User accounts in windows
Modern computer Operating Systems allow multiple user accounts. This capability allows the person who controls the computer, or Administrator, to restrict functionality available to specific users and segregates configuration and data files from one user to another. This feature allows for many things. One user’s work cannot be deleted by another user for example. This feature does have security implications as well though, and that’s the topic today.
By default Windows users have administrator access. Initially this made things easier for software developers, they could write the software to do what they wanted without worrying about any artificial constraints on what they could do. With the advent of the internet and the connectivity it brings, giving everyone full access to a system greatly lowers the bar for viruses and other malware to successfully attack a system. By following Microsoft’s reccommended practice of creating a standard user account for daily use, malware has a much harder time attacking the system itself. The process is fairly simple, and taking this one simple step will completely defeat some malware, and reduce the removal of most other malware to logging into the administrator account and running the removal tools. These instructions are fairly consistent with both Windows XP, Vista, and 7, the primary difference is in Windows Vista and Windows 7, you have to select “Manage Another Account” after you have opened up the User Account program in the control panel.
- Start->Control Panel
- Open User Accounts
- Create a new Account, make this an Administrator account and give it a password
- Change Account, then change account type. Set the current account to a limited user account. This ensures you still have access to all your data and software configuration
February 21, 2010 10:06 pm