New User Account

Since lurking in this ng I've learned that creating a non-administrative
user account
will enhance security.
How does this work?
I'm the only user and the Administrator.
If I create another account will I need to create a password for both
accounts?
When my system starts will I be prompted as to which user is to log in or
can
I select a user to automatically log in?
Can I delete the user account using Vista Basic?

James

JamesJ wrote:

> Since lurking in this ng I've learned that creating a non-administrative
> user account
> will enhance security.
> How does this work?
> I'm the only user and the Administrator.
> If I create another account will I need to create a password for both
> accounts?
> When my system starts will I be prompted as to which user is to log in or
> can
> I select a user to automatically log in?
> Can I delete the user account using Vista Basic?

General Recommendations For Setting Up Users In Vista:

You absolutely do not want to have only one user account. Like XP and all
other modern operating systems, Vista is a multi-user operating system with
built-in system accounts such as Administrator, Default, All Users, and
Guest. These accounts should be left alone as they are part of the operating
system structure.

You particularly don't want only one user account with administrative
privileges on Vista because the built-in Administrator account (normally
only used in emergencies) is disabled by default. If you're running as
Administrator for your daily work and that account gets corrupted, things
will be Difficult. It isn't impossible to activate the built-in Administrator
to rescue things, but it will require third-party tools and working outside
the operating system.

The user account that is for your daily work should be a Standard user, with
the extra administrative user (call it something like "CompAdmin" or "Tech"
or the like) only there for elevation purposes. After you create
"CompAdmin", log into it and change your regular user account to Standard.
Then log back into your regular account.

If you want to go directly to the Desktop and skip the Welcome Screen with
the icons of user accounts, you can do this:

Start Orb>Search box>type: netplwiz [enter]
Click on Continue (or supply an administrator's password) when prompted by
UAC

Uncheck the option "Users must enter a user name and password to use this
computer". Select a user account to automatically log on by clicking on the
desired account to highlight it and then hit OK. Enter the correct password
for that user account (if there is one) when prompted. Leave it blank if
there is no password (null).

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

If you would like to add a user account here is how: Go into control
panel, find user accounts(looks like two people), then there will be an
option to add an account.

Then at start up you will be prompted as to which account you would
like to sign into. If anything you could just activate the guest account
then sign into that instead of creating one. The guest accound also has
limited permissions.

No you will not need to create a password for both accounts. Unless you
would like one it is not needed


--
CrucialHoax

Done.
I'm just going to have trouble getting used to all the restrictions.

Thanks,
James

"Malke" <malke@invalid.invalid> wrote in message
news:eDxdeqqQKHA.5068@TK2MSFTNGP05.phx.gbl...
> JamesJ wrote:
>
>> Since lurking in this ng I've learned that creating a non-administrative
>> user account
>> will enhance security.
>> How does this work?
>> I'm the only user and the Administrator.
>> If I create another account will I need to create a password for both
>> accounts?
>> When my system starts will I be prompted as to which user is to log in or
>> can
>> I select a user to automatically log in?
>> Can I delete the user account using Vista Basic?
>
> General Recommendations For Setting Up Users In Vista:
>
> You absolutely do not want to have only one user account. Like XP and all
> other modern operating systems, Vista is a multi-user operating system
> with
> built-in system accounts such as Administrator, Default, All Users, and
> Guest. These accounts should be left alone as they are part of the
> operating
> system structure.
>
> You particularly don't want only one user account with administrative
> privileges on Vista because the built-in Administrator account (normally
> only used in emergencies) is disabled by default. If you're running as
> Administrator for your daily work and that account gets corrupted, things
> will be Difficult. It isn't impossible to activate the built-in
> Administrator
> to rescue things, but it will require third-party tools and working
> outside
> the operating system.
>
> The user account that is for your daily work should be a Standard user,
> with
> the extra administrative user (call it something like "CompAdmin" or
> "Tech"
> or the like) only there for elevation purposes. After you create
> "CompAdmin", log into it and change your regular user account to Standard.
> Then log back into your regular account.
>
> If you want to go directly to the Desktop and skip the Welcome Screen with
> the icons of user accounts, you can do this:
>
> Start Orb>Search box>type: netplwiz [enter]
> Click on Continue (or supply an administrator's password) when prompted by
> UAC
>
> Uncheck the option "Users must enter a user name and password to use this
> computer". Select a user account to automatically log on by clicking on
> the
> desired account to highlight it and then hit OK. Enter the correct
> password
> for that user account (if there is one) when prompted. Leave it blank if
> there is no password (null).
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>

