scelli
Native New Yorker
Premium
join:1999-08-07
USA
| Creating Limited User Account on Win XP
I have read numerous postings here on the increased security provided by running as a limited account user, and have some rather simple questions:
1) I've never operated as anything else but administrator on my PC since I'm the only one who has access to it. How do I go about creating a limited user account?
2) Once such an account is created, do you log off as admin and then log on to the limited account? Do you need to set a password?
3) How easy is it to toggle back and forth between the two if necessary?
4) I have this big fear of logging out as admin, logging in as a limited user and then not being able to log back on as admin. How does the procedure work and can I accidentally lock myself out of my own PC? 
Sorry if these questions seem rather dumb but I just haven't ever had the need to run as anything but administrator, so it's all Greek to me. 
My OS is Win XP Pro SP2.
TIA! |
|
JTM1051
Premium,MVM
join:2000-07-08
Moorpark, CA
| You can start with Microsoft Security At Home article:
Limited User accounts can protect your Windows XP computer when you browse the Web |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| Requirement of administrative privileges to run certain programs dampens the chances of providing a limited user with greater flexibility. With the Service Pack 2 now integrated with this, it is now one of the most advanced secure operating system till date and assures you of the highest level of protection whether browsing or working online / offline. And it gives you more control over each application / feature than you ever thought was possible.
This thread will help you understand limitations and how to avoid them
Win XP Pro SP2 Limited User Account
»www.derkeiler.com/Newsgroups/com···295.html
and..
HOWTO Beat Windows Software into Submission
»www.planetcobalt.net/sdb/submission.shtml
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
scelli
Native New Yorker
Premium
join:1999-08-07
USA | Thanks to both of you for providing the valuable info. Guess I have some reading to do if I'm going to avoid making a complete disaster of things, huh?  |
|
redwolfe_98
join:2001-06-11
 ·RoadRunner Cable
| reply to scelli
i started using a limited user account, not too long ago.. it wasn't very difficult, for me..
are you using win xpsp2-home or win xpsp2-pro?
i am running win xpsp2-home.. the trick for me was seeing how to adjust "permissions" for files and folders, in win xpsp2-home..
with win xpsp2-pro, adjusting the folder and file permissions is not too difficult, but, with win xpsp2-home, in order to access those settings, you have to boot into "safe mode"..
you might have to adjust the "permissions" for some files or folders in order to get things to work the way that you want them to, from within a limited user account..
another trick is to use "runas" to run programs with "administrator priviledges" from within a limited user account..
i don't use "fast user switching".. if i want to switch between user accounts, i log off from one account and then login to the other one..
honestly, using a limited user account is not very difficult.. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to scelli
I agree with redwolfe_98..just do not know what other third party programs you are running...but if you have problems with any of them once you have made the move..many will help you at this forum to make it all copasetic.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
 ·Verizon Online DSL
1 edit | reply to scelli
Aaron Margosis is a MS consultant who is "the" name in successfully running as user vs. admin for daily tasks, and has quite a few good resources (including a nifty "make me admin" utility to temporarily run as admin, more flexible than even "run as") to help you over the humps. His blog is at »blogs.msdn.com/aaron_margosis/default.aspx and there you'll find not only tips and techniques, but links to other resources (for instance, look at the bottom of the left hand nav bar).
I can only add that this is WELL worth doing, and with "run as" just a shift click away, really not much of a pain. I strongly disagree with some of the info in one of the previously posted links that "most programs require admin. rights"---I've found VERY few, and most of those are easily worked around. You do need to install programs originally as admin. (since that usually requires registry access), and once in a while have to specifically allow your user access, though that's not common. Some AV and other programs require you to be logged on as admin. to update, so do that once a week or so (my Symantec Corporate AV updates just fine from a user account), and MS updates need you to be logged in as admin., so do that manually on Patch Tuesdays (or a few days after if you want the bugs out  ).
And as Name Game said, if you run into any problems, post here and you'll surely get quick help. This is one of the top suggestions for security that I make to new users, and unfortunately, one that meets a lot of resistance.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
scelli
Native New Yorker
Premium
join:1999-08-07
USA
| Thanks altermatt and everyone else as well! I now must read and digest all of this good info in order to implement something. 
Much appreciated, folks! |
|
LOLolLOLHAHA
@comcast.net
| Requirement of administrative privileges to run certain programs dampens the chances of providing a limited user with greater flexibility. With the Service Pack 2 now integrated with this, it is now one of the most advanced secure operating system till date and assures you of the highest level of protection whether browsing or working online / offline.
Bahahahaha. I am rolling (literally). Any time I hear the words Microsoft, OS, and secure in the same sentence I laugh. Whenever I hear someone say XP is the most secure OS in history, I don't know whether to laugh or cry. It's sad some people believe this.
It's funny that Microsoft has just now caught onto multi-user computing, while Unix has been doing this since the 1970's. Way to catch up with the times, Microsoft, you're just 30 years and 2 billion security breaches too late. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
1 edit | reply to scelli
Another tip for you--
You will only be able to alter files as a limited user that you have created as a limited user.
