Results 1 to 12 of 12
  1. #1
    New Lounger
    Join Date
    Feb 2010
    Location
    Texas
    Posts
    5
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question Windows 7 Admin & Standard Accounts

    Why should a standard account be used in Windows 7 if UAC is turned on? It seems to me the whole point of UAC is for safety and so what extra safety is provided by the Admin account?

    Martha

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,433
    Thanks
    371
    Thanked 1,456 Times in 1,325 Posts
    Martha,

    The one advantage I see is that you can't do things that UAC will warn you about in an Admin account and then you just click through the warnings because you have become accustomed to them. Back in the days of yore the old "Are you sure [y/n]" prompts in DOS were automatically answered in the affirmative w/o the user's reading the preceding messages because they just got tired of them and always answered "Y". That is of course until they entered "Format C:" by mistake when they wanted "Format A:" and the rest is history!
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. The Following User Says Thank You to RetiredGeek For This Useful Post:

    CLiNT (2011-01-29)

  4. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by mabagwell View Post
    Why should a standard account be used in Windows 7 if UAC is turned on? It seems to me the whole point of UAC is for safety and so what extra safety is provided by the Admin account?

    Martha
    Martha, Welcome to the new Lounge.

    I guess my answer to your question would be another question, How comfortable and proactive are you in setting up your PC security and maintaining that security? If your knowledge and experience allows you to keep your PC secure without the extra help Win 7 provides then turn UAC off. If you do not feel comfortable enough yet to keep your PC secure, then leave UAC on. Same with using a Standard account compared to the default Administrator accout. Again, how knowledgable are you in keeping your PC secure?

    In my case, my wife and I use the default Administrator account. I feel very comfartable in keeping our PC's secure. I have UAC turned off on my PC, she has it turned on with her PC. I keep UpTo Date Images on both, so in my case I do feel comfortable in my knowledge to allow us to use our PC's in this way.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. The Following User Says Thank You to Medico For This Useful Post:

    CLiNT (2011-01-29)

  6. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,518
    Thanks
    152
    Thanked 1,397 Times in 1,220 Posts
    Quote Originally Posted by mabagwell View Post
    Why should a standard account be used in Windows 7 if UAC is turned on? It seems to me the whole point of UAC is for safety and so what extra safety is provided by the Admin account?

    Martha
    Hello,

    The UAC, per itself, won't ensure complete safety. There are security vulnerabilities where the malware will bypass the UAC. That means you cannot trust the UAC to protect you against every possible threat.
    Does this mean you should use a standard account instead of an admin account? I can only give you my personal opinion and what I will tell you is that I find standard accounts too restrictive for what I do on my PC. So I use only admin accounts. However, I take additional protection, as I run a security application (Online Armor), which keeps tabs on programs and components running on my computer and only those that I allow can run. Of course, I also run an anti-virus.

    Thus my HIPS (Online Armor), coupled with an antivirus and the UAC set at the default Windows 7 level (which I find quite non-intrusive and hardly disturbing), together with what I'd say are rather defensive behavioral habits while using the internet, seem to provide a layer of protection that allows me to choose to use an administrator account.

    I also take other precautions, like keeping up to date backups which, in case something would go badly wrong, would allow me to restore my PC to a known safe state very quickly. All this considered, it's my choice to use admin accounts only. It's not totally risk free, but it has worked quite well for me.

    In your case, it's your choice to make, your experience, knowledge and habits taken into account. Using a standard account is a least risk strategy. Whether you feel comfortable to make choices that mitigate the risks of using a higher risk strategy is really the key to answer your question. A straight use of an admin account without a risk mitigating strategy has a greater likelihood of bringing you future problems, but that doesn't necessarily mean that you will have them.

    Regards

    Rui

  7. #5
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,760
    Thanks
    26
    Thanked 424 Times in 338 Posts
    Running routinely as a member of the Administrators Group is playing Russian Roulette with your system. Any malware that may find its way to your sytem automatically has elevated privileges if you're logged on as a member of the Administrators Group.

    It can also make simple mistakes on your account become global mistakes on the entire PC.

    Why make trouble easy?

    But don't take my word for it. Look through these threads of folks asking for help and see how many of them are running using an account that is a member of the Administrators Group.

    All my machines have at least two Administrators Group accounts (one being the default Administrator, which is disabled) but I rarely logon to such accounts. I use them only for deep maintenance, or global installations. For all other activities, I use a Power Users account, with UAC active.

    I want to know what's going on with my PC's.

