Do you use and Admin Account or a Standard User Account

  • Admin Account

    Votes: 56 75.7%
  • Standard User Account (SUA)

    Votes: 19 25.7%
  • Total voters
    74

silversurfer

Level 64
Verified
Trusted
Content Creator
Malware Hunter
this is from Windows Central thats what author said :unsure:
He wrote the following in quotes below:
In comparison, the Standard User account type is more restrictive. Users with the standard account can work with apps, but they can't install new applications. They can change settings, but only those that won't affect other accounts, which means that global system configurations aren't allowed. If an app or a command requires elevation, they'll need administrative credentials to complete the task.
 

Chri.Mi

Level 7
I am knowledgeable in many things, windows accounts is not one of them as it was never something I needed to research. I thought admin account was the preferable option?
For what i know/understand SUA will give more benefit cause restriction vs many malwares. My point of view is in safe habits u can use admin account (for example many leftovers in appdata and used data cannot be explored). Take in consideration a threat in admin account will certain make more damage then in SUA, but the point is avoid the threat. I would suggest to use something like Kaspersky KSN or Norton reputation thing, if a program is used by 10k ppl i doubt is a malware. The real problem are vs documents (pdf, etc), there a sandbox is a mandatory.
 
Last edited:

Andy Ful

Level 63
Verified
Trusted
Content Creator
Some clarifications about SUA.
  1. One can install applications when logged on SUA (without Admin password), if they do not require Admin rights.
  2. Some web browsers can be installed on SUA even if they initially ask for Admin rights. If the user chooses NO, then the browser can continue installation in %UserProfile% without Admin rights.
  3. The SUA is much safer when we talk about exploiting the programs or Windows features. This follows from the fact that processes running with Admin rights must do it on another account (a particular Admin account) and cannot run on SUA.
  4. One can install applications that require Admin rights when logged on SUA, but after writing the Admin password in UAC prompt, the installation is redirected to the Admin account. This can cause some issues because the application custom settings, made by the user during installation, will be written in the Admin user profile and not in the SUA user profile. After launching the application from SUA, the application cannot access these settings and the application has to be configured again.
  5. When the malware is running on Admin account with standard rigths, this is also the same account for many processes with Admin rights. Sharing the same account by the processes with different privileges is like sharing the same room with people who can be invected by COVID-19.
  6. If the malware is running on SUA (necessarily with standard rights), then there is no processes with Admin rights on SUA. High privileged processes are running on other account(s) (Admin type). This is similar to the situation when the infected patient is isolated in a single room from others.
  7. That is why there are many UAC bypasses on Admin account, but not on SUA.
 
Last edited:

Andy Ful

Level 63
Verified
Trusted
Content Creator
So if I use admin credentials while on Sua all is lost then?
When the malware is already running on SUA with standard rights and you are going to run something with Admin rights when logged on SUA, then the malware can use it to elevate (sneak to Admin account). The secure way is to log in as Admin (without log off SUA) via <Start Menu> button and run the program directly from the Admin account.
 

security123

Level 25
Verified
I use default Windows Admin account (which is standard user because of UAC token) but with UAC to maximum instead of weak default level.
With that, SRP and other stuff like own behaviour it's secure and provide better comfort.

also Ransomware e.g. doesn't care if user is SUA or not. Malware need to be blocked at start
 

Freki123

Level 8
Verified
When the malware is already running on SUA with standard rights and you are going to run something with Admin rights when logged on SUA, then the malware can use it to elevate (sneak to Admin account).
I feared it would be that way but wanted to be sure.

The secure way is to log in as Admin (without log off SUA) via <Start Menu> button and run the program directly from the Admin account.
Thanks alot I didn't know that.
Thank you all for your kind answers :)
 

blackice

Level 27
Verified
I use default Windows Admin account (which is standard user because of UAC token) but with UAC to maximum instead of weak default level.
With that, SRP and other stuff like own behaviour it's secure and provide better comfort.

also Ransomware e.g. doesn't care if user is SUA or not. Malware need to be blocked at start
I think most users here who understand safe habits and what is risky could run admin with no problems. Like you said the worst threats don’t care. With good SRP you should not have any problems.
 

Stopspying

Level 10
I use both Admin and SUA, for similar reasons to many here. Installation of new software and other tasks are not always possible while using a SUA, even when I can use the Admin password to elevate privileges I still find it easier to do these tasks using an Admin account. I try to keep good practice and revert back to SUA when I no longer require higher privileges, but so often find I'm still signed into an Admin account ages afterwards, a bad practice, but I don't lurk in the less salubrious parts of the internet.
 

show-Zi

Level 26
Verified
I think the benefits of SUA are a choice that Microsoft should appeal to a little more strongly. This is because users from the days when the administrator account was the default choice tend to perceive the SUA as special or inferior.
 When not actively seeking out threats, the combination of SUA and WD is both safe and stable. The advantage of SUA, in my opinion, is impact mitigation in the event of a fall. The administrator account is bare. If you fall, you will definitely be injured. No one falls over intentionally. He falls when he doesn't notice the pebbles.

 ...I understand the benefits of such, but I'm using an admin account. This is because there is not enough space on the system disk to keep two accounts together.🤐
 
Top