The Lemon Fool

In the past one security tip - or at least one that I've seen in a few places - has been for Windows users to do their daily work using an account that did not have admin privileges. I'm wondering how many people do this. I'm actually more interested in any observations that people might have on the subject but I thought I might as well make this post a poll to also collect some quantitative data - purely out of curiosity.

I currently do follow this advice. When installing a new PC I disable the default Windows Admin account and create 2 new accounts, one called "<MyInitials>-Admin" that is a local account with admin privileges and the other simply called "<MyInitials>" that is a regular user account (no admin privileges) and is associated with my Microsoft ID. It's sometimes a bit of a faff to have to go and log onto the -Admin account to do certain stuff so I'm wondering whether to bother anymore.

I'm about to set up a new PC since I just cannot resolve the instabilities I've been experiencing over the last couple of months with my current 2.5 year old PC hence my interest.

- Julian

Beh, mirrored topic title and post question!

Do I disable admin functionality on my main Windows account? No
Does your primary user account have admin privileges? Yes

Julian wrote:In the past one security tip - or at least one that I've seen in a few places - has been for Windows users to do their daily work using an account that did not have admin privileges.

Corporate PCs may well be set up that way. For home users it's just a pain. Microsoft tried to enforce admin privileges with Windows Vista, but abandoned the idea with Windows 7, which was much more popular.

I always log in as a non-admin account, and UAC handles admin permission when necessary. Or start a command window with admin permission.

Very rarely do I need to log in to the admin account.

Akin to Unix, nobody needs to log in as root directly.

Scott.

I always log in to Windows with admin privileges as it’s pretty risk free like that and frequently saves me a bit of aggro with file properties etc. OTOH I never log into Unix of any variant with root privileges as it’s far too easy to commit a mega-goof.

Thanks for all the replies and responses to my poll.

mc2fool wrote:Beh, mirrored topic title and post question!
...

Ooops. I'm as bad as the online marketing industry. I'm convinced that there must be some secret agency somewhere that coordinates those tick boxes for saying whether you want to go on the mailing list or not to ensure that there's an exactly 50/50 split between those web sites that require you to tick the box if you want to opt in and those that require you to tick the box if you want to opt out!

Anyway, back to topic. Interestingly as of now there is quite an even split on this poll. I'm leaning towards setting up my next PC with just a single account with admin privileges and tied to my Microsoft ID.

Previously I've taken admin privileges off my mail account for security reasons rather than concern that I might break something by deleting some essential system file or whatever. I suspect the extra malware protection I get from that is really low now however since, as Infrasonic implicitly pointed out via the link to the Microsoft ConsentPromptBehaviorAdmin documentation, an attempt by a non-Windows binary e.g. malware accidentally downloaded from the web would - at least as I understand that documentation - still by default generate a prompt for consent if it tried to do something admin-ey (like install a key logger) even if I was logged on as an administrator at the time and if the malware is sophisticated enough to bypass that mechanism by using some unknown and/or currently-unpatched exploit then I'm probably pretty stuffed anyway because in that case I would think that it's pretty likely that it would be able to escalate its privileges unnoticed even if I was logged into a non-admin account at the time.

On balance I think I'm going to go for the marginal increase in convenience in return for what I perceive as the even more marginal reduction in protection against malware.

Ironically just a few minutes ago I tried to create a Windows 11 installation USB stick using the Microsoft media creation tool and that failed because it said I had to be logged on as an admin.

- Julian

Julian wrote:On balance I think I'm going to go for the marginal increase in convenience in return for what I perceive as the even more marginal reduction in protection against malware.

Ironically just a few minutes ago I tried to create a Windows 11 installation USB stick using the Microsoft media creation tool and that failed because it said I had to be logged on as an admin.

- Julian

I don't have admin privileges on my main Windows account. I can't speak about the media creation tool, but almost every time I need to do anything that requires admin privileges, I can still do that within my main standard account, by typing in the admin password (well actually, swipe my other finger). It's not a hassle and I'd rather keep my PC locked down on the off chance.

torata

mc2fool wrote:Beh, mirrored topic title and post question!

That confused me too. Saved by the possibility to change my vote.

- Julian
I don't have admin privileges on my main Windows account. I can't speak about the media creation tool, but almost every time I need to do anything that requires admin privileges, I can still do that within my main standard account, by typing in the admin password (well actually, swipe my other finger). It's not a hassle and I'd rather keep my PC locked down on the off chance.

Quite right, it is no hassle at all. IMHO making your user account as not-admin is the single and simplest way to protect your PC from malware. I don't think the risk of using an admin account is low, as some have implied - I've seen PCs with all sorts of stuff installed unknown to the users. Any attempt by emails, etc.to install malware will be prevented as the request for the admin password will appear, whereas if you are running in admin mode you may not even know that malware has been installed on your PC.

As Microsoft says: "The recommended and more secure method of running Windows, is to ensure your primary user account is a standard user. Running as a standard user helps to maximize security for a managed environment."
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/user-account-control/how-it-works

At home, all the users have admin rights, but then my kids never use e-mail or messaging on it, so risk is reasonably limited.

At work I have a separate account with admin access, largely because no one else has admin rights and our IT is outsourced, so the odd little things people need to have admin rights to achieve, I do locally rather than raise a ticket.

DM