BITS

Main menu

Skip to primary content
Skip to secondary content
  • Home

Category Archives: Change user account type

Why you should read reports…

Posted on April 2, 2015 by BITS

Microsoft vulnerability report for 2014 is available from Aveco. The report evaluation centered on critical vulnerabilities, 240 of them in 2014. Subjectively selected statistics from the referenced report:

  •  Of the 240 vulnerabilities in 2014 with a Critical rating, 97% were concluded to be mitigated by removing administrator rights
  • 98% of Critical vulnerabilities affecting Windows OS could be mitigated by removing admin rights
  • 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights
  • 80% of all Microsoft Vulnerabilities reported by us in 2014 could be mitigated by removing admin rights vs 60% in 2013

That’s right, just by removing admin rights for your user account, you’d be immune to 232.8 while remaining vulnerable to 7.2 critical vulnerabilities in 2014. The statistics for 2014 vs. 2013 is impressive, Microsoft Security is moving in to the right direction. 20% increase for security just for removing admin rights is a great improvement.

This blog had been emphasizing the importance of removing the admin rights for your daily user account in this pervious blog. The short version is that any programs, scripts, etc., that gets on your system will be executed under local administrator access rights. Weather you know this or not, it does not matter for the malware, it just wants to take a hold of your system on the easy way.

Microsoft does not make it easy for the end users not to have admin rights for your user account. Quiet the opposite, the Windows installation routine assigns local administrator access to the first account created during the setup. Instead of asking the end user for creating two accounts, one user account for daily use and the other for local administrator access if and when necessary.

Microsoft is missing an opportunity to provide end user training during the Windows installation routine. Instead of all of the “mumbo-jumbo” about the necessity of using your Microsoft account for creating your user ID, Microsoft should provide briefing about the importance of the two different accounts and their overall impact for the system security.

If you feel compelled to change your user account type, this blog provides instruction for removing the admin right for your daily user account. After reading the referenced report, there’s really no reason for not changing the account type…

Posted in Basic security protection, Change user account type, Computer Security, Small business system security

How to change user account type in Windows…

Posted on July 17, 2014 by BITS

In my previous blog, I’ve emphasized the importance of not using administrator account for everyday tasks, such as reading your email, browsing the web, running your programs etc. In this blog, we’ll look at how to remove the administrator access from the first account that you have created during the Windows installation process.

By default, Windows installation proceeds with the administrator account, amply named “Administrator”. This is the initial account that has full access to the system and installs all the necessary drivers, programs, etc. When the installation is about to be completed, Windows will force you to create a user account with a password. This account name cannot be the name of existing accounts, but other than that, you’re free to choose a name. This first account created is assigned “Administrator” rights by the installation routine and the initial “Administrator” account is disabled. This installation routine first appeared in Windows Vista and continued with Windows 7, Windows 8.x, and presumable will be the same in Windows 9.

Back to the subject on hand and let’s remove administrator access for the first user account created in Windows…

The process is simple enough and the basic steps are:

  1. Create a new administrator account
  2. Login with the new administrator account
  3. Change account type for the “%Default first user%”

There’s no way to know the name of the first account that you’ve assigned on your system. For the purpose of this blog, the name of the first account is indicated by the variable of:

“%Default first user%”

Please substitute this name with your first account you’ve created during Windows installation.

Step 1:
Open up the “Control Panel” and you should see this, if you have “Category” listing selected:

Control panel

Select “Add or remove user accounts”, note the little shield front of it, under the “User Account and Family Safety” category. The little shield indicates, that using this step will require local administrator access, if your system had not been modified since installation. In which case, the User Access Control (UAC) warning like this will pop up first:

UAC

The UAC window on your system will have your first account’s name prepopulated, instead of the shown “%Default first user%” variable. You will not see this warning, if the UAC is disabled.

Enter your password for the account, click “OK”, to see the current accounts on your system:
Windows default accounts

In this window, click on “Create a new account”:

Administrator

Choose a name for the new account that is meaningful for you. it can be anything you’d want. For the purpose of this blog, the account is named “Test admin”; substitute this name with your choice. Select “Administrator” for the account type and click on “Create account”, that brings up the current user accounts listing window, with the new account:

Default plusThere’s no requirements for creating a password for the new account and it is created by the system with no password. In the computer world, no password is a password. Depending on the password policy on the system, you could:

  • Logon with the new account without password
  • The first logon will force you to change the password

You have couple of choices for setting a password for the new account:

  1. Set the password using the Control panel
  2. Change password at time of first logon with the new account
  3. Login with no password and change it

In either case, you should set a password that is 6-8 character long, non-dictionary word, include a number, and/or special character.

Log off your account and proceed to the next step…

Step two:
This is a simple step, just select the newly created account, type in the password, and hit “Enter” to login with the new account. Initially, Windows will set up the new account and starts up the new profile.

Step three:
In this step, you’ll remove administrator access from the “%Default first user%”, again, please substitute the this name with your account’s name. As explained earlier, open Control Panel, under the “User Account and Family Safety” category, click on “Add or remove user accounts”:

Default plus
Click on the “%Default first user%”, substitute this variable with the name of your account to show the available options:
Change options

The options include “Create a password” that you could use in “Step one” for setting the password for the new account created.

Click on change the account type:
Change user type
Select “Standard user” and click on “Change Account Type”:
It's done

You’re pretty much done, logoff from the new administrator account. Test the modified account without local administrator access to the system, logon with this account. Your personalization of desktop, shortcuts, etc., did not change. Most if not all programs will run just fine with standard user access to the system. For programs that require administrator level access, the system will popup a UAC warning. You really should consider replacing this program, but that might not be an option. In which case, just enter the password for the administrator account and the program will run.

If removing the administrator access from the “%Default first user%” causing issues with your system and/or limits your productivity, reverse the process in “Step three”.

Posted in Change user account type, Remove admistrator access

Recent Posts

  • Protecting your PC is important, until Oracle comes along…
  • Password is dead, or is it?
  • Password complexity, does it really matter?
  • Malware as surveillance tool…
  • Why you should read reports…

Archives

  • May 2016
  • April 2016
  • February 2016
  • April 2015
  • March 2015
  • February 2015
  • October 2014
  • July 2014
  • June 2014
  • April 2014
  • March 2014
  • December 2013
  • September 2013
  • July 2013
  • April 2013
  • November 2012
  • October 2012
  • September 2012
  • August 2012

Categories

  • Antivirus
  • Authentication server
  • Basic security protection
  • Browser activity tracking
  • Browser security
  • Browser tracking
  • Business identity
  • Change user account type
  • Client exploits
  • Cloud security
  • Computer Security
  • Connecticut
  • Do Not Track
  • DoNotTrackMe
  • Email fraud
  • Form grabber
  • Ghostery
  • Key-logger
  • Malvertisement
  • NSA
  • Online password
  • Password
  • Password complexity
  • password database
  • Privacy
  • Regulation
  • Remove admistrator access
  • Security
  • Security companies wanna be
  • Small business backup
  • Small business system security
  • Spear phishing
  • Surveillance tool
  • Tracking by Operating System
  • Windows 8
  • Wordpress security

Links

  • Business Information Technology Services
  • Health Benefit Advocate
  • Login
  • MedBills Assist
  • O&K Consulting LLC
Copyright © 2012 O & K Consulting LLC | All Rights Reserved