Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Best practice for using Windows XP Pro as a single user at home with DSL

Posted on 2004-03-25
7
Medium Priority
?
635 Views
Last Modified: 2013-12-04
I recently formatted my computer and installed Windows XP Pro.  I'm the only one using it at home.  It defaults to the out-of-the-box Administrator account, which is fine.  However, my question is, should I be using this account?  I already went ahead and installed all my programs using that account, even my Pocket PC.

Then I decide to create just a regular user account, and when I did, it creates another Administrator account, no choice.  So, what's the deal?  Now when I log in, it logs me automatically into the "new" administrator account.  When I do GPEDIT.MSC, it shows 2 Administrator accounts.

I just don't quite get how the My Documents and Settings folder and the policy structure is.  Basically I am just a single user at home that happened to have XP pro when I bought the machine and I don't want to drill and drill down the folders till I get to where everything defaults to My Documents.

And basically, it's also a security issue i.e. hackers, viruses etc....  I've heard so many opinions from co-workers and stuff, but I really don't think they know what they are talking about (and these are IS people!!)  How safe is it to use the out of the box Administrator account as the everyday user account?  Should I even have created a new user that got me the other administrator account?  What are the best practices?

Should all programs be installed using the hidden administrator account or the created administrator account?  Should I do everyday work in an administrator account, and if so, which?  If I created another user and called it "Kenny" as a Power User, isn't that like administrator privilidge?  Then regular User account would be too limited.  I just want to do everything up front so that when I log in, it will just be me and I don't have to go finding profiles of software that were installed in different accounts etc...... for example my pocket pc.

I'm so confused..... please help.
0
Comment
Question by:KC_78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683815
Hi KC_78,
The two admin issu is strange.. newer encountered that myself, you should be able to create users as you wish!
Wether you should use the administrator account or not is dependent of how much you trust yourself not to delete anything important.. i use only the admin account on my home network, but then again we are two proffesionals that uses it.. (and never does mistakes.. ;-) )

The best approach according to MS is to create a poweruser account for trusted users, and lower levels to your kids and so on.. THe poweruser has all rights but destroying the most important system files.

The structure of MY DOCUMENTS is C:\Documents and Settings\username (you may copy all your folders from the admin account from there to the new user and keep bookmarks, files, shortcuts and most your programsettings.. ps: reboot afterwards..)

Mattis
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10684555
Never operate as ADMIN or a user with admin rights- use "runas" to elevate your priveldges when you need to install (highlight an icon- hold shift, and right-click- you'll see runas...) it also has cmd line
I recommend User, power-user is just below admin, but not by much. First, and formost- get AV, mcafee is my choice. Second, turn on XP's firewall, it is decent, and does a pretty good job of keeping your pc from attracting attention- go to GRC.com and do a before and after firewall comparison https://grc.com/x/ne.dll?bh0bkyd2
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp

Turn off a few services... you say you don't need to connect to other windows boxes? Then  stop the Server service, then disable it. Do the same with "Remote registry" and "messenger". Run windows update as soon as you can, get patched.
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp (same with the other two) You'll need the Server service if you plan to share a folder on the internet (not recommended- no matter what) or you need to connect to a windows domain, or windows server.

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_whynot_admin.asp
http://www.microsoft.com/downloads/details.aspx?FamilyID=2d3e25bc-f434-4cc6-a5a7-09a8a229f118&displaylang=en
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_runas.asp

The my doc's question has been taken care of above. Security is a Process, not a Program- as annoying as running RunAs is... it is a best practice- Unix has been doing this from the begining- that's why they own M$ in the security arena. RunAs is the same as Sudo for linux/unix. GRC.COM also has some good tips and porgrams to help keep you safe.
remember, anti-virus, number one rule with M$- make the AV companies money...
GL!
-rich

0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684573
As a alternative to McAffe i will reccomend Trendmicros products.. (sorry richrumble ;-) ) Dont purchase NORTON.. its only trouble!!!
As for a firewall i recomend www.zonealarm.com, I think its better than the built in XP firewall, and its free and extremely easy to set up.. (it aslo have some features that the built in does not have)
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:KC_78
ID: 10695722
Guys, you are great, I would accept the answers, but there are still some issues....... when I'm on my computer, I multitask.  I work (job stuff), I tweak around if I found something out, I install, I do everything.  I am the only person using the computer.  I tried to follow those links that you guys gave me, but especially the microsoft guidlines, they seem like they are targeted for families.  Like no one touches the administrator account, but make one limited for the wife, the kids etc....... But for me, I'm just a single boring Chemical Engineer who is trying to learn some stuff from the internet because people at work are too cheap to pay for training and I get all these expectations from them.  (I'm sorry, I'm just venting)

But when I use user or poweruser, it seems almost impossible to work and at the same time use the internet to find answerse.....with all the restrictions.