If you have a lot of files currently created as Admin. (personal data, etc.) that you want to be able to modify as a limited user, the simplest way to make the adjustment is to create a new Admin. account, then once that's done, change the old Admin. account to a limited account.
Voila! The files still "belong" to the same user and so can be modified at will, only now that user is a limited account user.
And for XP Pro, that also cuts down on the number of 'permissions' changes you might need or want to make.
*Edit- sp |
|
scelli
Native New Yorker
Premium
join:1999-08-07
USA
| Is it possible to import things like my current desktop settings, program start menu etc. so that they would appear the same in a LUA? I'm aware I will not be able to utilize certain progs where admin privileges are required if signed in as a limited user. In other words: do I have to manually re-build the stuff in the LUA so it looks like my admin account? |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to LOLolLOLHAHA
said by LOLolLOLHAHA :
Requirement of administrative privileges to run certain programs dampens the chances of providing a limited user with greater flexibility. With the Service Pack 2 now integrated with this, it is now one of the most advanced secure operating system till date and assures you of the highest level of protection whether browsing or working online / offline.
Bahahahaha. I am rolling (literally). Any time I hear the words Microsoft, OS, and secure in the same sentence I laugh. Whenever I hear someone say XP is the most secure OS in history, I don't know whether to laugh or cry. It's sad some people believe this.
It's funny that Microsoft has just now caught onto multi-user computing, while Unix has been doing this since the 1970's. Way to catch up with the times, Microsoft, you're just 30 years and 2 billion security breaches too late.
Yup..having a get out of jail free card..is just another roll of the dice.
»www.unix.com/unix-dummies-questi···hts.html
»www.unix.com/unix-dummies-questi···dge.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
hahahLOLOLOL
@comcast.net
| Funny, my Linux box comes multi-user capable out of the box. Nothing to configure. Simply enter your root password and your user password and you're done. Further, you can add and delete users in about 30 seconds.
These guys on the forum you list must be using some sort of true *Unix* server/enterprise OS. I know they aren't using the more popular BSD and Linux variants. |
|
hahahaLOLOLOL
@comcast.net
| Oh now I see, namegame, you run a security website. It figures that you want to tout the "security" of XP and Vista because you (or whoever runs that site) lose business otherwise.
Hard to sell AV software if people use Mac or *nix isn't it? Hard to have security issues to blog about unless Windows remains the topic. Windows, afterall, is the bastion of security. I suppose that's why they recently hired a noted Linux developer to come help them with security.
Here is a snippet from your site:
"Bugs in the ActiveX controls on popular social networking sites Facebook and MySpace can be used by hackers to snatch control of Windows PCs, security experts said today."
Funny, I don't have to worry about such pests on my *nix box. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to scelli
said by scelli  :Is it possible to import things like my current desktop settings, program start menu etc. so that they would appear the same in a LUA? I'm aware I will not be able to utilize certain progs where admin privileges are required if signed in as a limited user. In other words: do I have to manually re-build the stuff in the LUA so it looks like my admin account? Maybe I'm not clear what you mean-- but if you turn your current Admin. account into a limited one after creating a new Admin. account, you basically need change nothing, in the scenario I was referring to.
All of your current Registry and personal settings are already in place-- they're just now in place under limited user rights rather than Admin. privileges.
"Joe" is now a limited user, rather than an Administrator-- he's been demoted, but gets to keep his same desk, phone number, computer, and paperwork.
There might be a setting or Registry value or two that retains Admin. privileges-- sort of a quirk of Windows-- but I don't think it would be much you'd need to concern about. |
|
alfee
join:2006-05-12
Toledo, OH | reply to AB
Good tip AB.Really makes it easy. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
 ·Vonage
| reply to scelli
said by scelli :Is it possible to import things like my current desktop settings, program start menu etc. so that they would appear the same in a LUA? I'm aware I will not be able to utilize certain progs where admin privileges are required if signed in as a limited user. In other words: do I have to manually re-build the stuff in the LUA so it looks like my admin account? You don't have to import anything. As AB said, create a new admin account (to take the place of your current one, there must be one admin account, which you will need to use on occasion), and then change your current admin account to a LUA in Control Panel>User settings. Everything will be saved as it is. The only difference will be is with the permissions.
--
10,491 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
2 edits | reply to hahahaLOLOLOL
What does any of your nonsense have to do with the topic, other than to create a problem? The OP didn't ask anything about using "*nix" (how cute,*) or for a recommendation for a different OS. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by La Luna :. . The OP didn't ask anything about using "*nix" (how cute,*) or for a recommendation for a different OS. . . Is that a problem, Luna?
I highly recommend S'mores, btw. Far superior to Oreos, and not as much stuff gets stuck in your teeth. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| I dunno, I thought the concept of a thread topic title was rather easy to comprehend.
I could be wrong though.
I'll be sure to check out those S'mores.
--
10,491 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
