The nuts and bolts of operating as a less privileged computer user
May 27, 2017
Anybody who has read my computer forum posts and blog articles over the years knows that I am a proponent of using less privileged computer user accounts for daily use, rather than an Administrator account. While you may have a few extra hoops to jump through, they aren't that complicated. And, you will greatly reduce your likelihood of having your computer compromised by well over 90% of the malware in circulation today (see footnotes).
Why you should not operate a Windows PC from an Administrator account for your daily browsing and email.
Most computer malware targets Windows operating systems and usually depends on installing malicious files and "backdoors" into operating system folders, and/or modifying legitimate system files to do illegal things (like sending spam, participating in distributed denial of service attacks, hosting credential phishing web pages or pages promoting useless herbs and dangerous counterfeit drugs, installing keyloggers that steal your login credentials, downloading fake security and extortion programs, theft of confidential documents, etc). Only administrator accounts have permission to install such files into system folders, or modify system files and settings. Once in the system folders, the cybercriminals behind the malware may have total control over that computer. This is referred to by hackers and Botmasters as being "Pwned."
Some malware attacks target your web browsers and their components and plug-ins (like Flash Player, Java, PDF readers and other media players). Many Ransomware attacks come via hostile email attachments or poisoned links to compromised websites. Still other attacks are Internet "Worms" that scan computers connected to the Internet looking to exploit new and old vulnerabilities in various Windows operating systems, or Microsoft Office programs. If an exploit attack isn't blocked by up-to-date anti-malware protection, and it detects that the account in use has administrator privileges, the exploit script will continue until it is fully entrenched, often without any user interaction until it's too late.
However, if the same attacks as above (written to infiltrate system files and folders) are launched against a computer that is running as a less privileged account, the malware installation will likely fail and exit. Or sensing that it requires higher privileges, it may open UAC boxes asking for your administrator password and permission to install it. Unless you are tricked into allowing this to happen, refusing to grant this permission will halt the malware, or severely limit its impact. Your own user account could still be compromised, but not other password protected user accounts or operating system files (which also includes "Program Files").
The rest of this article deals with the steps to take to change your Administrator user account into a less privileged Standard User account on a Windows 10 computer.
Operating a Windows computer as a Standard User is safer than as an Administrator. This is even true if you get caught by certain types of Ransomware that try to delete "Volume Shadow Copies" of your files, which you could otherwise restore. Deleting them and disabling the VSS requires Administrator privileges, which Standard Users lack. So, if you've been operating as your computer's Administrator, let's look at a process you could follow to operate a Windows 10 PC as a less privileged Standard User.
Let us suppose that you have a Windows 10 computer and are currently have the only user account, which by definition has administrator privileges. If you have been operating this way for a sizeable amount of time, you have probably created and downloaded a lot of files. Sure, you could create a brand new Standard User account for better online safety, but converting your existing account is simpler. Here is how you can demote your existing administrator account into a less privileged user account.
My preferred method to open Control Panel is to use the keyboard combination of the Windows key + X (or just right-click on the Start button), let go when the dark gray start menu appears, then press the P key. You can also open Control Panel by using the Windows + R key and typing control panel into the "Run" input box then pressing the Enter key. When Control Panel opens click on User Accounts. Proceed as follows.
- Click on the large link labeled: User Accounts
- Click on Manage another account
- Accept the UAC challenge
- Click on Add a user account
- A blue box opens asking you to type in the following.
- User name
- Password
- Reenter password
- Password hint
- Make sure the password is strong and not easily guessable. You can use symbols, capital letters, lowercase letters and spaces. But, choose one that you will remember when you have to type it into UAC challenges from your Standard user account.
- Click on the Finish button.
- The new account name will now appear in the "Manage Accounts" page.
- Click on the new user account to open it for editing.
- Click on Change the account type.
- Under Choose a new account type, select: Administrator.
- Click on the Change account type button to set the correct group membership.
- Press Ctrl + Alt + Delete and click on Switch Users.
- Click on the new Admin user name, type in the new password and log into that account. This is a very important step that sets up the documents folder structure and file permissions for the new user account.
Now it's time to demote your old account from Administrator to Standard User.
When you have setup the replacement Administrator account, log out of it. At the Welcome Screen, click anywhere to display the installed user names. Click on your old name and log back into it. If you previously used Switch Users to setup the new account, your old Desktop and open windows will still be running. It should still have Control Panel open to the User Accounts applet. Otherwise, repeat the process used before to open Control Panel > User Accounts > Manage Accounts and click on your old account name to Make changes to your account.
- Under the old account's management page, click on Change your account type.
- Select your new account type opens.
- Change the selection dot from Administrator to Standard user.
- Click on the Change account type button.
- If you already have a password that you trust, keep it. Otherwise, use the link to Change your password, or Create a new password, as outlined earlier.
- Log out of your account, then log in (aka: Sign in) again and you will have reduced user privileges along with the protection this offers.
You will see a lot more UAC approval boxes under a Standard User account. If you initiated the process, simply type in the user name and password for the new Administrator account and click the Yes button. If you find that a particular program cannot fully install, uninstall, or update from the Standard account, close the program if it was open, then use Switch Users, or log out, then log into the Administrator account. Complete the installation, or deinstallation, or driver update, then log out and log back into the Standard User account.
Because of the way software is written, some programs, most drivers and most if not all Windows updates require you to reboot (restart) your computer. This flushes out old files that were in use in the computer's RAM memory and replaces them with the updated files. In the case of uninstalls, rebooting finishes off the deleting of unneeded files folders and removes old entries from the Windows Registry (reducing clutter and possible program or file conflicts).
That's about all there is to it. You will learn to cope with the UAC challenges and enjoy stronger computer security. But, don't become smug. You could still be tricked into allowing something malicious to be installed by means of social engineering. Don't become the weak link between the chair and the keyboard!
Footnotes
Here are links to articles that demonstrate that people who choose to operate a Windows computer with less than administrator privileges have over a 90% reduction in exploitability.
- 94% of critical Microsoft vulnerabilities mitigated by removing admin rights
- 94% of Microsoft vulnerabilities can be easily mitigated
- 90% of critical Windows vulnerabilities mitigated by eliminating administrator rights
- 90 percent of Windows 7 flaws fixed by removing admin rights
- One change that instantly makes your computer smarter
- Most Malware Stopped by Limited User Accounts - Tom's Guide
- Microsoft technical page describing the reasons for and usage of UAC (User Account Control) prompts.