Solved

Best practice for using Windows XP Pro as a single user at home with DSL

Posted on 2004-03-25
7
596 Views
Last Modified: 2013-12-04
I recently formatted my computer and installed Windows XP Pro.  I'm the only one using it at home.  It defaults to the out-of-the-box Administrator account, which is fine.  However, my question is, should I be using this account?  I already went ahead and installed all my programs using that account, even my Pocket PC.

Then I decide to create just a regular user account, and when I did, it creates another Administrator account, no choice.  So, what's the deal?  Now when I log in, it logs me automatically into the "new" administrator account.  When I do GPEDIT.MSC, it shows 2 Administrator accounts.

I just don't quite get how the My Documents and Settings folder and the policy structure is.  Basically I am just a single user at home that happened to have XP pro when I bought the machine and I don't want to drill and drill down the folders till I get to where everything defaults to My Documents.

And basically, it's also a security issue i.e. hackers, viruses etc....  I've heard so many opinions from co-workers and stuff, but I really don't think they know what they are talking about (and these are IS people!!)  How safe is it to use the out of the box Administrator account as the everyday user account?  Should I even have created a new user that got me the other administrator account?  What are the best practices?

Should all programs be installed using the hidden administrator account or the created administrator account?  Should I do everyday work in an administrator account, and if so, which?  If I created another user and called it "Kenny" as a Power User, isn't that like administrator privilidge?  Then regular User account would be too limited.  I just want to do everything up front so that when I log in, it will just be me and I don't have to go finding profiles of software that were installed in different accounts etc...... for example my pocket pc.

I'm so confused..... please help.
0
Comment
Question by:KC_78
  • 3
  • 2
  • 2
7 Comments
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683815
Hi KC_78,
The two admin issu is strange.. newer encountered that myself, you should be able to create users as you wish!
Wether you should use the administrator account or not is dependent of how much you trust yourself not to delete anything important.. i use only the admin account on my home network, but then again we are two proffesionals that uses it.. (and never does mistakes.. ;-) )

The best approach according to MS is to create a poweruser account for trusted users, and lower levels to your kids and so on.. THe poweruser has all rights but destroying the most important system files.

The structure of MY DOCUMENTS is C:\Documents and Settings\username (you may copy all your folders from the admin account from there to the new user and keep bookmarks, files, shortcuts and most your programsettings.. ps: reboot afterwards..)

Mattis
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10684555
Never operate as ADMIN or a user with admin rights- use "runas" to elevate your priveldges when you need to install (highlight an icon- hold shift, and right-click- you'll see runas...) it also has cmd line
I recommend User, power-user is just below admin, but not by much. First, and formost- get AV, mcafee is my choice. Second, turn on XP's firewall, it is decent, and does a pretty good job of keeping your pc from attracting attention- go to GRC.com and do a before and after firewall comparison https://grc.com/x/ne.dll?bh0bkyd2
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp

Turn off a few services... you say you don't need to connect to other windows boxes? Then  stop the Server service, then disable it. Do the same with "Remote registry" and "messenger". Run windows update as soon as you can, get patched.
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp (same with the other two) You'll need the Server service if you plan to share a folder on the internet (not recommended- no matter what) or you need to connect to a windows domain, or windows server.

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_whynot_admin.asp
http://www.microsoft.com/downloads/details.aspx?FamilyID=2d3e25bc-f434-4cc6-a5a7-09a8a229f118&displaylang=en
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_runas.asp

The my doc's question has been taken care of above. Security is a Process, not a Program- as annoying as running RunAs is... it is a best practice- Unix has been doing this from the begining- that's why they own M$ in the security arena. RunAs is the same as Sudo for linux/unix. GRC.COM also has some good tips and porgrams to help keep you safe.
remember, anti-virus, number one rule with M$- make the AV companies money...
GL!
-rich

0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684573
As a alternative to McAffe i will reccomend Trendmicros products.. (sorry richrumble ;-) ) Dont purchase NORTON.. its only trouble!!!
As for a firewall i recomend www.zonealarm.com, I think its better than the built in XP firewall, and its free and extremely easy to set up.. (it aslo have some features that the built in does not have)
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:KC_78
ID: 10695722
Guys, you are great, I would accept the answers, but there are still some issues....... when I'm on my computer, I multitask.  I work (job stuff), I tweak around if I found something out, I install, I do everything.  I am the only person using the computer.  I tried to follow those links that you guys gave me, but especially the microsoft guidlines, they seem like they are targeted for families.  Like no one touches the administrator account, but make one limited for the wife, the kids etc....... But for me, I'm just a single boring Chemical Engineer who is trying to learn some stuff from the internet because people at work are too cheap to pay for training and I get all these expectations from them.  (I'm sorry, I'm just venting)

But when I use user or poweruser, it seems almost impossible to work and at the same time use the internet to find answerse.....with all the restrictions.

