shmu26
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Do you use a Standard User Account (SUA)?
- Thread starter shmu26
- Start date
I vote for A and B as it depends which account I log into, depending on what I am doing at the time.
I'm currently not using it. Maybe I will set up SUA soon. 
I recommend SUA for doing a daily basic that don't require administrator privileges.
I recommend SUA for doing a daily basic that don't require administrator privileges.
Last edited:
I use SUA 24x7 now. I do still allow UAC to prompt me for password/PIN to gain admin rights though.
I am currently not working on a SUA. Will be shortly though. Same for my immediate family.
SUA all the way here; I don't mind writing the password as many times as it takes when I'm doing something that requires administrator privileges.
I also set my Mom up with SUA on her laptop with a PIN to login
Family don't let other family compute with admin rights
Family don't let other family compute with admin rights
I run only with amin rights (privilleges) no SUA as I live alone and no one other has acess to my lap.
as I live alone and no one other has acess to my lap.
SUA for daily use and Guest account for kids playing PC. I almost never use admin account.
I run only with amin rights (privilleges) no SUA
You still should still use SUA even if you live alone!
I also set my Mom up with SUA on her laptop with a PIN to login
Family don't let other family compute with admin rights
I stopped preaching PC security to my family members every time I visit them and instead started enjoying occasional "told you so" moment accompanied with triumphal smirk.
For security reasons, it is good to use SUA as a daily work account.
About 80% malware run with the rights higher than standard user:
Malicious code and the Windows integrity mechanism - Securelist
Most Windows vulnerabilities can be mitigated by removing Administrator's rights from the PC's user:
Want to secure a Windows PC? Turn off Administrator rights
When using SUA (without a pain), some conditions should be fulfilled for daily work applications:
1. They should work as standard user (no UAC prompt when executing, saving config files, etc.).
2. They should autoupdate with higher rights via scheduled task.
3. Alternatively, they should work in AppContainer (Universal Applications from Windows Store).
SUA can work well for anyone, who does not:
See also (some of many threads):
User Account like a Castle
Poll - Administrator Account vs Standard/Limited User Account
Is using the Admin Account safe?
About 80% malware run with the rights higher than standard user:
Malicious code and the Windows integrity mechanism - Securelist
Most Windows vulnerabilities can be mitigated by removing Administrator's rights from the PC's user:
Want to secure a Windows PC? Turn off Administrator rights
When using SUA (without a pain), some conditions should be fulfilled for daily work applications:
1. They should work as standard user (no UAC prompt when executing, saving config files, etc.).
2. They should autoupdate with higher rights via scheduled task.
3. Alternatively, they should work in AppContainer (Universal Applications from Windows Store).
SUA can work well for anyone, who does not:
- install many programs,
- frequently run programs & tasks, that require Administrative Rights,
- need frequent access to 'Windows' or 'Program Files ...' folders.
See also (some of many threads):
User Account like a Castle
Poll - Administrator Account vs Standard/Limited User Account
Is using the Admin Account safe?
Using a SUA it's one of the best things i learned here in MT
Of course i am using a SUA
@Andy Ful very well said
Of course i am using a SUA
@Andy Ful very well said
I always use a standard user account. Is it just for me but does the poll appear twice back to back? EDIT Seems to have resolved itself for now..
Attachments
Last edited:
Imo if you need to write admin password while SUA then you are using it wrong. All admin related work should be done with an admin account when needed. More experienced members here can explain it better why that's the case.
Edit: I forgot to say, I am using SUA.
shmu26
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
The security concern is that by giving your admin password to the task you want to perform, you will be giving it also to any malware that is trying to run.
Shortly, on admin account processes ran normally (without elevation), share the same account as processes ran with elevation. So, it is very hard to isolate one from the other.
When working on SUA, processes ran with elevation are started from admin account, not from SUA. They do not share the same account as normal (standard-rights) processes ran without elevation. So, elevated and non-elevated processes are isolated much better.
Security: Inside Windows Vista User Account Control
Still, the isolation is not perfect. Some malware ran with standard-rights, can wait until the user is going to elevate a process, and then elevate without user permission. But, this is not common malware ability.
When working on SUA, processes ran with elevation are started from admin account, not from SUA. They do not share the same account as normal (standard-rights) processes ran without elevation. So, elevated and non-elevated processes are isolated much better.
Security: Inside Windows Vista User Account Control
Still, the isolation is not perfect. Some malware ran with standard-rights, can wait until the user is going to elevate a process, and then elevate without user permission. But, this is not common malware ability.
Last edited:
shmu26
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Things just work better in an admin account. There are settings that you can't control properly in SUA.
You may also like...
-
What Are the Advantages of Standard Account Over Administrator Account?- Started by lokamoka820
- Replies: 46
-
How many browsers do you use, and why do you use each one?
- Started by lokamoka820
- Replies: 26
-
-
Do you use default-deny approach in your system?- Started by RoboMan
- Replies: 24
-
