Save to Delicious (
Del.icio.us(Related google search) By default, any Windows XP user accounts that you create are given administrator privileges. Many people leave it this way (and some just use the built-in administrator account), allowing them to install software, modify settings, and otherwise tweak their system as their whims lead them to. Unfortunately, this also gives administrator privileges to ill-intentioned applications, malicious programs, and viruses. Operating under a Limited User account can limit the damage that an accidentally downloaded virus is able to do. Limited User accounts have limited access to the windows registry, read-only access to select system folders (C:\windows, C:\Program Files, and probably others), and non-use access to several system tools (disk defrag, scandisk, add/remove programs, add hardware, and most tools in the Control Panel). Under such lockdown conditions, viruses and bad programs can't really do much, which is good. If you need to install a program...well, you can't, but your admin account can, and you can access that account's privileges either through the runas command or through switching to your admin account. Or, if you're wanting to run an executable program (whose filename ends with .exe), there's the RunAs context menu option. If you're thinking, "Yikes...so, you basically can't do anything?" then you'd be partially correct. Unless you go through your admin account, you can't install programs, uninstall programs, or do anything short of web-browsing and document-editing. Which may be all you need, depending on your circumstances. If you need regular access to locked-down resources, but still want the added security of a Limited User account, you can do as I have and make two accounts on your machine, one for (limited) everyday use and one for admin use. And check out my post, Surviving a Windows XP Limited User account, on making this situation livable ;) As there are plenty of step-by-step guides on how to setup a new user account, I'll let Microsoft themselves guide you through the process.
September 5, 2007
Subscribe to:
Post Comments (Atom)
2 comments:
Good article, thanks. I have been using a limited user account for a few days now... I have found it suprisingly easy and not as annoying as I expected. I am sure the security benefits far outweigh the annoyance.
The only slight issue I have is not being able to run disk defrag (I am sure my PC needs it after installing so many files and programs!) and not being able to change the power settings so when I close my laptop lid it just turns the screen off instead of going to standby.
Thanks, I'm glad you liked it.
Regarding the disk defrag, I just opened an admin Explorer window, right click the drive, and click "Properties", and it let me disk defrag from there.
Regarding power settings...I use a Dell Inspiron E1705, which has Dell proprietary software installed to handle that stuff. Unfortunately, there was no way to use runas to modify the settings for my account. I ended up making my user account admin (for a very short time) just to get those settings custom, so i feel your pain!
Post a Comment