Does it make sense to use non-admin account for home PC?  


  1. That Random Guy
    Posts : 47
    Windows 10 Pro x64 ( v. 2004)
       New #1

    Does it make sense to use non-admin account for home PC?


    Basically, I wanted to hear from the community on whether or not this still makes sense in the current era.

    The PC in question is just a regular Windows 10 Pro box with nothing fancy... no external access or fancy proxies.

    Only "advanced" thing I would say it will use is a VPN but that's kind of it. Just another home network.

    I know perhaps it doesn't necessarily make sense to apply an enterprise best practice at home but in my mind, I don't particularly see anything wrong with using a regular user for normal use and only using the admin account when UAC comes up for things.

    Anyway, I'm just trying this out now and I don't see any issues as of yet. Is there anything about this that anyone would recommend against or have any tips for?

    P.S. - Yes, I am paranoid.
      My Computer
    Quote Quote

  2. Berton
    Posts : 13,136
    Win10 Version 21H2 Pro and Home, Win11 Pro and Home
       New #2

    The difference with Home and a User with admin rights and a Standard User is the ability of the admin to install and remove program and make various changes in how things work. There should be at least one User with Admin rights whether with a Microsoft Account or a Local Account, the one doing the initial install of Windows on their computer has always gotten that appointment.
      My Computers
    Quote Quote

  4. zbook
    Posts : 40,415
    windows 10 professional version 1607 build 14393.969 64 bit
       New #3

    One or more of these tutorials may be useful:

    Enable or Disable Elevated Administrator account in Windows 10

    Add Local Account or Microsoft Account in Windows 10

    Enable or Disable Account in Windows 10

    Delete User Account in Windows 10

    Add Guest Account in Windows 10



    When using Windows there may be registry problems.

    Having another user is useful when troubleshooting.
      My Computer
    Quote Quote

  5. Try3
    Posts : 14,226
    Windows 10 Home x64 Version 22H2 Build 19045.2728
       New #4

    MS still recommend that we all use a Standard user account for day-to-day work & only use an Admin when essential.
    When I last saw a survey about this [years ago], 75% of us were ignoring that advice.

    I use Admin user accounts for routine work.
    I keep UAC at its maximum level because of claims that, at its second-highest [default] level, malware can sneak through into an Admin user account & self-elevate behind your back.

    Denis
      My Computer
    Quote Quote

  7. hdmi
    Posts : 1,100
    11 Home
       New #5

    I use an admin account with UAC at default level. But that's just because I don't download viruses or malware (even though I keep Defender enabled just as an added precaution). I run my Firefox browser under the supervision of Sandboxie-Plus so that I can use the Quick Recovery feature (with the Immediate Recovery option turned off in settings) to manually select what downloaded files I want to recover from the sandbox. This is to ensure that, in the possible event that a browser vulnerability causes malicious code execution, any file create/modify/delete/move operations performed by the malicious process in question will have no further impact outside the sandbox folder. Deleting the content of the sandbox via the appropriate menu action (I use a desktop shortcut that I keep on a Taskbar Toolbar for this purpose, it triggers the equivalent action via command line) kills all processes that are running in the sandbox and deletes the content of the sandbox folder. For ransomware (etc.) to affect the part of the filesystem that is outside the sandbox, the system would have to already be compromised. This concept is what's known as software isolation. It may take some time and effort to get accustomed to it, but it pays off (IMO and IME).

    Having to click on the UAC prompt all the time is what causes me to lose my concentration at times when I need to pay careful attention to not screw up certain stuff in such a particular way that could destroy security. Too much UAC makes my head spin. The stress factor leads to making additional mistakes, which lead to more frustration and stress. Before we even start to notice, it's already become a vicious circle, and then it is too late. Sure, the internet is always a major risk. But why should we underestimate the human factor I mean? As another example of this, an AV suite that gives constant false alerts and generic/meaningless warning messages is a distraction the most important characteristic of which is that it teaches you to persistently ignore it. Accidents happen that way. It's one of those reasons why I stopped using 3rd party AV suites a very, very long time ago. In fact I can't even remember when was the last time I still had Malwarebytes Anti-Malware installed on my computer. The road to security is to know what you're doing. I find that the best way to know what I am doing is to make sure I can stay focused properly.
      My Computers
    Quote Quote

  8. cereberus
    Posts : 14,587
    Windows10
       New #6

    Try3 said:
    MS still recommend that we all use a Standard user account for day-to-day work & only use an Admin when essential.go through
    When I last saw a survey about this [years ago], 75% of us were ignoring that advice.