Your machine will benefit from it, as less could happen. Every OS has
some sort of user control so don't let it bother you


--
CrucialHoax

"JamesJ" <jjy_darwin@roadrunner.com> wrote in message
news:uNeuc2pQKHA.3296@TK2MSFTNGP04.phx.gbl...
> Since lurking in this ng I've learned that creating a
> non-administrative user account will enhance security.

Creating *and using* a LUA (Limited User Account) for your day-to-day
activities will...

> How does this work?

....by offering the programs that you run less privileges than they would
have, had you executed them in any of the more privileged accounts.

Sort of 'minimalist' in the sense that programs are only given enough
power to do what they must - and any malware leveraging a flaw in one of
those programs would be as limited in scope.

> I'm the only user and the Administrator. If I create another
> account will I need to create a password for both accounts?

No, but you can if you want to.

> When my system starts will I be prompted as to which user is to log in
> or can I select a user to automatically log in?

I haven't done it, but I believe you can auto logon to the LUA.

My Vista machine has each family member as a separate passworded logon -
plus the Protected Administrator account (which I seldom use).

> Can I delete the user account using Vista Basic?

What user account are you planning to delete - and when?

Deleting or demoting the last available administrator level account is
*not* a good idea - does that help? )

As Malke suggests, create at least one *other* admin level account
before attempting to demote or delete any of your previous ones. It is a
good idea to have a spare, so that you don't have to activate the hidden
"Built in Administrator" account to get out of a jam.

Vista hid that "Real Administrator" account as a way of enforcing the
use of LUA upon the user (as the "Protected Administrator" account can
somewhat mitigate the 'malware runs as admin' scenario).

Still, to avoid those annoying elevation prompts (security can be such a
pesky thing), people will still migrate toward 'admin' - but on Vista
you will still have "Consent Prompts" so Protected Admin loses some of
it's sex appeal (no substitute for the real thing). This prods users
even further into userland where they belong or makes them defeat the
whole thing they call UAC because it is such a PITA.

It'll take a bit to get used to.

James

"CrucialHoax" <guest@unknown-email.com> wrote in message
news:54b92571c4b82dabbd8618a86a70f5c9@nntp-gateway.com...
>
> Your machine will benefit from it, as less could happen. Every OS has
> some sort of user control so don't let it bother you
>
>
> --
> CrucialHoax

Right now I have 1 Admin and 1 Standard.
Create a spare Admin??

