Use A Standard User Account In Windows For Better Security
It may prevent the global installation of unwanted or malicious software and can block changes to important system settings that would otherwise mess up the whole computer – for all users.
A Standard user account is also necessary for children if you are using the free OpenDNS Family Shield to block adult sites (or else kids can easily bypass the Shield).
What Are The Different Types Of Windows User Account?
Windows computers have 2 main types of user account – a Standard (limited) account and an Administrator account.
There is also a Guest user account in Windows 7 and 8.1 (not Windows 10) – it is a Standard user account with even more limited privileges. As the name suggests it can be useful for giving guests temporary access to the computer because the account is so locked down they can’t access the documents of other users or change any important settings.
Administrator user account
Windows always has at least 1 Administrator account by default, even though it may be hidden in later versions.
This type of account gives unrestricted access to Windows – so it is great for making changes to system wide settings, installing new software and managing the accounts of other users.
But all that power also makes it vulnerable – if an unauthorized user (like a virus or hacker) gains access to the Administrator account it can make unwanted system wide changes such as encrypting the files of all users, stealing passwords or stopping Windows start up.
Standard user account
As a Standard user you are more restricted in what you can do. You can use most of the capabilities of the computer, but permission from an Administrator is required to make changes (intentional or not) that affect other users or the security of the computer.
When logged into Windows with a Standard user account, you can run existing programs, browse the web, use email and do most of the other things that an Administrator can do.
However, you can’t install or uninstall software and hardware, delete files that are required for the computer to work, or change settings on the computer that affect other users (e.g. change security/network settings).
If you try to make such changes, Windows will ask you for the password of an Administrator account as shown below:
At this point you can ask an Administrator user to type in their password – they can check what the change is and make sure it is appropriate.
Security Reasons To Use a Standard User Account
Blocking changes to system wide settings, and programs which affect other users, helps protect against malware – a virus that can only infect one user account is much easier to remove than one which infects all users and runs riot through core Windows system files…
Research from BeyondTrust a few years ago reviewed the 256 security vulnerabilities in Windows that were fixed by Microsoft during one year. Their report found that using a Standard account would provide better protection from the exploitation of:
- 75 percent of Critical Windows vulnerabilities in Windows 7 reported by Microsoft
- 100 percent of Microsoft Office vulnerabilities reported in that year
- 100 percent of Internet Explorer vulnerabilities in that year
- 64 percent of all Microsoft vulnerabilities reported in that year
The results prove that using a Standard account is still an excellent way to reduce the risks of malware or exploitation by hackers.
How To Create A Standard User Account
Create a new Standard user account by following these guides:
Windows 10 – follow Microsoft’s guide here
Windows 8.1 and Windows 7 – follow Microsoft’s guide here
XP – click Start \ Control Panel \ User Accounts \ Create A New Account. Type a name for the new account and press ‘Next’ then select ‘Limited’ and press ‘Create Account’
What About User Account Control?
Windows 10, 8, 7 and Vista have an extra security feature called User Account Control (UAC) – even Administrator users are prompted for permission when a task requires Administrative rights (e.g. installing software).
Unfortunately many people found UAC intrusive and disabled it whilst others became so used to seeing it that they would just accept the prompt every time…
Even when UAC is used properly, an Administrator account with UAC enabled is not as secure as a Standard user account – malware has long been able to bypass UAC completely.
A Standard user account in Windows offers many security benefits compared to using an unrestricted Administrator account – this makes it perfect for browsing the web, using email and downloading files.
It’s also ideal for making a computer more ‘kid-proof’ – protecting them (and other users from them) – just don’t let them know your Administrator password…