    I use Admin user accounts for routine work.
    I keep UAC at its maximum level because of claims that, at its second-highest [default] level, malware can sneak through into an Admin user account & self-elevate behind your back.

    Denis
    In part, out there in the "real world", most Joe Public users probably do not even know the difference. They buy a laptop with Windows preinstalled, turn it on, go through oobe, enter an account and carry on oblivious to standard accounts. All they want to do is install apps and use them.
      My Computer
    Quote Quote

  9. zebal
    Posts : 1,515
    Windows 10 Pro x64 22H2 (Build: 19045.2364)
       New #7

    That Random Guy said:
    Basically, I wanted to hear from the community on whether or not this still makes sense in the current era.

    The PC in question is just a regular Windows 10 Pro box with nothing fancy... no external access or fancy proxies.

    Only "advanced" thing I would say it will use is a VPN but that's kind of it. Just another home network.

    I know perhaps it doesn't necessarily make sense to apply an enterprise best practice at home but in my mind, I don't particularly see anything wrong with using a regular user for normal use and only using the admin account when UAC comes up for things.

    Anyway, I'm just trying this out now and I don't see any issues as of yet. Is there anything about this that anyone would recommend against or have any tips for?

    P.S. - Yes, I am paranoid.
    Using standard user account is essential for security even if you have UAC set to max.

    Some people validly claim though that standard account is not needed if UAC is configured since malware won't be able to do any damage without consent.
    But this depends a lot on who is using the PC, for example are you able to determine whether to give consent or not in certain case?

    It also depends on your safe computing habits such as:
    1. do you install unsigned software?
    2. do you run certain programs as Admin for longer time?
    3. do you run networking programs as Admin?
    etc..

    All these scenarios contribute to make attack surface wider.
    In any case you should be aware of and understand how privilege escalation works, then you'll have a better picture on whether to use admin account or not and how UAC may prove useless in certain scenarios.
      My Computer
    Quote Quote

  10. hdmi
    Posts : 1,100
    11 Home
       New #8

    zebal said:
    Using standard user account is essential for security even if you have UAC set to max.
    It is recommended (per M$), but no, not truly essential. Especially not essential for those who... well, I already tried to explain about this in an older thread, but I can only lead a horse to water and can't force it to drink so anyway, here's water:
    https://learn.microsoft.com/en-us/wi...ser-experience
    More water here:
    https://social.technet.microsoft.com...-approval-mode
      My Computers
    Quote Quote

  11. zebal
    Posts : 1,515
    Windows 10 Pro x64 22H2 (Build: 19045.2364)
       New #9

    hdmi said:
    It is recommended (per M$), but no, not truly essential. Especially not essential for those who... well, I already tried to explain about this in an older thread, but I can only lead a horse to water and can't force it to drink so anyway, here's water:
    https://learn.microsoft.com/en-us/wi...ser-experience
    More water here:
    https://social.technet.microsoft.com...-approval-mode
    Thank you for these links, I was looking for them some time ago but couldn't find, I'll study more about this.
      My Computer
    Quote Quote

  12. Try3
    Posts : 14,226
    Windows 10 Home x64 Version 22H2 Build 19045.2728
       New #10

    zebal,

    If you are going to study UAC in some detail, as you indicate above, then I think you will find these articles enlightening. They describe its development for Windows 7 and explain many of its whys & wherefores.
    User Account Control - Engineering Windows 7 - MSLearn
    User Account Control (UAC) - quick update - Engineering Windows 7 - MSLearn
    I think their single most important statement is that UAC was developed as a convenience not as a security measure - to avoid a standard user having to log out so their Admin can log in & do a particular job then log out again ready for the standard user to log back in then remember what it was they were doing in the first place.


    Merry Christmas,
    Denis
      My Computer
    Quote Quote

 

  Related Discussions
Working on a windows 10 pro (Fully updated a few days ago) for the first time in months, maybe years. I've stumbled on to a permissions or security problem. Some of you here may run linux or unix at times and will have heard of or used the...
I'd like to convert my dad's local Windows account from administrator to standard user for safer browsing. I created a new administrator account on his laptop but still can't change his account type because in the Change Account Type window the...
If I login to the administrator account to make changes, I naturally want any changes I make to appear in the standard user account since that is the one I am making changes for. Does this happen automatically or do I have to do something special to...
Hi. I'm getting a bit confused about how to set up child's laptop with me as an Administrator. I've read a few internet articles but they all seem to start by assuming that you have set up the computer in your own name first and are then adding a...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:33.
Find Us




Windows 10 Forums