security - Is Windows 7 Administrator user meant to be activated?
2014-07
WolleTD
I just started to work on a Windows 7 Environment for one of our products which is, until now, still shipped with Windows XP.
Now my question: The customer only has access to a very restricted system, but we need admin access sometimes. Should I create another, admin privileged user or is it okay to enable the Windows 7 Administrator user?
Thanks, Wolle
LPChip
The Administrator account is disabled for a reason. It has been flagged as a security risk to have the administrator account be named Administrator. Its better to create a new user with admin privileges.
Temporarily enabling it and then disabling it is considered okay though.
NoCatharsis
I have always used an admin account for my Windows installations, but I've started to see the usefulness of separating admin and standard user accounts for everyday usage.
I plan to reinstall Windows 7 on my current machine with all of the software I need, then lock it down by creating a standard account that I will use on a daily basis. However, I foresee annoyances with installing common applications or changing settings that I would normally not think twice about as an admin (but maybe that's the point?).
For one, I've always found the User Account Control prompt very annoying for doing minor things on my computer, so I've always turned it off immediately after installation. Is this a good idea, and should it be done for the standard user account I will create?
Any tips or, even better, links to online guides describing the standard account best practices would be greatly appreciated.
nhinkle
It's all about finding a balance between convenience and security. If you found UAC to be annoying, you will find running as a standard user to be even more annoying. For power users, I feel like the best balance in Windows 7 is to run as an administrator with UAC turned on, but not prompting for system changes, just third-party actions. It is indeed the point of UAC or running as a non-admin that you will think twice when installing applications or changing certain settings.
If you run as a standard user and have UAC turned on, then you will get a password UAC prompt to elevate to an administrator account when running any task which requires administrative rights. If you run as an admin with UAC on, you will only get a yes/no prompt, and only when performing certain actions.
Generally, I would recommend against turning off UAC. UAC provides good security. In Windows 7 in particular, it's not very annoying unless you're making ridiculous amounts of changes to your computer.
Corporate Geek
You should take a look at this article about UAC: What is UAC & Why You Should Never Turn it Off It explains very well how UAC works and what is the difference between all levels. I highly recommend you keep it turned on.