I have read that its a good practice to have a seperate administrator account and use a non administrator account for daily use on windows as it provides another layer of security as its harder for any malicious programs to easily elevate their access from that account.
Is this true? Would this be a reccommended best practice for home users?
Yes and yes. Also you need to go way beyond that because Windows is very privacy invasive by default and there is quite some room for security improvements.
Its nice to have some sort of confirmation that I am not just inconveniencing myself for no reason lol
I am aware. Trying to just keep it to this specific issue as there are quite a few posts relating to the hardening of windows.
There was a hardening guide in the older parts of the forum.
Here you go
Its a bit old, Basically turn on all protections that you can in the Windows Defender setting and try to set the highest protection setting possible.
Turn on Bitlocker encryption if you can. Do be careful though and read more on this because there could be some gotchas that could lock you out if something along the encryption chain fails.
Thanks!
As an aside, I typically use those kind of guides to get an overview of areas people look to change for security / privacy but then I will do a bit more research or ask some questions before changing.
My concern with following those guides blindly is they do not give a clear explanation of how these changes affect the OS functionality as a whole or, to bring it back towards a more privacy aspect, what kind of threat level the given change is supposed to cater to.
There is also a way to get prompted for the password on every admin action regardless of you being an admin. If you are a developer that might be more suited for you. Some things won’t work well as regular user.
This will have negative privacy implications and transmit quite some data about your files and programs to Microsoft. Wouldn’t recommend it.
Problem is that programs will still run with an admin token. It’s still much better to use a normal non-admin user account and elevate or change account as needed. I have used a non-admin everyday account for many years and usage is reasonable comfortable for the additional protection you get.
Yes Microsoft does upload samples they deem suspicious to their own servers.
But you are already running Microsoft, so privacy concerns are already moot, if you are not using Enterprise/Education version with the pertinent settings off.
We could slide this into another “use other OS” discussion. The question seemed to inquire specifically into hardening the base OS.
That’s only one problem. It also transmits a lot of metadata about files and programs on your device and your usage, if you use MAPS.
No. You can significantly reduce your privacy exposure through settings and users should obviously do that. Many people just have no other choice, than to use Windows for compatibility reasons, so a fatalistic attitude doesn’t help at all.
Either you use windows and turn the security features on, or you dont use windows.
Hardening windows by turning off defender is beyond stupid. SmartScreen and the other web reputation functions I could understand, although they’re very good at protecting the average user, but beyond that- hell no. Especially for people whom aren’t knowledgable on the OS.
There is no need to run a non-admin account if you’re using an online account. I would never use a standard account at home other than regulating access to other people on my device.
WDAC and Applocker are the real 2.0 security settings to look into but they won’t increase your privacy.
Don’t download “fix my windows privacy scripts” and run them without knowing what they do. The good ones are just configuring already existing group policies. And the bad ones will make you think Windows is dog water when in reality you’ve broken your system.
Most privacy services you pay for are iffy. Especially if they’re closed source. Programs like Glasswire whom are basically an interface with fluff for windows firewall… just learn how to use the fire wall already built in.
Look into sysinternals tools by microsoft for deep dives into whats going on. Learn how the OS works instead of taking “shortcuts”.
I never said that. I just said that turning on all Windows Defender features and setting them to the highest level is not a good idea from a privacy perspective. Of course people should still use non-invasive features.
This will lower security of your device.
Since you proposed to use an admin account for everyday home use, this will limit protection through WDAC. Admin tokens are allowed to modify WDAC policies. You would need a signed WDAC policy to protect against that, which a home user who won’t even use a non-admin account for sure won’t implement.
Yes, you are inconveniencing yourself for no reason. The Windows guide is wrong on this point. Here are quotes from official documentation by Microsoft:
Most UAC bypasses I saw in the past required a user to be in the Administrators group to be successful for privilege escalation and some even haven’t needed sophisticated attacks.
I am not sure what the relevance of this quote is. I think its implied from the post title that the user account would have been removed from the admin group, and that there is another admin user that is active but not used.
Full disclosure here - as I do not fully understand what it means by “security context” but perusing through the article…
When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The standard user access token:
Contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed
It’s used to start applications that don’t perform administrative tasks (standard user apps)It’s used to display the desktop by executing the process explorer.exe. Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all apps run as a standard user unless a user provides consent or credentials to approve an app to use a full administrative access token
These seem like the benefits you want from either being a standard user or having UAC elevation prompts. As, atleast for me, the point is to mitigate a situation where malware is attempting to elevate its rights inside the OS. This is a lot easier to do inside an admin user with UAC off.
Sure thing. It’s not the best but a viable option for those who need to be in admin account.
No-one needs an actual Administrators account for everyday usage, since you can just elevate privileges from a standard user account for the tasks which need it. There are just a few tasks for which you directly need to be logged in to an admin account, for example for editing group policies or registry entries.
This doesn’t work for everything. But happy to know it works for you.
Yes and Yes.
For years and Years.
Home and Office where I was also a domain admin.
Crank UAC bar up to “maximum”