    Basically, the UAC feature means that all users, including users with administrator accounts, run pretty much as a standard user in ordinary operations. In Windows 7, legacy apps that ran in XP and wrote (data such as configuration information) to areas that are ordinarily unavailable to standard user accounts (because most users ran with administrative privileges in XP), will attempt to write to file and registry areas that UAC protects. To ensure compatibility for such apps, when UAC is enabled, it redirects attempts to write to sensitive files and appropriate areas of the registry to per user virtualized locations rather than the actual locations.

    If UAC is disabled, file and registry virtualization are are also disabled, with the consequence that any program you run can write directly to locations in the file system and registry that would normally be protected by UAC. That is a good reason to keep UAC turned on. It helps prevent access which could lead to corruption of some sensitive files and areas in the registry.

    The virtualized files and registry writes are stored in the C:\Users\username\AppData\Local\VirtualStore (which is one reason the AppData folder is a hidden folder), and when the apps need read access to what they formerly wrote, they are redirected to the same virtualized location. For the app involved, everything appears normal and it remains satisfied.

    If you open a folder where a virtualized write has occurred, a Compatibility Files link will appear on the Windows Explorer toolbar. If you click on Compatibility Files you will be taken to the VirtualStore location where the data was actually written.

    So for a home user, running with administrative privileges while UAC is enabled, still provides some of the functionality and benefits of running as a standard user.
    Deadeye81

    "We make a living by what we get, we make a life by what we give." Sir Winston Churchill

  5. #5
    5 Star Lounger
    Join Date
    Jan 2010
    Location
    Los Angeles, CA
    Posts
    828
    Thanks
    4
    Thanked 38 Times in 34 Posts
    There are actually subtle differences between running as the "Administrator" user and running an account that has administrative privileges (an account in the Administrator's group, or in the User Accounts Control Panel the Account Type is Administrator). If you are seeing the UAC popups, then your account is in the Administrator's group and you have administrative privileges (or at least, as many as UAC grants you).

    If you create another account that does not have administrator privileges then you will not see the UAC popup and you will be prevented from performing that function (any function that requires admin privileges). For example, if you run regedit there is no UAC popup but you will be prevented from changing system settings. For other things, such as installing a new program, you will simply be prohibited from doing so.

    On my personal desktop and laptop I run as an administrator (but not as "Administrator") and have UAC turned off. On my business laptop I also run as an administrator but leave UAC set to its default setting. That was annoying when I was setting up the laptop, but after that it was not so bad.

    There is also this great utility called DropMyRights - with it you can run applications with the minimum number of rights possible. I set up the household desktop to use that for email, IE and Firefox - greatly reduces the likelihood of contamination.

  6. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by Kent W. England View Post
    Folks;

    It's very important to run Windows XP in a limited privilege mode because XP doesn't have any UAC capability and malware installs itself most easily when the user account that encounters it has full administrative privilege to change anything on the system. Windows 7 still has the idea of limited user and privileged (administrator) user and, of course, it is still very useful for restricting certain users from making system changes that might damage or disable the system. But for the purpose of blocking malware installations, does limited user mode have any advantage over admin mode? When I run Win 7 in limited user mode, UAC asks me for permission to make changes and requests an admin account password. When I run as an administrator, UAC asks me for all the same permissions, but doesn't require the password. I simply need to click an OK button on the secure desktop.

    So, why should I run Windows 7 as a limited user? Isn't this advice now obsolete for Win 7?

    I believe a large part of your security is to be proactive with it. If you keep your PC up to date with updates, if you keep your apps up to date, if you routinely run good AV and AM apps and routinely scan with them, then you can make your system secure and reliable. I run as an Administrator and I find the minor inconvienence of UAC helps with my peace of mind. If you stay away from suspect sites and suspect or unknown s/w and use a tool such as Web of Trust to monitor your surfing then you can minimize the effects of these suspect entities and again raise your peace of mind.

    Some feel that being proactive with security is too time consuming. I say "balderdash" (Is that really a word. I used to hear it in the movies and it sounded fun, I guess I'm aging myself) I only spend a couple hours per week and have all updates I can find and routinely do my scans. My 3 PC's have not been infected, and are all purring along like kittens without problems. Yes, I updated all to Win 7 which I feel is finally s/w that MS did right..

