Admin accounts

I'm getting my partner to give me a user account whereby I'll be able to login and install software at will. My questions are:

• Does this need to be an admin account?
• Secondly I don't want to see what files she has, that's her business and I know admin level users can see the files for a standard user but can they also view another admin's files?
• And lastly I've often heard when one is doing normal day to day stuff on their computer they shouldn't sign in with their privileged account. But with UAC enabled if I do only sign in with my admin account what is the harm?

Appreciate your help



Windows 10 Pro

Gusgf said:

I'm getting my partner to give me a user account whereby I'll be able to login and install software at will. My questions are:

• Does this need to be an admin account?

Yes.

• Secondly I don't want to see what files she has, that's her business and I know admin level users can see the files for a standard user but can they also view another admin's files?

An admin, if they try to browse the user folder of any other user (standard or admin) will be told they don't have access, but will be offered permanent access if they wish by clicking Continue. You won't accidentally stumble across her files, but you could look for them if you were determined. Can she trust you (or can you trust yourself) not to click Continue?

• And lastly I've often heard when one is doing normal day to day stuff on their computer they shouldn't sign in with their privileged account. But with UAC enabled if I do only sign in with my admin account what is the harm?

Even signed in as an admin, most of the time you are running processes or apps as a standard user anyway. Only when you try to do something that requires admin rights will you be asked (as in the folder example above) if you want to use your admin privileges. The 'harm' would be if you click 'Yes' on a UAC prompt before taking the time to think about what it is that you'd be allowing to run.

Bree said:

Yes.



An admin, if they try to browse the user folder of any other user (standard or admin) will be told they don't have access, but will be offered permanent access if they wish by clicking Continue. You won't accidentally stumble across her files, but you could look for them if you were determined. Can she trust you (or can you trust yourself) not to click Continue?





Even signed in as an admin, most of the time you are running processes or apps as a standard user anyway. Only when you try to do something that requires admin rights will you be asked (as in the folder example above) if you want to use your admin privileges. The 'harm' would be if you click 'Yes' on a UAC prompt before taking the time to think about what it is that you'd be allowing to run.

Thank you for answering so clearly.

I'm a bit surprised by the fact that as an admin user you have unfettered access to other users data whatever the level.

BTW am I right in assuming that a standard user does not have access to anybody elses data no matter what?

It depends what policies are set on the computer as to whether an admin account is strictly necessary. Local administrators by constrast to other types of administrators are fairly limited in their scope. So it all depends on the environment you are in. Your system administrator at work will have considerably more control over the computer you use at work then you will, even if you have an administrator account. Your priveleges end at the local level ie simply for that particular physical computer. Even then local administrators can be restricted to prevent abuse of the local administrator account.

By default Windows comes shipped with a reasonable amount of security out of the box which means quite a bit of stuff someone might want to do will require authenticating using an administrator account. This is where features like UAC come in, as you mentioned. If you're just using a standalone computer (and not connected to a server managing everything) you'll find that privelege escalation simply requires the local administrator account. This is the account that is setup first when installing Windows and also the account which you setup as an Administrator, if you so wish. If there are several of these then each administrator account will have equal control over the entire system. In other environments this will be a little bit more complex but on your home laptop and/or desktop it's all locally designated meaning everything happens within the confides of that system. Everyone is in charge of that one particular system who is a local administrator.

You can play around with permissions a little bit but again in this scenario you're limited to local policies, of which are very hard to work flexibly because there is no centralised authority seperate to the local system. There is no higher power controlling the lower powers, to put it a certain way. You could lock out your partner, or she to you, but you could override this quite easily as Bree mentioned simply by requesting access. Presuming you have administrative priveleges it's just a matter of modifying permissions from this point onwards. You could even take full control of whatever it is you're accessing and then even lock your partner out. Not that you would want to but the point is when you're dealing with local policies you're limited to there being this inherent flaw in how local policies work. When you cross the boundary into domains this can change quite a lot because now you can create a centralised authority in charge of everything, including local administrators. So long as no-one is a domain admin along with you, you are above everyone else. This is a seperate entity with overarching control. The control is absolute so long as those computers under the domain controller (the centralised authority) remain under it. Domain administrator trumps local administrator, and local administrator trumps local user and/or guest etc.

This all sounds complicated so apologies if it comes across that way.