Also, maybe I wrote the question too hastily.  However, the issues about viruses and trojans and firewalls did help alot.  I just put in another post and it is similar, but its more to do with the structure of how Windows reacts when you install stuff.  PLease take a read and maybe it'll be clearer as to what I am actually trying to ask........ (I don't explain stuff very well......)  THANKS
0
 

Author Comment

by:KC_78
ID: 10695728
Opps, I'm sorry the post that I wrote again is in the Windows XP category and it's title is " In which account should I be initially installing software with a clean system?"
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 280 total points
ID: 10696952
Best practices are best practices. Security isn't a Program, it's a Process. now that's out of the way...
I honestly have no problem with a poweruser account I operate at work. I use RunAs daily- to be sure, but it's pretty simple, hold shift right-click runas ... user/pass/domain etc..
We've offered the best practices as asked. Weather you follow them or not.. is up to you. I really don't know about the 2 administrator accounts thing... they are both named "Administrator?" no difference in spelling...? There is something that I enjoy about my computer at work, it run's linux, with a Vmware installation that is running win2k. Vmware allows you to take a "snapshot" of your system, and then revert if something should go wrong. XP has something similar with "System Restore" however it sucks in comparison. I can take a snapshot with VMware, then install a program- if it wreaks my machine, or slows it down, or I get a virus etc... I can go right back to a nice clean previous version, no worries. This may not be for you, or many out there, but I love it.

This may be more what your looking for:
With M$ it's unfortunate that Anti-virus is a necessity, as well as a Firewall. Keeping up on patches, both for the OS as well as your applications, like the AV and the FW will need updates also. XP's firewall is ok at firewalling. ZoneAlarm's is better a leak protection, meaning it has FW and process conrol- say you are the lucky recipiant of the newest virus, and there is no virus definition yet because it's only been circulating for a few hours- the av compines havent even recived work of it. You'd be helpless with out process control, ZA will ask you "would you like "new-vir.exe" to access the internet?" you would look it up on the internet, and not find anything on it perhaps.... that mean DENY, even when you do find it on the internet, read  more than 1 source on it's usage or purpose, then deny or permit based on your finding. ZA is even better than AV in those respects, the free one will do this, but the pay for versions are more configurable.

Also, to install (most) programs, you must have an admin priv, like being in the admin group, running as admin, or using runas and typing in a username and password in the admin group. Again, the 2 admin's I don't know what to say to that... never seen it.
-rich
0
 

Author Comment

by:KC_78
ID: 10697168
Thanks Rich for your patience with me.  I apologize if I came across as stubborn.  I finally figured out what was going on.  I'm actually in the middle of reinstalling WIN XP Pro to try and reproduce the results.

I guess is that this situation is made transparent by M$ to the general public.  M$ I think wants its users to use the XP interface and not really the classic interface, because with the classic interface, I think you can actually see more information, that's why I was confused.

What's happening is that when you do a fresh install of Win XP, you're doing it in the Administrator mode, you have to.  Then you do the essentials like drivers.  When you go create a user next, it wants you to have an account that is both in the administrator account and in the user account.  Bear in mind, this is creating a user using the XP interface, not the "control userpasswords2" way.  So, in the XP interface, a box shows up for you to name the account.  And in the XP interface, there are only 2 choices when you create an account, Administrator and Limited.  I think that's where I was confusing you guys because the limited account is grayed out, with a message saying "that at least one account must be in the administrator group".

So, from what I gather, when you turn on your computer with the XP welcome screen, M$ wants the average user to see that little boxy picture thingy with the newly created account and not the original Administrator account.  So right after I created the user "John Doe", I went to control userpasswords2, and sure enough, John Doe belonged in both the Administrators and Users group.  Something M$ came up with automatically if you create an account using the XP interface.  And I think this is probably for reasons, say the new administrator account, called "IS ADMIN" gets full permission to that computer and other people in a company or whatever, at home (the kids) get their own little nice picture and account.

So, FYI to everyone who I confused, there is no 2 administrator accounts.  M$ wants you to have at least 2 users in the "Administrators Account GROUP", so that the ORIGINAL Administrator ACCOUNT can be hidden.

So with that said..... foot in the mouth, or in this case no brain filter...... I will close the case.  I think I will create another account (Power users group) to function since I'm the only one using the computer and to install apps I'll use the account in the Administrator group.

Thanks for all your help.............KC
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question