Also, maybe I wrote the question too hastily.  However, the issues about viruses and trojans and firewalls did help alot.  I just put in another post and it is similar, but its more to do with the structure of how Windows reacts when you install stuff.  PLease take a read and maybe it'll be clearer as to what I am actually trying to ask........ (I don't explain stuff very well......)  THANKS
0
 

Author Comment

by:KC_78
ID: 10695728
Opps, I'm sorry the post that I wrote again is in the Windows XP category and it's title is " In which account should I be initially installing software with a clean system?"
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 70 total points
ID: 10696952
Best practices are best practices. Security isn't a Program, it's a Process. now that's out of the way...
I honestly have no problem with a poweruser account I operate at work. I use RunAs daily- to be sure, but it's pretty simple, hold shift right-click runas ... user/pass/domain etc..
We've offered the best practices as asked. Weather you follow them or not.. is up to you. I really don't know about the 2 administrator accounts thing... they are both named "Administrator?" no difference in spelling...? There is something that I enjoy about my computer at work, it run's linux, with a Vmware installation that is running win2k. Vmware allows you to take a "snapshot" of your system, and then revert if something should go wrong. XP has something similar with "System Restore" however it sucks in comparison. I can take a snapshot with VMware, then install a program- if it wreaks my machine, or slows it down, or I get a virus etc... I can go right back to a nice clean previous version, no worries. This may not be for you, or many out there, but I love it.

This may be more what your looking for:
With M$ it's unfortunate that Anti-virus is a necessity, as well as a Firewall. Keeping up on patches, both for the OS as well as your applications, like the AV and the FW will need updates also. XP's firewall is ok at firewalling. ZoneAlarm's is better a leak protection, meaning it has FW and process conrol- say you are the lucky recipiant of the newest virus, and there is no virus definition yet because it's only been circulating for a few hours- the av compines havent even recived work of it. You'd be helpless with out process control, ZA will ask you "would you like "new-vir.exe" to access the internet?" you would look it up on the internet, and not find anything on it perhaps.... that mean DENY, even when you do find it on the internet, read  more than 1 source on it's usage or purpose, then deny or permit based on your finding. ZA is even better than AV in those respects, the free one will do this, but the pay for versions are more configurable.

Also, to install (most) programs, you must have an admin priv, like being in the admin group, running as admin, or using runas and typing in a username and password in the admin group. Again, the 2 admin's I don't know what to say to that... never seen it.
-rich
0
 

Author Comment

by:KC_78
ID: 10697168
Thanks Rich for your patience with me.  I apologize if I came across as stubborn.  I finally figured out what was going on.  I'm actually in the middle of reinstalling WIN XP Pro to try and reproduce the results.

I guess is that this situation is made transparent by M$ to the general public.  M$ I think wants its users to use the XP interface and not really the classic interface, because with the classic interface, I think you can actually see more information, that's why I was confused.

What's happening is that when you do a fresh install of Win XP, you're doing it in the Administrator mode, you have to.  Then you do the essentials like drivers.  When you go create a user next, it wants you to have an account that is both in the administrator account and in the user account.  Bear in mind, this is creating a user using the XP interface, not the "control userpasswords2" way.  So, in the XP interface, a box shows up for you to name the account.  And in the XP interface, there are only 2 choices when you create an account, Administrator and Limited.  I think that's where I was confusing you guys because the limited account is grayed out, with a message saying "that at least one account must be in the administrator group".

So, from what I gather, when you turn on your computer with the XP welcome screen, M$ wants the average user to see that little boxy picture thingy with the newly created account and not the original Administrator account.  So right after I created the user "John Doe", I went to control userpasswords2, and sure enough, John Doe belonged in both the Administrators and Users group.  Something M$ came up with automatically if you create an account using the XP interface.  And I think this is probably for reasons, say the new administrator account, called "IS ADMIN" gets full permission to that computer and other people in a company or whatever, at home (the kids) get their own little nice picture and account.

So, FYI to everyone who I confused, there is no 2 administrator accounts.  M$ wants you to have at least 2 users in the "Administrators Account GROUP", so that the ORIGINAL Administrator ACCOUNT can be hidden.

So with that said..... foot in the mouth, or in this case no brain filter...... I will close the case.  I think I will create another account (Power users group) to function since I'm the only one using the computer and to install apps I'll use the account in the Administrator group.

Thanks for all your help.............KC
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now