Both home users and business users alike can avoid up to 94% of Windows exploits and malware infections by one simple change: using a “non-Admin” User Account. In this blog post, I'll explain why you shouldn't use the default "Admin" account, which offers full, unrestricted access to all your computer's vital operating systems and files, for your regular computer use. I’ll also explain how home users can set up additional user accounts; for business users, your IT service provider should have this implemented already if they’re following industry best practices. And, if all this seems like more than you want to deal with, I'll also give you a hands-off option!
Want someone to help you with your business accounts?
How Limiting Admin Access Prevents Malware
So how does eliminating admin access prevent malware and other problems? Simple: If the user cannot perform certain operations in the overall system due to limited access rights, the malware that tries to infect the system can't get in through that user's portal! It's not a matter of trust—it's a matter of reducing the potential vulnerabilities or ways into your system for rogue applications, unwanted spyware, and other nasty infiltrators.
Case in point: Even the President of our company does not have an “Admin” account on his workstation! You really can’t get much better proof than that—we practice what we preach! Limiting admin-level access to necessary IT users helps ensure that your system stays as secure and controlled as possible.
Further, as we’ve talked about in the past—and there’s no nice way to say it—one of the most common causes of computer problems, in general, is user error. (My blog post "Want to Outsmart PopUps, Malware, and Internet Scams? Don't click YES!" explains one easy way to significantly improve your internet security without spending a dime.)
But doesn’t this mean I won’t be able to do anything?
No, actually! You probably won’t notice much of a difference at all using a non-Admin account. You’ll still be able to get your work done, use the software you have installed, create and save files, use the internet, and just about anything else you do on a regular basis.
If you run across something that normally would require an Admin account, all you have to do is type in your Admin account password into the box that pops up automatically. The nice secondary effect of this happening is that it makes you aware that you’re trying to do something you should stop, think, and carefully read about before you decide you want to proceed.
Here’s a list of some things you might need to type in the password for:
- Install or remove programs
- Copy, change, or delete files in protected areas of the hard drive
- Change critical operating system (OS) settings (things that are typically only done during initial setup, personalization settings, and basic options are changeable without a password)
How to Configure Additional Non-Admin User Accounts
If you’re pretty tech-savvy, you can configure your own separate accounts for your home or business by following the instructions below. Alternately, you can contact the Dymin techs and we’ll take care of everything for you!
For Home Users
It’s a good idea for home users to have a separate account for each person: mom, dad, and each kid (or one that all of your kids share). This allows each person to have their own personalization, separate documents folders, saved websites, saved passwords, etc. (This is a good in-depth article about how this works for home users.)
Once you’ve set up your standard user account, your computer login screen will look like the photo on the left. Simply click your name to sign in to the computer. If you ever need to make lots of changes or install multiple programs, you can just log out and log directly into the Admin account.
I also recommend creating a good, strong password for your Admin account—and not sharing it with your kids or other standard users.
Creating a New User Account in Windows 10
- Click the Windows icon in the lower-left corner
- Click “Settings”, then “Accounts”, then “Family & Other Users”
- Select “Add someone else to this PC”
- Select “I don’t have this person’s sign-in information.”
- Select “Add a user without a Microsoft account”
- Enter a username and password and click “Next” (you won’t be able to use “Administrator,” so use something like “Admin” or your name with "-admin" at the end)
- Click on the newly created Admin account now showing on the same screen and click “Change account type,” then select “Administrator” from the box and click “OK”
- Proceed to Phase 2 below
Creating a New User Account in Windows 7
- Click the Windows icon in the lower-left corner
- Type “Add user” and click on “Add or remove user accounts” when it shows up
- Click “Create a new account”
- Enter a username and password and click “Next” (you won’t be able to use “Administrator,” so use something like “Admin” or your name with -admin at the end)
- Selection “Administrator” out of the two options below and click “Create Account”
- You’ll be back on the prior screen, click on the newly created Admin account, then click “Create a password” and give it a good one.
- Proceed to Phase 2 below
Phase 2 (for both Windows 10 and 7)
- Reboot the computer and click on your usual account at the login screen
- Click the Windows icon again and start typing “User Accounts,” then click the result when it shows up
- Click “Change your account type”
- Select the “Standard” option, then click “Change Account Type” at the bottom to confirm.
For Business Users
Your IT service provider should have properly configured your workstations using policies controlled by your main server (called a “Domain Controller”). With a network that is set up following the industry best practices, all users should automatically have standard (non-Admin) user accounts. This is even less of a burden for those using a good managed IT services provider, because when the IT services provider properly configures the network, software is automatically installed by the server, updates are controlled by the server, and the users really don’t have to do anything other than USE their computers and get their jobs done!
Can You Get Rid of Your Admin Access?
Don't want to "do it yourself"? For home users who just can’t avoid getting malware infections—even with the best-of-the-best anti-malware software we can provide—we recommend an extreme tactic: not having admin access at all. The Dymin techs can help you configure user accounts for yourself, your family members, and even guest users that have appropriate levels of non-admin access and retain exclusive access to the Admin account. You can trust Dymin's professional technicials to take care of any functions that require an Admin-level account access and to help you troubleshoot any difficulties with convenient in-home service options or in our store. This is the "ultimate weapon" against malware and other potential system problems; in fact, we’ve been using this technique for businesses that have our managed IT services plans since the very beginning. This ensures users can’t do anything to accidentally screw up the systems and that every potential access point for malware or other issues to enter your home or business system can be monitored by our knowledgeable IT professionals.
If you want to know more about managed IT services for business, check out our ebook by clicking the link below. If you aren’t sure that your network is properly setup or being maintained with modern security practices, or if you need help setting up a new user account, contact Dymin Systems for a free consultation.
 Avecto Microsoft Vulnerability Report 2016: http://learn.avecto.com/microsoft-vulnerabilities-report-2016 (you will need to enter your information to download the report)