Advice Request Please tell me the proper way to do a clean install of WiN 11

[annaegorov]

I have done this two different ways. I am not sure if either way is right. Please assist. All recommendations welcome.

1). I complete the clean install of Win 11 Pro.
Then install all my personal software.
Then make my "Local / Standard Account"
Log out of the Admin Account, and only open it again to install, any and all software or updates.

*Problem with #1 is that some icons on desktop and taskbar don't show up, on the standard account

2). I complete the clean install of Win 11 Pro
Then I make my "Local / Standard Account"
Log out of the Admin Account and never use it again.
Then I install all my personal software using the standard account.

** Problem with #2 is some software doesn't seem to work correctly on the standard account.

Is there a third way or is number 1 or number 2 the correct way.

Thank You in advance.

 

[KnownStormChaser]

I don't bother making a standard account, I always use the default admin one you make when first setting up windows.

 

[annaegorov]

I am the ONLY user of this PC....

Can I just use the original account (admin account, made by windows when doing the clean install); all the time, since I'm the only user, to avoid all these problems stated in #1 and #2

 

[annaegorov]

I don't bother making a standard account, I always use the default admin one you make when first setting up windows.

You only use the admin account and nothing else? Because you are the only one using your PC?

 

[TairikuOkami]

*Problem with #1 is that some icons on desktop and taskbar don't show up, on the standard account

Most likely installed in Public or Admin account desktop. Just copy/paste shortcuts from the desktop to your local account.

Taskbar shortcuts can be backed up from your current setup backing up icons from this folder

%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

and this registry folder:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

After you install software and login, copy/paste icons to that location and apply reg backup, not sure how that works on standard account though.

** Problem with #2 is some software doesn't seem to work correctly on the standard account.

Problem is that many apps and games require admin rights, though MS threaten to break it since Vista. Thus far only store apps work correctly without admin rights. Maybe in Windows 12.

 

[Vitali Ortzi]

Most likely installed in Public or Admin account desktop. Just copy/paste shortcuts from the desktop to your local account.

Taskbar shortcuts can be backed up from your current setup backing up icons from this folder

%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

and this registry folder:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

After you install software and login, copy/paste icons to that location and apply reg backup, not sure how that works on standard account though.


Problem is that many apps and games require admin rights, though MS threaten to break it since Vista. Thus far only store apps work correctly without admin rights. Maybe in Windows 12.

yes it's planned

 

[TairikuOkami]

yes it's planned

Just like Vista was supposed to be x64 only, but it took MS 15+ years to finally do it in 11.

 

[Vitali Ortzi]

Just like Vista was supposed to be x64 only, but it took MS 15+ years to finally do it in 11.

Btw wasn't every version the last version of windows XD
But yeah they definitely planning all kinds of major changes so we are getting to win 12
Oh and although I really want everything in vbs enclaves including games I'm still concerned if they would allow me to be admin, trusted installer anymore

Would be interesting if you will have to jailbreak windows

 

[annaegorov]

OK so after the installation of windows and all my software, I turn the admin account that I have been using to do the clean install, into a standard user local account, and make a new admin account, which I'll only use to install software and updates? Or use the standard account with the Admin password?

 

[Harlequin]

I’ve always found the ‘standard account’ a real pain in the back. Granted it would make life difficult to malware, but also to you the main user. But given the fact (my own experience) that malware infections are very rare nowadays and that computers are not shared that much as in the past, it is not imperative to have it.

My suggestion is to use Admin. account with UAC at maximum (you want to be notified for any changes to the OS) have Windows Security active or a third party reliable AV, and (probably the most important step) to have a reliable imaging system to protect your computer

 

[Victor M]

Use a MS Account with 2FA (using MS Autheticator phone app) ALLWAYS. MS mandates a MS account as the first admin account for a reason. Got that tip from my red team.

And make a PIN. PIN's cannot be inserted remotely, you must be at your machine to key in a PIN. Passwords can be captured by a keylogger and used by an adversary.

 

[TuxTalk]

Why are people so paranoia, i bet the OP never encounted any Malware in the wild. Just install your Windows 11 machine, use a Pin and a good AV and you are set.
Home users are totally not interesting for the Malware Groups, unless you are the CEO of a multinational company or your bankaccount is more than a million Euro/Dollar.

 

[Victor M]

Home users are totally not interesting for the Malware Groups

I disagree. For one, malware is spread without knowing who will end up getting them. Depending on what sort of bait is being set to lure people to download the trojan malware, home users would be targeted. Eg. A mod for a popular game or a free photo editing tool. It all depends on what the bait is.

I wouldn't use the word paranoia to describe it. Everybody has to evaluate what is risky to them depending on what kind of activity they commonly do. Some like to experiment and try new sofrware. Some people are click happy. While others only use the computer for browsing or looking up stock prices of their mutual fund. Some others do offline activities more, watch sports on TV and do a lot of outdoor activity. So I wouldn't say that people who care about security are paranoid, because they may very well have reasons to be extra careful.

 

[Captain Awesome]

With common sense:Clean Install Windows 11 Pro + Windows Defender most of the time or
Happy Clickers:Windows 11 pro with Kaspersky Free/paid
Legend of Linux: Ditched Windows install Linux🫢

 

[annaegorov]

Thank You Everyone...

 

[TuxTalk]

I disagree. For one, malware is spread without knowing who will end up getting them. Depending on what sort of bait is being set to lure people to download the trojan malware, home users would be targeted. Eg. A mod for a popular game or a free photo editing tool. It all depends on what the bait is.

I wouldn't use the word paranoia to describe it. Everybody has to evaluate what is risky to them depending on what kind of activity they commonly do. Some like to experiment and try new sofrware. Some people are click happy. While others only use the computer for browsing or looking up stock prices of their mutual fund. Some others do offline activities more, watch sports on TV and do a lot of outdoor activity. So I wouldn't say that people who care about security are paranoid, because they may very well have reasons to be extra careful.

I disagree, when was the last time people encounter real malware in the real world ? Been in IT for more that 35 years, private i never had any malware or virus.
Offcourse company wise, yes. But thats not the discussion here.

 

[Oldie1950]

I have been using AV programs since the days when signature updates were still sent by mail on 3.5 inch floppy disks. None of the AV programs I have used during this time have ever reported an attack. I have also never noticed an infection. However, I also avoid doing anything with my computers that could provoke a malware infection.

 

[Victor M]

@TuxTalk

I have had malware infections, but that was during windows xp days; when peer to peer file sharing got started: kazaar, edonkey etc.

Yes I agree with you that it has been a long while since I had any malware infection. I am no longer the same me as when I was young when I liked to try out new software.

I suppose a lot of people have bad memories of those xp days and peer to peer file sharing, and the memories of those days drive us to buy anti-malware. But I also suppose a lot of younger people go thru that phase of trying out lots of new software, doing bittorrent. Or they learned about phishing the hard way. Then they get stung, and learn to be more security concious.

I guess lots of different people have lots of different life experiences that drive them to be security concious and adpot stringent security configuration practices. So I wouldn't label them as paranoid.

But it is also good to self assess your current activities and if your behavior is no longer as risky as before, then you don't necessarily need to spend money on a third party AV. But as to doing secure configurations, it is free, all you use is your own time, and I consider it insurance for the day when I make a careless security mistake and, lets say, fall for a phishing attempt. I am still human after all, and the weakest security link is between the computer and the chair.