Do you use an Admin account or Standard User Account?

Do you use and Admin Account or a Standard User Account

  • Admin Account

    Votes: 88 73.3%
  • Standard User Account (SUA)

    Votes: 33 27.5%

  • Total voters
    120

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
this is from Windows Central thats what author said :unsure:
He wrote the following in quotes below:
In comparison, the Standard User account type is more restrictive. Users with the standard account can work with apps, but they can't install new applications. They can change settings, but only those that won't affect other accounts, which means that global system configurations aren't allowed. If an app or a command requires elevation, they'll need administrative credentials to complete the task.
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
I am knowledgeable in many things, windows accounts is not one of them as it was never something I needed to research. I thought admin account was the preferable option?
For what i know/understand SUA will give more benefit cause restriction vs many malwares. My point of view is in safe habits u can use admin account (for example many leftovers in appdata and used data cannot be explored). Take in consideration a threat in admin account will certain make more damage then in SUA, but the point is avoid the threat. I would suggest to use something like Kaspersky KSN or Norton reputation thing, if a program is used by 10k ppl i doubt is a malware. The real problem are vs documents (pdf, etc), there a sandbox is a mandatory.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Some clarifications about SUA.
  1. One can install applications when logged on SUA (without Admin password), if they do not require Admin rights.
  2. Some web browsers can be installed on SUA even if they initially ask for Admin rights. If the user chooses NO, then the browser can continue installation in %UserProfile% without Admin rights.
  3. The SUA is much safer when we talk about exploiting the programs or Windows features. This follows from the fact that processes running with Admin rights must do it on another account (a particular Admin account) and cannot run on SUA.
  4. One can install applications that require Admin rights when logged on SUA, but after writing the Admin password in UAC prompt, the installation is redirected to the Admin account. This can cause some issues because the application custom settings, made by the user during installation, will be written in the Admin user profile and not in the SUA user profile. After launching the application from SUA, the application cannot access these settings and the application has to be configured again.
  5. When the malware is running on Admin account with standard rigths, this is also the same account for many processes with Admin rights. Sharing the same account by the processes with different privileges is like sharing the same room with people who can be invected by COVID-19.
  6. If the malware is running on SUA (necessarily with standard rights), then there is no processes with Admin rights on SUA. High privileged processes are running on other account(s) (Admin type). This is similar to the situation when the infected patient is isolated in a single room from others.
  7. That is why there are many UAC bypasses on Admin account, but not on SUA.
 
Last edited:

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
If the malware is running on SUA (necessarily with standard rights), then there is no processes with Admin rights on SUA. High privileged processes are running on other account(s) (Admin type). This is similar to the situation when the infected patient is isolated in a single room from others.
So if I use admin credentials while on Sua all is lost then?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
So if I use admin credentials while on Sua all is lost then?
When the malware is already running on SUA with standard rights and you are going to run something with Admin rights when logged on SUA, then the malware can use it to elevate (sneak to Admin account). The secure way is to log in as Admin (without log off SUA) via <Start Menu> button and run the program directly from the Admin account.
 
F

ForgottenSeer 85179

I use default Windows Admin account (which is standard user because of UAC token) but with UAC to maximum instead of weak default level.
With that, SRP and other stuff like own behaviour it's secure and provide better comfort.

also Ransomware e.g. doesn't care if user is SUA or not. Malware need to be blocked at start
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
When the malware is already running on SUA with standard rights and you are going to run something with Admin rights when logged on SUA, then the malware can use it to elevate (sneak to Admin account).
I feared it would be that way but wanted to be sure.

The secure way is to log in as Admin (without log off SUA) via <Start Menu> button and run the program directly from the Admin account.
Thanks alot I didn't know that.
Thank you all for your kind answers :)
 

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
I use default Windows Admin account (which is standard user because of UAC token) but with UAC to maximum instead of weak default level.
With that, SRP and other stuff like own behaviour it's secure and provide better comfort.

also Ransomware e.g. doesn't care if user is SUA or not. Malware need to be blocked at start
I think most users here who understand safe habits and what is risky could run admin with no problems. Like you said the worst threats don’t care. With good SRP you should not have any problems.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
I think most users here who understand safe habits and what is risky could run admin with no problems. Like you said the worst threats don’t care. With good SRP you should not have any problems.
With the above conditions, the chances to be infected are very very small.:)
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
compromised websites/software, network-based file-less attacks, sandbox escapes, etc.
email - phishing attacks etc etc

I use both Admin and SUA, for similar reasons to many here. Installation of new software and other tasks are not always possible while using a SUA, even when I can use the Admin password to elevate privileges I still find it easier to do these tasks using an Admin account. I try to keep good practice and revert back to SUA when I no longer require higher privileges, but so often find I'm still signed into an Admin account ages afterwards, a bad practice, but I don't lurk in the less salubrious parts of the internet.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,464
I think the benefits of SUA are a choice that Microsoft should appeal to a little more strongly. This is because users from the days when the administrator account was the default choice tend to perceive the SUA as special or inferior.
 When not actively seeking out threats, the combination of SUA and WD is both safe and stable. The advantage of SUA, in my opinion, is impact mitigation in the event of a fall. The administrator account is bare. If you fall, you will definitely be injured. No one falls over intentionally. He falls when he doesn't notice the pebbles.

 ...I understand the benefits of such, but I'm using an admin account. This is because there is not enough space on the system disk to keep two accounts together.🤐
 

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
I think the benefits of SUA are a choice that Microsoft should appeal to a little more strongly. This is because users from the days when the administrator account was the default choice tend to perceive the SUA as special or inferior.
 When not actively seeking out threats, the combination of SUA and WD is both safe and stable. The advantage of SUA, in my opinion, is impact mitigation in the event of a fall. The administrator account is bare. If you fall, you will definitely be injured. No one falls over intentionally. He falls when he doesn't notice the pebbles.

 ...I understand the benefits of such, but I'm using an admin account. This is because there is not enough space on the system disk to keep two accounts together.🤐
You must keep a tidy small system disk.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top