    I also use drive images for backup, but I'd just as soon not have to restore a backup to a trashed machine. The only times I've used my drive images have been for testing purposes, or due to hard drive failure, or for a seamless hardware upgrade.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  8. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I may be playing "Russian Roulette" with my PC's, but it seems successfully so far. No viruses, no malware. I am very proactive with my security and believe as Rui does that I can protect my PC's as well as MS can. I do keep Up To Date Images of my PC's in case while "playing" with them I screw something up, and so far the only restorations on my laptop were because of my personal actions. I have never had to restore my wife's PC (She does not play the way I do). Perhaps for the average user, who is not proactive with their PC security (let's face it, there are most likely many more in this group than in my group) the separate Standard User account is a great idea. For me, it's too restrictive.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  9. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,518
    Thanks
    152
    Thanked 1,397 Times in 1,220 Posts
    Quote Originally Posted by bbearren View Post
    Running routinely as a member of the Administrators Group is playing Russian Roulette with your system. Any malware that may find its way to your sytem automatically has elevated privileges if you're logged on as a member of the Administrators Group.
    I must have steel nerves, then . My first PC was bought around 1988 and I was never infected by any virus or malware, regardless of what OS I have used. I have used all Microsoft's OSes, even the infamous Windows ME. The current Microsoft OSes are the most secure they have ever created and the current security software is the best ever, too.
    Every defense strategy includes a degree of compromise to offer a certain degree of security. I am comfortable with the degree of security I have now. With my 10 year old starting to use Facebook intensively, I may have to harden security somewhat, at least on his laptop.

    To add the discussion. not even regular accounts will ensure full protection. There are privilege escalation vulnerabilities too.

    In the end it's one's habits and strategies that account for one's security issues. I haven't fared bad in the last 22 years.
    Last edited by ruirib; 2011-01-30 at 07:48.

  10. #8
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,760
    Thanks
    26
    Thanked 424 Times in 338 Posts

    Help and Advice

    I come here to offer help and advice to Windows users who are having difficulties with their machines. In my view, to advise anyone that it is okay to always use an account that is a member of the Administrators Group is irresponsible.

    Best practices imply the use of a standard user account for everyday use, and the use of an Administrator account only for specific tasks which require those privileges and only for the duration of those tasks.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  11. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,518
    Thanks
    152
    Thanked 1,397 Times in 1,220 Posts
    Quote Originally Posted by bbearren View Post
    I come here to offer help and advice to Windows users who are having difficulties with their machines. In my view, to advise anyone that it is okay to always use an account that is a member of the Administrators Group is irresponsible.

    Best practices imply the use of a standard user account for everyday use, and the use of an Administrator account only for specific tasks which require those privileges and only for the duration of those tasks.
    Users are owners of their machines. They should be able to know that there is not a single way to do things. There are many ways to achieve the goal of having malware free computers. The standard user account is just part of a possible strategy to accomplish that. I won't even bother to comment on the irresponsibility statement, but to say that I do not share your vision of a single truth world.

    My belief is that people should have the information that enables them to make decisions about their own computers. That's what I do. I have no intention to preach to anyone on how they should use their computers or anything else, for that matter. If you do, that's your decision. In this, as in anything else, people read and make their choices. That works for me.

  12. #10
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by bbearren View Post
    I come here to offer help and advice to Windows users who are having difficulties with their machines. In my view, to advise anyone that it is okay to always use an account that is a member of the Administrators Group is irresponsible.

    [/FONT]
    I have not so far, nor has Rui, advocated that it is alright to always use an administrators account. We have just given our side of this topic. In point of fact I did say that for the average user that is not proactive with their security the Standard account may be a great idea (see post #6 above) I agree with Rui that we all own our PC's and thus have every right to set up and use our PC's as we see fit. That includes power users such as yourself and novice users alike. Like Rui, I also have had PC's for quite some time and do not remember ever having a virus infection. Perhaps I'm lucky, who knows, but I am proactive with my security and with Imaging and feel that I can recover quickly even if something does ever get through my defenses.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  13. #11
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,760
    Thanks
    26
    Thanked 424 Times in 338 Posts
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  14. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,518
    Thanks
    152
    Thanked 1,397 Times in 1,220 Posts
    You do what you think is right and I have nothing against that. I respect your opinion and I respect Woody's opinions, but I find I don't need to follow them on this matter (and I disagree with Woody on Homegroups or Windows updates too, just considering the advice given on the latest newsletter). Personally I have followed the strategy I described and I am quite happy with it. There quite a few people help who resort to me for help with their computers and they never had an issue with the combination of security apps I recommend.

    I believe the best way to fight malware is to have informed users. I will agree that some users don't care about that, others won't have the patience or the inclination to do it but others, like the original poster here, want to know more. To those, it's only fair that they get the information they need to make their own decisions about their own computers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •