Q&A It's 2020: Do you use an Admin account or Standard User Account?

Do you use and Admin Account or a Standard User Account

  • Admin Account

    Votes: 57 76.0%

  • Standard User Account (SUA)

    Votes: 19 25.3%
  • Total voters
    75
silversurfer

silversurfer

Level 70
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,969
CyberTech said:
this is from Windows Central thats what author said :unsure:
Click to expand...
He wrote the following in quotes below:
In comparison, the Standard User account type is more restrictive. Users with the standard account can work with apps, but they can't install new applications. They can change settings, but only those that won't affect other accounts, which means that global system configurations aren't allowed. If an app or a command requires elevation, they'll need administrative credentials to complete the task.
Click to expand...
www.windowscentral.com

Have to change user account type? Here's how on Windows 10.

In this guide, we'll show you the different methods to change a user account type to give a friend or family member more (or less) control over what they can do on a Windows 10 computer.
www.windowscentral.com www.windowscentral.com
 
  • Like
  • +Reputation
Reactions: DDE_Server, bribon77, show-Zi and 8 others
Chri.Mi

Chri.Mi

Level 7
Apr 30, 2020
337
Digmor Crusher said:
I am knowledgeable in many things, windows accounts is not one of them as it was never something I needed to research. I thought admin account was the preferable option?
Click to expand...
For what i know/understand SUA will give more benefit cause restriction vs many malwares. My point of view is in safe habits u can use admin account (for example many leftovers in appdata and used data cannot be explored). Take in consideration a threat in admin account will certain make more damage then in SUA, but the point is avoid the threat. I would suggest to use something like Kaspersky KSN or Norton reputation thing, if a program is used by 10k ppl i doubt is a malware. The real problem are vs documents (pdf, etc), there a sandbox is a mandatory.
 
Last edited:
  • Like
Reactions: show-Zi, Stopspying, Protomartyr and 2 others
Andy Ful

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,722
Some clarifications about SUA.
  1. One can install applications when logged on SUA (without Admin password), if they do not require Admin rights.
  2. Some web browsers can be installed on SUA even if they initially ask for Admin rights. If the user chooses NO, then the browser can continue installation in %UserProfile% without Admin rights.
  3. The SUA is much safer when we talk about exploiting the programs or Windows features. This follows from the fact that processes running with Admin rights must do it on another account (a particular Admin account) and cannot run on SUA.
  4. One can install applications that require Admin rights when logged on SUA, but after writing the Admin password in UAC prompt, the installation is redirected to the Admin account. This can cause some issues because the application custom settings, made by the user during installation, will be written in the Admin user profile and not in the SUA user profile. After launching the application from SUA, the application cannot access these settings and the application has to be configured again.
  5. When the malware is running on Admin account with standard rigths, this is also the same account for many processes with Admin rights. Sharing the same account by the processes with different privileges is like sharing the same room with people who can be invected by COVID-19.
  6. If the malware is running on SUA (necessarily with standard rights), then there is no processes with Admin rights on SUA. High privileged processes are running on other account(s) (Admin type). This is similar to the situation when the infected patient is isolated in a single room from others.
  7. That is why there are many UAC bypasses on Admin account, but not on SUA.
 
Last edited:
  • +Reputation
  • Like
  • Thanks
Reactions: DDE_Server, show-Zi, mkoundo and 15 others
F

Freki123

Level 8
Verified
Aug 10, 2013
385
Andy Ful said:
If the malware is running on SUA (necessarily with standard rights), then there is no processes with Admin rights on SUA. High privileged processes are running on other account(s) (Admin type). This is similar to the situation when the infected patient is isolated in a single room from others.
Click to expand...
So if I use admin credentials while on Sua all is lost then?
 
  • Like
Reactions: DDE_Server, Correlate, show-Zi and 4 others
Andy Ful

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,722
Freki123 said:
So if I use admin credentials while on Sua all is lost then?
Click to expand...
When the malware is already running on SUA with standard rights and you are going to run something with Admin rights when logged on SUA, then the malware can use it to elevate (sneak to Admin account). The secure way is to log in as Admin (without log off SUA) via <Start Menu> button and run the program directly from the Admin account.
 
  • Like
  • Thanks
Reactions: Correlate, bribon77, show-Zi and 10 others
SecurityNightmares

SecurityNightmares

Level 35
Verified
Jan 9, 2020
2,460
I use default Windows Admin account (which is standard user because of UAC token) but with UAC to maximum instead of weak default level.
With that, SRP and other stuff like own behaviour it's secure and provide better comfort.

also Ransomware e.g. doesn't care if user is SUA or not. Malware need to be blocked at start
 
  • Like
Reactions: Correlate, bribon77, show-Zi and 9 others
F

Freki123

Level 8
Verified
Aug 10, 2013
385
Andy Ful said:
When the malware is already running on SUA with standard rights and you are going to run something with Admin rights when logged on SUA, then the malware can use it to elevate (sneak to Admin account).
Click to expand...
I feared it would be that way but wanted to be sure.

Andy Ful said:
The secure way is to log in as Admin (without log off SUA) via <Start Menu> button and run the program directly from the Admin account.
Click to expand...
Thanks alot I didn't know that.
Thank you all for your kind answers :)
 
  • Like
Reactions: Correlate, bribon77, show-Zi and 7 others
blackice

blackice

Level 31
Verified
Apr 1, 2019
2,061
security123 said:
I use default Windows Admin account (which is standard user because of UAC token) but with UAC to maximum instead of weak default level.
With that, SRP and other stuff like own behaviour it's secure and provide better comfort.

also Ransomware e.g. doesn't care if user is SUA or not. Malware need to be blocked at start
Click to expand...
I think most users here who understand safe habits and what is risky could run admin with no problems. Like you said the worst threats don’t care. With good SRP you should not have any problems.
 
  • Like
Reactions: Correlate, show-Zi, Stopspying and 6 others
Stopspying

Stopspying

Level 11
Verified
Jan 21, 2018
504
I use both Admin and SUA, for similar reasons to many here. Installation of new software and other tasks are not always possible while using a SUA, even when I can use the Admin password to elevate privileges I still find it easier to do these tasks using an Admin account. I try to keep good practice and revert back to SUA when I no longer require higher privileges, but so often find I'm still signed into an Admin account ages afterwards, a bad practice, but I don't lurk in the less salubrious parts of the internet.
 
  • Like
Reactions: Correlate, show-Zi, plat1098 and 4 others
show-Zi

show-Zi

Level 28
Verified
Jan 28, 2018
1,733
I think the benefits of SUA are a choice that Microsoft should appeal to a little more strongly. This is because users from the days when the administrator account was the default choice tend to perceive the SUA as special or inferior.
 When not actively seeking out threats, the combination of SUA and WD is both safe and stable. The advantage of SUA, in my opinion, is impact mitigation in the event of a fall. The administrator account is bare. If you fall, you will definitely be injured. No one falls over intentionally. He falls when he doesn't notice the pebbles.

 ...I understand the benefits of such, but I'm using an admin account. This is because there is not enough space on the system disk to keep two accounts together.🤐
 
  • Like
  • Wow
  • Sad
Reactions: DDE_Server, Correlate, Gandalf_The_Grey and 5 others

Similar threads

P
  • Question
Q&A BitWarden: Pros, Cons, & General Questions
Replies
12
Views
1,653
Add-ons & Extensions
Tiamati
Tiamati
MalwareTips Bot
Everything new from Microsoft Edge at Build 2020
Replies
1
Views
851
Microsoft Edge
SecurityNightmares
SecurityNightmares
fdsearchandrescue
  • Locked
malware problem out of control Its fast 10G of new data less then an hr
Replies
1
Views
1,056
Windows Malware Removal Help & Support
Spawn
S
Top