security

Removing Administrator Privileges

One of the first lines of defense and easiest ways to improve the security of your computer is to remove administrator privileges from your user account and create a separate Administrator account.

These accounts should also be password protected with a strong password, and each account should have its own unique password.

When you click a malicious link, or open a malicious document, the payload will run as the current user. If this user is an administrator, the payload will run as an administrator, and can potentially do more damage than if the user is a ‘standard’ user.

A standard user doesn’t have access to files in the Windows System, or access to the Systems Registry. This is where many malicious payloads will try to install on the machine.

Taking away administrator rights wont stop all malware on a machine, but it will dramatically decrease the malware that could affect the user.

The default user for a Windows installation is an administrator, so currently, you are probably running as an administrator. First of all we will create a new Standard user account. Secondly we will set it as administrator. Lucky last, we will set out current user to standard. Follow the steps below.

Create a new Standard User account

Press Windows Key + R

Type in Control and press enter

Click User Accounts

Click Add or remove user accounts

Click Add a user account

Click ‘Sign in without a Microsoft Account

Click Local Account

Type in a username i.e. homeadmin

Type in a password

Type in a password hint

Click Next

A standard user account has now been created

Set new account as Administrator

Press Windows Key + R

Type in Control and press enter

Click ‘Change account type’

Click on the account your created.

Click Change the account type

Select Administrator and Click Change Account Type

The account is now an Administrator

Set current account to standard user

Press Windows Key + R

Type in Control and press enter

Click ‘Change account type’

Click on your account

Click on Change the Account Type

Click on Standard and Click Change Account Type

The account is now a standard user

What will be different

You shouldn’t notice any differences in how your computer runs, except you will be prompted for your administrator password whenever you change windows settings, install software, or modify system files. Normal use will not be affected.