James

"FromTheRafters" <erratic @nomail.afraid.org> wrote in message
news:e8#JAZsQKHA.352@TK2MSFTNGP02.phx.gbl...
> "JamesJ" <jjy_darwin@roadrunner.com> wrote in message
> news:uNeuc2pQKHA.3296@TK2MSFTNGP04.phx.gbl...
>> Since lurking in this ng I've learned that creating a non-administrative
>> user account will enhance security.
>
> Creating *and using* a LUA (Limited User Account) for your day-to-day
> activities will...
>
>> How does this work?
>
> ...by offering the programs that you run less privileges than they would
> have, had you executed them in any of the more privileged accounts.
>
> Sort of 'minimalist' in the sense that programs are only given enough
> power to do what they must - and any malware leveraging a flaw in one of
> those programs would be as limited in scope.
>
>> I'm the only user and the Administrator. If I create another
>> account will I need to create a password for both accounts?
>
> No, but you can if you want to.
>
>> When my system starts will I be prompted as to which user is to log in or
>> can I select a user to automatically log in?
>
> I haven't done it, but I believe you can auto logon to the LUA.
>
> My Vista machine has each family member as a separate passworded logon -
> plus the Protected Administrator account (which I seldom use).
>
>> Can I delete the user account using Vista Basic?
>
> What user account are you planning to delete - and when?
>
> Deleting or demoting the last available administrator level account is
> *not* a good idea - does that help? )
>
> As Malke suggests, create at least one *other* admin level account before
> attempting to demote or delete any of your previous ones. It is a good
> idea to have a spare, so that you don't have to activate the hidden "Built
> in Administrator" account to get out of a jam.
>
> Vista hid that "Real Administrator" account as a way of enforcing the use
> of LUA upon the user (as the "Protected Administrator" account can
> somewhat mitigate the 'malware runs as admin' scenario).
>
> Still, to avoid those annoying elevation prompts (security can be such a
> pesky thing), people will still migrate toward 'admin' - but on Vista you
> will still have "Consent Prompts" so Protected Admin loses some of it's
> sex appeal (no substitute for the real thing). This prods users even
> further into userland where they belong or makes them defeat the whole
> thing they call UAC because it is such a PITA.
>
>
>
>
>
>
>
>
>
>
>
>
>

Yes, indeed.


--
CrucialHoax

I wouldn't bother, but it has been suggested - mostly, I suppose, to
avoid accidental demotion necessitating activating the hidden built in
admin account.

"JamesJ" <jjy_darwin@roadrunner.com> wrote in message
news:uyfbtJuQKHA.5068@TK2MSFTNGP05.phx.gbl...
> Right now I have 1 Admin and 1 Standard.
> Create a spare Admin??
>
> James
>
> "FromTheRafters" <erratic @nomail.afraid.org> wrote in message
> news:e8#JAZsQKHA.352@TK2MSFTNGP02.phx.gbl...
>> "JamesJ" <jjy_darwin@roadrunner.com> wrote in message
>> news:uNeuc2pQKHA.3296@TK2MSFTNGP04.phx.gbl...
>>> Since lurking in this ng I've learned that creating a
>>> non-administrative user account will enhance security.
>>
>> Creating *and using* a LUA (Limited User Account) for your day-to-day
>> activities will...
>>
>>> How does this work?
>>
>> ...by offering the programs that you run less privileges than they
>> would have, had you executed them in any of the more privileged
>> accounts.
>>
>> Sort of 'minimalist' in the sense that programs are only given enough
>> power to do what they must - and any malware leveraging a flaw in one
>> of those programs would be as limited in scope.
>>
>>> I'm the only user and the Administrator. If I create another
>>> account will I need to create a password for both accounts?
>>
>> No, but you can if you want to.
>>
>>> When my system starts will I be prompted as to which user is to log
>>> in or can I select a user to automatically log in?
>>
>> I haven't done it, but I believe you can auto logon to the LUA.
>>
>> My Vista machine has each family member as a separate passworded
>> logon - plus the Protected Administrator account (which I seldom
>> use).
>>
>>> Can I delete the user account using Vista Basic?
>>
>> What user account are you planning to delete - and when?
>>
>> Deleting or demoting the last available administrator level account
>> is *not* a good idea - does that help? )
>>
>> As Malke suggests, create at least one *other* admin level account
>> before attempting to demote or delete any of your previous ones. It
>> is a good idea to have a spare, so that you don't have to activate
>> the hidden "Built in Administrator" account to get out of a jam.
>>
>> Vista hid that "Real Administrator" account as a way of enforcing the
>> use of LUA upon the user (as the "Protected Administrator" account
>> can somewhat mitigate the 'malware runs as admin' scenario).
>>
>> Still, to avoid those annoying elevation prompts (security can be
>> such a pesky thing), people will still migrate toward 'admin' - but
>> on Vista you will still have "Consent Prompts" so Protected Admin
>> loses some of it's sex appeal (no substitute for the real thing).
>> This prods users even further into userland where they belong or
>> makes them defeat the whole thing they call UAC because it is such a
>> PITA.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>