Did I set up my Vista accounts safely?

I need some help guys. I need to verify that I setup my Vista installation securely. I just installed Vista and during the installation it asked me to create an account. I was advised that the account was an Administrator type account. So I created my account and provided a password. Then once Vista was installed, I went in and created a standard user account. This standard user account is my personal account that I plan to log in with everyday and surf the web, type docs etc. Did I set up everything properly? Is this the secure way to do things? I ask since I am use to using the administrator account for everything since everything needed admin level rights in previous versions of Windows, as I remember. I use this method for my Linux installs where I use my user account for most everything and use the root account in a limited manner to do admin stuff. Thanks

 

Creating and using a "user" account for day to day activities is always the most secure. However, for the "admin" of a computer at home, this isn't really necessary when running Vista or Windows 7. Under Vista/7, an administrator operates at a user level unless elevated permissions are required (think adding/removing applications, registry edits, etc). If that is the case, a UAC prompt asks for confirmation. As such, I use my administrator account - created during installation - for all day to day activities. My kids have standard user accounts, because I need to lock down what they can and cannot do.

So, it's really up to you. You can use a standard account, or you can use the default account you created. If you will be visiting websites of a questionable nature, you might want to stick with a standard account.

 

I advise sticking with the standard user account. First, UAC allows you to conduct almost all adminstrative activities by dynamically elevating your privledges, so you never actually need to log into your admin account to run things as administrator. Second, standard user accounts are a sort of isolation zone that can stop malware from infesting your entire system. Should something malicious infect your standard user account, you can simply log out, log in as your admin, back up your documents, and nuke the infected account before creating a new one. There is hardly any tradeoff for these benefits, a rarely used account takes a trivial amount of disk space.

Give the Admin account a good password and keep it around. One day, you may be very glad you did.

 

Thanks so much guys, your posts cleared it up for me. It looks like it was UAC that was confusing me. I know the idea behind using an account without admin privileges, but what was throwing me off is that the UAC pops up a confirmation asking to continue or not even for a Administror user. I wasn't use to that on other OS.

So I think I will stick with my current scheme. I have an administrator user with a strong password, who I don't really ever log in as(unless there is a special need or emergency) and a standard user account(with a strong password) which I use all the time. Every time I have an admin level task to be completed then it asks me for the Admin password, which I supply. A little more work but it is worth it and I am used to it on Linux.

 

Yup. But if you're the admin user, then UAC is just a one-click affair. If you're a standard user, then UAC makes you type your admin password.

At least that's the default setup. If you have Vista Business or Ultimate, then those things can be changed in Control Panel > Sys & Maint > Admin Tools > Local Security Policy > Local Policies > Security Options. If you have one of the home editions, then it's a matter of making registry tweaks.