New
#1
Is a standard user account necessary for tight security and home user?
Is a standard user account really necessary for tight security for the home user or will a well secured administrator account be sufficient?
Is a standard user account really necessary for tight security for the home user or will a well secured administrator account be sufficient?
Best practice is to use a standard-level user account for your every-day work, and only the admin-level account for making system changes.
Ok this is kind of new to me and I can understand now from a security point of view but how many people actually do? There are a lot of inconveniences that come with with using a standard user account right?
Having not used a configuration like this before it's hard to get a grasp of how this might work. Will Windows Update still check for updates under a standard account? Will it warn that it can't install them without admin permission? Should admin permission ever be granted within the standard user account to perform different tasks? Wouldn't it defeat the purpose of having a admin account if you were constantly granting admin permission for things within the standard account?
I see that it's possible to create a new admin account and then convert the current admin account into a standard user account. Would it be possible to do this for testing purposes and then if I decide to revert back without any major disruption to my personal files/program configurations etc?
Quite a few people do it, once they've been hit by something and learn the lesson the hard way. It is not inconvenient at all, to be honest. How many times a day do you install programs or make system changes? When you do install a program, the UAC comes up, and you need to enter the password of the admin account to continue - that's it.
Yes, you have little control over Windows Update.
It will notify you if a reboot is required, same as now. Trusted Installer has highest permissions, and you don't control that, the OS does.
If admin permission is required for something, the UAC will pop up and you'll need to enter the password for the admin account.
I don't think it's constantly. Honestly, I have several computers all set up like this, and it's no bother at all.
Yes, as long as you keep one admin account on the machine, you will have full control form that account to do whatever you want to do.
Thanks @simrick.
So Windows Update can install updates and reboot as normal from the standard user account?
When you do grant admin permission within the SUA it is only temporary access right? That doesn't mean you should be trying to use your computer like an administrator in the SUA though does it? For example you shouldn't install programs in the SUA?
So it should be straightforward to reverse the standard user account back to an admin again which is the one I first used to setup Windows.
I'm only really worried about messing up all my programs/configurations and my personal files in the change over. There's no real possibility of this?
Quite welcome.
Yes, sure.
It's a one-time permission grant for that function only.
I don't, but you can. I install programs from the admin account, but do things like update Java and run scans from the standard user account all the time. I just input the password for the admin account when asked, and give permission for that one function.
Yes, simply create a new user account, make it admin level. Then log into that account, and change your current user account to standard level. If for some reason you need to go back, log into the new admin account, raise your old account to admin user level and you're done. Here's the tut:
Account Type - Change in Windows 10 - Windows 10 Forums
Adding an account, or changing the permissions doesn't harm the programs or data in any way. Just be sure to always have one admin account on the machine at all times.
You also probably should look into making regular system images of your machine using Macrium Reflect Free.
Macrium Reflect - Backup Restore - Windows 10 Forums
This can be a life-saver, if you're ever hit with an infection, a bad update, a failed hard drive, or user error.
I created a standard user account just the other day but that was before I knew that you could convert the current admin account to a standard user account.
So the addition of another account creates a new user folder, is this the only folder you would expect to see consuming extra space on the OS drive for the *new* user whether standard or admin?
As long as I'm only using the admin account for administrative purposes I shouldn't be doubling up on files?
I take it it's also important to make sure your not logged in as both the admin and standard user at the same time? I noticed this caused there to be two sets of the same processes to be running.
Oh and yes I am already a user of Macrium Reflect and make regular backups, I think it's great.
Okay good. Then the new account can be changed to admin-level account, and your current user account can be changed to standard-level user. (In that order, of course.)
If you look in C:\Users, you'll see what is additional for the second user account; basically all libraries, appdata, etc. .
Correct.
It's really not necessary to be logged into the admin user account at all, unless you have specific reason to be in there. I usually go in once a month, just to make sure nothing needs my attention. Sometimes I find that updates to some 3rd-party software only toaster up when I am in an admin account. You can, of course be logged in to both users - it doesn't hurt anything - and switch between them, if need be for something you have to do. But I always make sure I am only logged in to one account when I am shutting down. Otherwise, the shutdown process could be a little longer than usual.
Good! Then you have a fallback if something happens (what, though, I can't think). :)
Are you sure being logged into both accounts is ok? I noticed that it caused the running processes to double up, or should it have not done that?
Is there ever the possibility that some of the programs you use regularly won't run correctly or at all from a standard user account? Can that be a problem?
Also we should look at using at a standard user account as an extra layer of security but we should not substitute it for our normal security protections including antivirus and malware monitors...