©
|
©
|
|
back to the Best-practices security page
What are non-Administrator accounts? Non-Administrator accounts are allowed to use the computer's existing software, but they don't have unlimited power over the computer like an Administrator does. No one can shoot you with your own handgun if it has no ammunition, and likewise a non-Administrator account's inherent lack of power makes it MUCH more secure against viruses and spyware than using a Computer Administrator account. When Windows is installed, it has to make you an Administrator to begin with, but you can change that if you want. skip to the setup instructionsWhat about older versions of Windows, like Windows Millenium Edition (WinME) or Windows 98? Windows ME and Windows 98 do not have non-Administrator accounts available. If you're reading this, you're evidently interested in keeping your computer secure, so my advice is to abandon WinME and Win98 or at least keep them isolated from networks or the Internet.  Which type of user account am I using now? Administrator, or non-Administrator? If you don't know which type you're using, then you're almost certainly using an Administrator account, because that's how Windows sets you up by default. It's up to you to change your account to a non-Administrator account if you want to. How much does a non-Administrator account improve my computer's security? A great deal by itself, plus it reinforces your other security measures against tampering as well (antivirus, firewall, automatic updates). On Windows Vista, the use of Administrator accounts is safer than on Windows XP/2000, as long as you don't disable User Account Control, but you might as well do the job right and use a Standard account. show me some more security tips Non-Administrator accounts also help keep kids, roommates, siblings, and visitors from messing up your computer or getting into your stuff. I set up my home computer with a separate non-Administrator account named visitors. My other accounts are password-protected, so visitors is the only account that visitors can get into at the Welcome screen. If I try a non-Administrator account and I don't like it, can I undo it? Yes, it's easy to switch back and forth. How to change to a non-Administrator account There always needs to be at least one Computer Administrator account. So if you've been using the computer's only Computer Administrator account as your regular "daily driver" account, you'll need to make a new Administrator account before you can switch your own account to a non-Administrator account. The following directions are for Windows XP, but Vista is similar.
You're done! : ) The key idea is to only use your Administrator account when you actually need Administrator-level powers, such as when adding new hardware & software. For instant messaging, email, Web browsing and other daily computer use, use your non-Administrator account. For advanced users: adding a Software Restriction Policy
If you have Windows XP Professional Edition or Media Center Edition, or Vista Business or Ultimate Editions, try Software Restriction Policy too. To see what version of Windows you have, just click Start > Run, type winver in the box and click OK.  So if this is so effective, why don't more people do it? There's GOT to be a catch. Some software doesn't work correctly when you run it from a non-Administrator account. If you have problems, try my tips on this page. Windows Vista is specifically designed to handle this stuff better, so there's another reason to choose Windows Vista if you're building a PC. show me how to pick a version of Vista Split personality! Note that you can log onto multiple accounts at the same time. Click Start > Log Off and choose Switch User, and you can log onto another account without logging out of the first one. If you're not accustomed to running more than one account, it will help to remember that each account has its own folder in C:\Documents and Settings, containing each account's own My Documents, Desktop, Favorites and so forth. |