You also shouldn't use your local admin account by default. Why this is is because you are logged into an account with the highest priveleges a user can have, at least a human user can have anyway. There are more users above local admins but these are reserved for the system and a user like yourself never runs as system users ie NT AUTHORITY. So as soon as you login with these priveleges should anything target that particular user, or should malware turn up on your computer, it immediately has a good chance of being able to easily escalate permissions to a high enough degree that it can run and do whatever it wishes without there being denied permissions, such as when you run as a standard user. So to prevent your very account being a vulnerability to the security of your system you would typically only use an administrator account for very specific tasks and only temporarily. You should ideally have a standard user account for your everyday use and then just use UAC to authenticate yourself with the local administrator account. That way you're not always hovering around with keys to the kingdom waiting for them to be snatched. You can simply call upon which keys you need (proverbially speaking) without needlessly leaving yourself open to being manipulated into unlocking stuff you may have no idea you are unlocking, say if malware wants to use your admin account to start compromising the system. As a standard user you would have to authenticate this with your username and password before administrator priveleges are given.

A standard user only has access to his/her own data, depending on the policies currently in place. If this isn't so it can be arranged very easily that standard users cannot access particular areas of the system, such as other user files, folders, etc. And because they are standard users they cannot override this without knowing an administrator account and it's password. That being said if someone has physical access to the computer they can very easily reset the password for the local administrator and then do whatever they please. This is just the unfortunate truth. Computers are always vulnerable when they can be physically accessed no matter what protection is in place.

To wrap things up. Can you see her/his stuff? Yes. The question is whether you want to. As a local admin you will share the same amount of control your partner has. This is because, like stated above, you are setting local policies. And so long as another user (preferably another local admin) has access to the same policies they can be changed and so you're only as strong as the weakest link in the chain. And if the 'weak' link is several local admins then there is very little you can do here when using a home computer other than designated one account as administrator and one as a standard user. Or investing in running a home/small office domain and really switching things up so control can be configured to the minute details. 99% of the time though this isn't required and in fact it's overkill but I thought I would mention it so you know the levels of which this expands in terms of administration of computers. Local administration is very basic and primitive in many ways. Above this you have domains (active directory etc) like in small offices and elsewhere where control can be refined much more and you go beyond local policies and have a centralised authority seperate to the client computers themselves dealing out what can and cannot be done.

Hope this helps in some way. Trust in this scenario is therefore the priority. You could simply lock each other out of each others stuff and then hope that the relationship is strong enough that these restrictions are never breached. Either way in the long run there is not much on the local level you can do to prevent it from happening should it happen.

You should ideally have a standard user account for your everyday use and then just use UAC to authenticate yourself with the local administrator account.

But from what I understood if you're not paying attention and you OK the UAC popup. it doesn't matter what your logged in as, you're stuffed if the software is dodgy. So is it better to be logged in as admin with the UAC set to cautious or to be logged in as a standard user and just put up with the UAC constantly nagging.

That being said if someone has physical access to the computer they can very easily reset the password for the local administrator and then do whatever they please.

I was aware of this but never explored it but had assumed other users would be alerted. Hadn't realised Win10 security was so crap!!

investing in running a home/small office domain and really switching things up so control can be configured to the minute details

What would this involve learning wise i.e. small office domains? How on earth do small businesses survive if there is so little data integrity in their small office networks with a standard setup.

Above this you have domains (active directory etc) like in small offices and elsewhere where control can be refined much more and you go beyond local policies and have a centralised authority seperate to the client computers themselves dealing out what can and cannot be done.

So are we talking about using Windows Server similar to what a large network would use?

Gusgf said:

I was aware of this but never explored it but had assumed other users would be alerted. Hadn't realised Win10 security was so crap!!

Well, if you put you computer in the hands of a stranger then all sort of things are possible. But for a machine that has sensitive information and is at risk of theft or being lost, well that's what Bitlocker encryption is for.

What would this involve learning wise i.e. small office domains? How on earth do small businesses survive if there is so little data integrity in their small office networks with a standard setup.

Normal practice in a small office without a domain would be to make all users Standard users (apart from one account for IT support purpose). If/when they try to do something that requires admin privilidge then the UAC prompt would ask not only if they want to continue, but also for the name and password of an admin account.

So are we talking about using Windows Server similar to what a large network would use?

There are Local Group Policies that can be set up in Windows 10 Pro on a machine that is not a member of a Domain. These can restrict or customise what users are allowed to do.

For a machine that has joined a Domain (and to set up a Domain you need a Windows server) then there are domain-wide Group Policies that allow a domain administrator complete control over what users are allowed to do. For more see:

Group Policy - Wikipedia

Gusgf said:

But from what I understood if you're not paying attention and you OK the UAC popup. it doesn't matter what your logged in as, you're stuffed if the software is dodgy. So is it better to be logged in as admin with the UAC set to cautious or to be logged in as a standard user and just put up with the UAC constantly nagging.

Well I guess that's the risk you take using a computer these days. We can't all be experienced system administrators but when it comes down to it, yes, you are correct. The only solution therefore would to become a system administrator and take complete control over the computers, better still, the technology you use. As it stands, very few of us are willing to become that experienced and knowledgeable. And so these issues are always likely to occur. There is very little you can do other than become more educated in using computers/networks.

