> It is generally recommended to use a standard account for day-to-day
> operations, and to reserve the administrator account for any actions that
> affect all user(s) on a system. Even when there is only one user, say on a
> home PC, if I understand things correctly, it is best to have both an
> administrator and a standard account.
Correct. Routinely using a computer with administrative privileges
is not without some risk. You will be more susceptible to some types of
malware, particularly adware and spyware. While using a computer with
limited privileges isn't the cure-all, silver bullet that some claim it
to be, any experienced IT professional will verify that doing so
definitely reduces that amount of damage and depth of penetration by the
malware. If you get infected/infested while running as an
administrator, the odds are much greater that any malware will be
extremely difficult, if not impossible, to remove with formating the
hard drive and starting anew. The intruding malware will have the same
privileges to all of the files on your hard drive that you do.
Vista's UAC adds an additional layer of protection, even if you
don't enter a password each time it warns you; the important thing is
that you're being warned, and can then make your own decision. A
technically competent user who is aware of the risks and knows how to
take proper precautions can usually safely operate with administrative
privileges; I do so myself. But I certainly don't recommend it for the
average computer user.
> But what is the better alternative, if any: enable the built-in
> administrator account and convert the administrator account that is created
> automatically when installing Vista to a standard one; or create a second,
> standard account alongside the administrator that is created when installing
> Vista, and leave the built-in administrator account disabled.
> Any thoughts or recommendations?
The built-in Administrator account really was never intended to be
used for day-to-day normal use. The standard security practice is to
rename the account, set a strong password on it, and use it only to
create another account for regular use, reserving the Administrator
account as a "back door" in case something corrupts your regular
I create both an administrative account and a regular account for my
use, reserving the built-in Administrator account (after renaming it and
placing a strong password on it) for emergency use should my "normal"
administrator account become damaged or otherwise unavailable.
Help us help you:
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
Many people would rather die than think; in fact, most do. -Bertrand Russell