Over the years, the most common security threats have changed from viruses to worms and, most recently, to spyware and Trojan horses. To help protect users from these types of malicious software, Microsoft recommends using accounts with limited privileges (known as standard user accounts in Windows Vista or Limited user accounts in Windows XP). Standard user accounts help prevent malware from making system-wide changes, such as installing software that affects multiple users—if a user lacks permission to install a new application to a shared location, such as %SystemRoot%\Program Files, any malware the user accidentally runs is also prevented from making those changes. In other words, malware run in the context of the user account has the same security restrictions as the user.
Although standard user accounts do improve security, using standard user accounts with Windows XP and earlier versions of Windows results in two major problems:
■ Users cannot install software, change the system time or time zone, install printers, change power settings, add a WEP key for wireless settings, or perform other common tasks that require elevated privileges .
■ Many poorly written applications require administrative privileges and do not run correctly with limited privileges.
Although logging on to your computer as a standard user offers better protection from malware, working with this type of account has been so difficult in the past that many organizations choose to give users administrative privileges on their computers . User Account Control (UAC) is a set of features first introduced in Windows Vista that offers the benefits of standard user accounts without the unnecessary limitations. First, all users (including administrators) run with limited privileges by default . Second, Windows Vista allows standard user accounts to change the time zone (but not the time) and perform other common tasks without providing administrative credentials, which enables organizations to configure more users with Standard accounts . Third, UAC enables most applications—even those that require administrative privileges on Windows XP—to run correctly in standard user accounts .
Was this article helpful?