You really should not be remaining logged in as an administator, basically. And the UAC nagging is a good thing! It means it's doing it's job and is putting the ability to intervene between actions taking place down to you. The opposite of this is unmitigated access to the computer. And as an administrator logged in, any malicious activity is ever more closer to this unmitigated access if they could just somehow manipulate that very administrator account. When that happens and if it does, your own powers over the computer can and will be used against you. So it's best to hide them as frequently as possible and only use them when you need them and not overtly be so open at it.

Gusgf said:

I was aware of this but never explored it but had assumed other users would be alerted. Hadn't realised Win10 security was so crap!!

You have to bare in mind Windows was setup for the inexperienced average user who would likely never pick up a book about how computers work. Most never will, to their own detriment really. And so Microsoft are fine continuing to release something which does the job people want without it being too overly complicated to understand. An alternative to this is something like Debian, Arch Linux, CentOS, Fedora etc. But most Windows users would never get past the first loading of the desktop. Much of it from this point onwards is command line usage and to a certain degree pretty complex knowledge (if you really want to go that far) in how the operating system works at a minute level. Most people want convenience, hence why one of the reasons Microsoft hasn't baked great security into their products is because people don't want it, and probably wouldn't understand it if it was there.

Gusgf said:

What would this involve learning wise i.e. small office domains? How on earth do small businesses survive if there is so little data integrity in their small office networks with a standard setup.

Windows Server administration is a great place to start. Not only do you learn about server administration but as an obvious byproduct you learn about the computers you are going to be administrating, and so that includes ultimately knowledge about Windows itself. There are lots of benefits learning things this way.

Gusgf said:

So are we talking about using Windows Server similar to what a large network would use?

Yeah, absolutely :)

supermammalego said:

You have to bare in mind Windows was setup for the inexperienced average user who would likely never pick up a book about how computers work.

Yes I totally get that and it makes sense. BTW when I stated I felt Windows security was crap when it comes to standard security I didnt mean to offend. I guess I expected a more locked down experience.

Windows Server administration is a great place to start.

I'm actually doing the Comptia A+ and working my way through the material slowly. I'm kind of reluctant to delve into the heavy duty Windows Server content and am wondering if there is an alternative easier path for someone who instead just wants to set up a secure SOHO setup with multiple users and flexibility.

Bree said:

But for a machine that has sensitive information and is at risk of theft or being lost, well that's what Bitlocker encryption is for.

Ah yes that is a solution. I know I'm being a bit lazy here but do you know if using bitlocker it can be setup to unlock once for a session or does it require a pwd per file access?

There are Local Group Policies that can be set up in Windows 10 Pro on a machine that is not a member of a Domain. These can restrict or customise what users are allowed to do.

And I presume these policies would be setup by the Administrator which would allow you the admin, fine grained control as to what a restricted user can do? At some point I'd like to setup a secure, workable SOHO network and had hoped and assumed there was a way of doing it without going the whole hog and having to learn Windows Server Administration.

So if the above is possible where does someone who wants to learn the ins and outs of SOHO networks start?

Gusgf said:

But from what I understood if you're not paying attention and you OK the UAC popup. it doesn't matter what your logged in as, you're stuffed if the software is dodgy. So is it better to be logged in as admin with the UAC set to cautious or to be logged in as a standard user and just put up with the UAC constantly nagging.

No it's not that easy, for example if you are admin and surfing you never know what link you may click somewhere, and if it turns out to be bad you're pwned.

Gusgf said:

Yes I totally get that and it makes sense. BTW when I stated I felt Windows security was crap when it comes to standard security I didnt mean to offend. I guess I expected a more locked down experience.



I'm actually doing the Comptia A+ and working my way through the material slowly. I'm kind of reluctant to delve into the heavy duty Windows Server content and am wondering if there is an alternative easier path for someone who instead just wants to set up a secure SOHO setup with multiple users and flexibility.





Ah yes that is a solution. I know I'm being a bit lazy here but do you know if using bitlocker it can be setup to unlock once for a session or does it require a pwd per file access?



And I presume these policies would be setup by the Administrator which would allow you the admin, fine grained control as to what a restricted user can do? At some point I'd like to setup a secure, workable SOHO network and had hoped and assumed there was a way of doing it without going the whole hog and having to learn Windows Server Administration.

So if the above is possible where does someone who wants to learn the ins and outs of SOHO networks start?

Networking is pretty much the foundations of any server administration path you take. You could say it's the foundation for any administration path. Just start with the basics and work your way up. What you are doing will eventually form a skill set that can be transferred to different areas. A first step in learning about SOHO networks is to do away with the router that shipped with your ISP and get some equipment to mess around with.