Windows accounts

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

It is recommended to use a limited account when using Windows for day to day activities. The idea, making it harder for anything nasty to do it's work.
Is this effective? Can some piece of mal/virus execute itself if contracted in a limited account?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Standard practice regardless of OS is to only use an account with the permissions required to do the tasks needed.

A problem with this is that some applications require Administrative premissions to run (bad programming).

Something that you can do with windows is to right click on the executable for the program and choose 'Run As', letting you use a higher level acount to run the app.

 

Linux is setup to run under a limited account by default. Of course, there are certain tasks you can only do as root but when you try to run them from X-windows, you are prompted for root's password. When you exit the task, you also exit root.

On the command line (as you certainly know) you can switch from your regular user to root using the "su" command or using Debian or Ubuntu, use "sudo".

Windows seems to be set up by default to run from the administrator account. In fact, most home users, whether they realize it or not, login as admin all the time. As Simon says, it's good practice to do day-to-day work on the system as a regular user but Linux is designed to do this while you have to consciously make yourself do this when running Windows.

 

thanks for the input guys

 

Main reasons why Windows installs giving the first user admin is, mainly, due to the fact that Windows is the primary OS for non-tech savvy people. They have problems installing applications without needing to run it as administrator in the first place.

Also by default the administrator account is hidden behind the welcome screen.

Yes the security levels in all OS;s shoudl be set so that normal tasks are done with just the credentials needed.

I personally, as said before, have to run as admin at all times due to some rubbish in house software. This does not affect me too much as I most of the tiem know what is going on with my machine, but with the number of machines I have to clear from spyware etc I wish it was not the norm!

 

Although it is indeed best practice as recommended by Microsoft for users to only have user privileges in practice it is a pain in the bottom.

A lot of applications will not initialise because the user does not have rights to certain parts of the registry. If you use regedt32 you can assign the user rights to whatever registry key they need for the app but as I said, it is a pain.

I believe most admins would prefer to limit the scope of what a user can do on their workstation but sheer frustration and time limitations forces the administrator to give the user local admin rights.

Note, this is not the same as domain admin rights, they can be restricted as much as is considered necessary.

 

We have locked our user accounts to stop them installing nasty no-standard software... We have noticed that some software (photo editor, powerpoint etc...)
doesnt work then a collegue found out this trick....

Run regedt32.exe
Then under HKLM, give all users full control.

 

There'd be NO WAY I'd unlock a whole registry to all users!

A single string, ok, but the whole HKLM? No chance.

 

Sorry my bad....I meant full control to the software key...

Not the whole lot.

 

mited a/cs limit the users ability to access stuff, but does not prevent them installing stuff. As far as I remember, when an app installs under windows, it doesn't install with the users permissions but rather with system permissions, so therefore can cause havoc - one of the reasons windows is vulnerable to viruses. I believe MS are making a big deal about Vista as it has a feature whereby apps install using user rights.. (unix anyone ? )