1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows accounts

Discussion in 'Computer Security' started by Boycie, Dec 16, 2005.

  1. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    It is recommended to use a limited account when using Windows for day to day activities. The idea, making it harder for anything nasty to do it's work.
    Is this effective? Can some piece of mal/virus execute itself if contracted in a limited account?
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Standard practice regardless of OS is to only use an account with the permissions required to do the tasks needed.

    A problem with this is that some applications require Administrative premissions to run (bad programming).

    Something that you can do with windows is to right click on the executable for the program and choose 'Run As', letting you use a higher level acount to run the app.

    8)
     
  3. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Linux is setup to run under a limited account by default. Of course, there are certain tasks you can only do as root but when you try to run them from X-windows, you are prompted for root's password. When you exit the task, you also exit root.

    On the command line (as you certainly know) you can switch from your regular user to root using the "su" command or using Debian or Ubuntu, use "sudo".

    Windows seems to be set up by default to run from the administrator account. In fact, most home users, whether they realize it or not, login as admin all the time. As Simon says, it's good practice to do day-to-day work on the system as a regular user but Linux is designed to do this while you have to consciously make yourself do this when running Windows.
     
    Certifications: A+ and Network+
  4. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    thanks for the input guys :thumbleft
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  5. eyeball

    eyeball Nibble Poster

    82
    3
    0
    Main reasons why Windows installs giving the first user admin is, mainly, due to the fact that Windows is the primary OS for non-tech savvy people. They have problems installing applications without needing to run it as administrator in the first place.

    Also by default the administrator account is hidden behind the welcome screen.

    Yes the security levels in all OS;s shoudl be set so that normal tasks are done with just the credentials needed.

    I personally, as said before, have to run as admin at all times due to some rubbish in house software. This does not affect me too much as I most of the tiem know what is going on with my machine, but with the number of machines I have to clear from spyware etc I wish it was not the norm!
     
    Certifications: A+, Network +, MCSA
    WIP: CCNA, MCSE+security
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Although it is indeed best practice as recommended by Microsoft for users to only have user privileges in practice it is a pain in the bottom.

    A lot of applications will not initialise because the user does not have rights to certain parts of the registry. If you use regedt32 you can assign the user rights to whatever registry key they need for the app but as I said, it is a pain.

    I believe most admins would prefer to limit the scope of what a user can do on their workstation but sheer frustration and time limitations forces the administrator to give the user local admin rights.

    Note, this is not the same as domain admin rights, they can be restricted as much as is considered necessary.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  7. MrDan

    MrDan New Member

    8
    0
    8
    We have locked our user accounts to stop them installing nasty no-standard software... We have noticed that some software (photo editor, powerpoint etc...)
    doesnt work then a collegue found out this trick....

    Run regedt32.exe
    Then under HKLM, give all users full control.
     
    WIP: MCSE
  8. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    :eek:

    There'd be NO WAY I'd unlock a whole registry to all users! :ohmy

    A single string, ok, but the whole HKLM? No chance.

    8)
     
  9. MrDan

    MrDan New Member

    8
    0
    8
    Sorry my bad....I meant full control to the software key...

    Not the whole lot.

    :oops: :oops:
     
    WIP: MCSE
  10. Clyde

    Clyde Megabyte Poster

    558
    15
    62
    mited a/cs limit the users ability to access stuff, but does not prevent them installing stuff. As far as I remember, when an app installs under windows, it doesn't install with the users permissions but rather with system permissions, so therefore can cause havoc - one of the reasons windows is vulnerable to viruses. I believe MS are making a big deal about Vista as it has a feature whereby apps install using user rights.. (unix anyone ? )
     
    Certifications: A+, Network+, Security+, MCSA, MCSE
    WIP: MCITP

Share This Page

Loading...