    Finally, since I have rambled on long enough, if you are the only user of your PC, then running as Administrator and following the recommendations above, should be very safe with limited user accounts unnessesary. If you have untrusted users, then by all means set up limited accounts for them.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. #7
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Texas
    Posts
    162
    Thanks
    0
    Thanked 2 Times in 2 Posts
    I take an extra step from Ted method
    I am a programmer so UAC off here

    I don't use Admininstrator account but have it password protected. Might be able to use that account to fix or undo something just in case.
    I run an aministrators account and by golly I think i can do anything that Admin can. Compared them some time ago with a MS differencing app and they look to be identical. The Admin could not delete a folder that I could not either. Finally found using Take Ownership altered I was able to delete that from within my account.
    I really think with uac off the administrators level is same.

    But good security measures, Antivirii, and regular backups is key to running in this state. I don't strictly stay away from unsafe sites either, I'm a programmer and looking for tweaks and data may land me anywhere search takes me but I read each link before clicking, I can be back in 5 minutes if I think something wrong but I am I guess what you call very anul attentive to whats going on

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    San Diego, CA, USA
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by veegertx View Post
    I take an extra step from Ted method
    I am a programmer so UAC off here

    I don't use Admininstrator account but have it password protected. Might be able to use that account to fix or undo something just in case.
    I run an aministrators account and by golly I think i can do anything that Admin can. Compared them some time ago with a MS differencing app and they look to be identical. The Admin could not delete a folder that I could not either. Finally found using Take Ownership altered I was able to delete that from within my account.
    I really think with uac off the administrators level is same.

    But good security measures, Antivirii, and regular backups is key to running in this state. I don't strictly stay away from unsafe sites either, I'm a programmer and looking for tweaks and data may land me anywhere search takes me but I read each link before clicking, I can be back in 5 minutes if I think something wrong but I am I guess what you call very anul attentive to whats going on
    My experience is pretty much the same as above, with one exception: I tried to run an install called Adobe Configurator using an account with admin rights, (not the Administrator Account). The program would not function properly after install. Only after installing using the Administrator account would the program function properly.

  9. #9
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Quote Originally Posted by Kent W. England View Post
    Folks;
    It's very important to run Windows XP in a limited privilege mode because XP doesn't have any UAC capability and malware installs itself most easily when the user account that encounters it has full administrative privilege to change anything on the system. Windows 7 still has the idea of limited user and privileged (administrator) user and, of course, it is still very useful for restricting certain users from making system changes that might damage or disable the system. But for the purpose of blocking malware installations, does limited user mode have any advantage over admin mode? When I run Win 7 in limited user mode, UAC asks me for permission to make changes and requests an admin account password. When I run as an administrator, UAC asks me for all the same permissions, but doesn't require the password. I simply need to click an OK button on the secure desktop.

    So, why should I run Windows 7 as a limited user? Isn't this advice now obsolete for Win 7?
    It would probably be far more effective, from a security standpoint to run Windows 7 in limited user mode than XP.
    The architecture of the Windows 7 os is such that the kernel is far more isolated than that of XP's core architecture
    adding to the safety and reliability of the limited usermode function as a whole, and the entire os for that matter.

    It's tantamount to adding another security layer, or another barrier for a hacker to have to overcome in order to successfully
    gain access to your machine. With Windows 7, the concept of limited user becomes far more effective than that of XP and
    does not in any way negate the need for limited accounts in Windows 7.
    ...Probably the opposite.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  10. #10
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Texas
    Posts
    162
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Richard Brooks View Post
    My experience is pretty much the same as above, with one exception: I tried to run an install called Adobe Configurator using an account with admin rights, (not the Administrator Account). The program would not function properly after install. Only after installing using the Administrator account would the program function properly.
    I looked at that and would have sampled it but I read this and don't have AIR or CS4 so can't test that here.
    This download provides the Configurator prerelease installer for Macintosh and Windows. To run this application, you will need to have Adobe AIR installed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •