Proper setup of admin & standard user account

Protomartyr

Level 7
Thread author
Sep 23, 2019
314
I'm about to wipe and clean install Windows 10 Home on a desktop that will be shared. I am planning on having an admin account used solely for installation/setup and having standard user accounts for daily usage.

What is the proper way to go about setting this up properly? What settings will be shared among the accounts and what settings per account basis?

Any and all tips/suggestions are greatly appreciated!
 
F

ForgottenSeer 823865

There is nothing really special to do on the admin account, however:
1- I would recommend to use a local account (not a Microsoft one).
2- You may want tighten security a bit by using few registry tweaks.
- deny elevation of unsigned apps. This would prevent execution of let say 80% of ordinary malware.
- force admin to enter credentials for UAC prompts. This supposedly make the job harder for auto-elevation of malware.
3- don't use your browser on admin account, download apps (and check they are clean) on SUA then logout and install them on Admin Account.

On the other other hand, on the SUA account, setting UAC at max is an obligation.

Note than SUA was originally designed for privacy between users on shared computers (SUA is just admin account stripped of most privileges), not security unlike Linux which use real separated users accounts.

Also some tools like cleaners or process monitors are more effective on Admin Account than SUA (if not elevated), since they will get more privileges but they still work well on SUA (but you can still run them as admin anyway even on SUA).
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,012
After you've installed Windows, from Admin account go to Settings > Accounts > Family and others (I think) and you create a new local or standard user account. Follow the prompts to finish. I just tweak privacy and other settings, especially my taskbar, etc. in admin account. Then I set up browsers, OS settings, etc. on local account.

Important note: I think when setting up a new PC or upon clean install, M$ will try to force you to (or now does force you!) to use an M$ account, at least this is what I found when I set up this new laptop. They really keep the settings hidden, and even not-so-old tech site posts on setting up without M$ account are now out of date. You will find your way around those darn M$ setttings, Luke Skywalker! :D

@Umbra is correct, except one thing I think you can do only from admin account ---> changing Windows Firewall profiles, e.g from Private > Public.
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,011
Important note: I think when setting up a new PC or upon clean install, M$ will try to force you to (or now does force you!) to use an M$ account, at least this is what I found when I set up this new laptop.
You can still use a local account if you are not connected to the internet, or if you enter a valid account name (I usually just try a few random names until I find one that works) and enter the wrong password a few times. In either case, you are given the option to use a local account.
 
F

ForgottenSeer 823865

Important note: I think when setting up a new PC or upon clean install, M$ will try to force you to (or now does force you!) to use an M$ account, at least this is what I found when I set up this new laptop. They really keep the settings hidden, and even not-so-old tech site posts on setting up without M$ account are now out of date. You will find your way around those darn M$ setttings, Luke Skywalker! :D
or do the "forced" MS account > create a 2nd admin LOCAL account > delete original MS admin account > create SUA. :p

@Umbra is correct, except one thing I think you can do only from admin account ---> changing Windows Firewall profiles, e.g from Private > Public.
Indeed. Anything related to Windows Firewall's Advanced Settings are only via Admin Account (for obvious reasons).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Use a Microsoft account if you want your settings etc to be backed up the cloud and also applied to other computers on which you make an account under the same name. It can be convenient and useful. If you are a privacy paranoid, don't do it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top