I tried to find a similar article somewhere in the faq and past forums but couldn't find anything pertaining to this. My bad if there already is an article about this.
While browsing through the various settings in the computer management console I noticed that in addition to local users, there are local user groups you can set. I don't know much about how networks work and such, but I figure that these user groups, logically, are intended for managing large networks but, even if you're a single computer you can still set up user groups. These are nice settings and options to have in comparison to the optionless selection of choosing if you want to be a 'computer administrator or a limited user' from control panel. Wanting to know a little more about how all of this stuff works, I consulted the help files. The first pages I came across under 'local users' was entitled 'best practices". Shockingly, this page (and one corresponding directly to it) says that it is VERY unsafe to run normal practices, such as surfing the web, while logged in as an administrator beacause of vulnerability to trojan horses (capable of performing any action with full administrator privileges) and many other risks!!
Here is text pasted from the help files:
Best practicesDo not log on with administrative rights. Log on as a normal user and use the runas command when performing administrative tasks.
Using the runas command, you can run administrative tools with administrative rights and permissions while logged on as a user. You can also create shortcuts to run tools with administrative rights.
Why you should not run your computer as an administratorRunning Windows 2000 or Windows XP as an administrator makes the system vulnerable to Trojan horses and other security risks. The simple act of visiting an Internet site can be extremely damaging to the system. An unfamiliar Internet site may have Trojan horse code that can be downloaded to the system and executed. If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on.
You should add yourself to the Users or Power Users group. When you log on as a member of the Users group, you can perform routine tasks, including running programs and visiting Internet sites, without exposing your computer to unnecessary risk. As a member of the Power Users group, you can perform routine tasks and you can also install programs, add printers, and use most Control Panel items. If you need to perform administrative tasks, such as upgrading the operating system or configuring system parameters, then log off and log back on as an administrator.
If you frequently need to log on as an administrator, you can use the runas command to start programs as an administrator. For more information, see To start programs as an administrator. END of help article
I don't understand why control panel's user accounts gives you only 2 options of either Admin or Limited if this is such a security risk! :disgust: Who the hell would want to use a Limited account (except for kids, and people using other people's private computers)? You can't even install a program and many apps don't give you full capability to do stuff. Just think of all the people who have not read this article that log into their home computers everyday as administrators. Before I go ahead and switch the users to power users, one quick question: Will all the settings unique to each user be kept? Thanks for everyone's input. I just joined this forum and it appears to be a goldmine of information on computer issues of all kinds!!
While browsing through the various settings in the computer management console I noticed that in addition to local users, there are local user groups you can set. I don't know much about how networks work and such, but I figure that these user groups, logically, are intended for managing large networks but, even if you're a single computer you can still set up user groups. These are nice settings and options to have in comparison to the optionless selection of choosing if you want to be a 'computer administrator or a limited user' from control panel. Wanting to know a little more about how all of this stuff works, I consulted the help files. The first pages I came across under 'local users' was entitled 'best practices". Shockingly, this page (and one corresponding directly to it) says that it is VERY unsafe to run normal practices, such as surfing the web, while logged in as an administrator beacause of vulnerability to trojan horses (capable of performing any action with full administrator privileges) and many other risks!!
Here is text pasted from the help files:
Best practicesDo not log on with administrative rights. Log on as a normal user and use the runas command when performing administrative tasks.
Using the runas command, you can run administrative tools with administrative rights and permissions while logged on as a user. You can also create shortcuts to run tools with administrative rights.
Why you should not run your computer as an administratorRunning Windows 2000 or Windows XP as an administrator makes the system vulnerable to Trojan horses and other security risks. The simple act of visiting an Internet site can be extremely damaging to the system. An unfamiliar Internet site may have Trojan horse code that can be downloaded to the system and executed. If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on.
You should add yourself to the Users or Power Users group. When you log on as a member of the Users group, you can perform routine tasks, including running programs and visiting Internet sites, without exposing your computer to unnecessary risk. As a member of the Power Users group, you can perform routine tasks and you can also install programs, add printers, and use most Control Panel items. If you need to perform administrative tasks, such as upgrading the operating system or configuring system parameters, then log off and log back on as an administrator.
If you frequently need to log on as an administrator, you can use the runas command to start programs as an administrator. For more information, see To start programs as an administrator. END of help article
I don't understand why control panel's user accounts gives you only 2 options of either Admin or Limited if this is such a security risk! :disgust: Who the hell would want to use a Limited account (except for kids, and people using other people's private computers)? You can't even install a program and many apps don't give you full capability to do stuff. Just think of all the people who have not read this article that log into their home computers everyday as administrators. Before I go ahead and switch the users to power users, one quick question: Will all the settings unique to each user be kept? Thanks for everyone's input. I just joined this forum and it appears to be a goldmine of information on computer issues of all kinds!!
Facebook
Twitter