Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Question: What are Administrative Priveleges?

Jul 23, 2007 3:21PM PDT

What are administrative privileges? How do they relate to security?

If I have a laptop with Vista which I use at home (and cafes and while travelling) for ocassional freelance work,job hunting (which I seem to do once a year)and for hobbies, do I set administrative priveleges? Or do I have them automatically?

If I'm supposed to have them, for what should I have them?

If I already have them, how would I know?

Does this relate to the fact that my laptop is password-protected and requires my password after booting up?

Are the answers the same for Vista as XP? We have both OSs in our household.

Thanks for answering newbie-ish questions!

Alex

Discussion is locked

- Collapse -
Administrative privileges...
Jul 23, 2007 11:30PM PDT

Administrative privileges allow you to install software, access another member's documents, add/remove users, change the time on the clock, disable a firewall, etc. Basically anything that affects users on the computer aside from yourself.

The general recommendation is to have two accounts, one administrative and the other 'standard' (previously known as 'limited user'). The 'standard' account should be used for day-to-day activities such as browsing the internet and typing documents because it's much harder to accidentally screw something up or for malware to be installed/take control of the computer. Then switch to the administrative account when you need to install software or another admin task.

Your first user account is, by default, administrative, but you can create additional accounts by going Control Panel->User Accounts. That will also show you a list of all users and if they are administrators or not.

As to the other two questions:
-> No, administrator status does not directly relate to the password, though the password can be changed/removed through User Accounts. A password is recommended, though, in case someone else tries to use your computer without permission.

-> Yes, it''s the same, with the exception of Vista calling it a 'standard' account while XP used the terminology 'limited user,' which some felt was too strong.

Hope this helps,
John

- Collapse -
Why the vulnerability on the Administrative account?
Jul 24, 2007 3:39AM PDT

Thanks, John, for another clear, concise answer that a non-IT person can comprehend.

This is basically what I thought Administrative privilege meant. I just did not want to assume anything.

Can you explain why being on the admin account (as opposed to the standard account)makes ones PC vulnerable to malware? I've heard this before but with no explanation. I presume it is because of the admin's ability to change settings and access certain areas. But how is the malware moore likely to be installed on an admin account?

Alex

- Collapse -
A Few Reasons Come To Mind..
Jul 24, 2007 3:59AM PDT

1.. "Limited" users are unable to install programs..

2. As you surmised, "Admin" users have the ability to change settings, change Windows system files, change registry entries, and install programs.

3.. Many users leave the default "Administrator" user with no password or a weak password.. As a result, many types of network aware viruses and malware look for the "Administrator" login and use it to access the computer.

Hope this helps.

Grif

- Collapse -
It goes unblocked...
Jul 24, 2007 4:03AM PDT

On an administrative user's account the malware could slip in and install itself in the background without the user being aware of it, whereas with a standard user's account it would be blocked and an alert displayed stating you don't have permission. Basically, nothing can 'slip through' if the door is always closed.

That's one thing UAC (User Account Control) was designed to help with, limiting the 'danger' or using an administrative account. However, it is actually more of an annoyance to most, leading them to disable it.

John

- Collapse -
Is the User Account Name related to the Path?
Jul 24, 2007 4:26AM PDT

We had some kind of malware come through my partner's Lenovo with XP SP two nights ago. AVG Spyware (Free Version) detected and took care of it. My partner has always used the admin account on her computer (which she uses as the sole proprietor of a non-tech consulting biz). I'm trying to convince her to create and sign on to another user account. She rarely installs/uninstalls programs or has need to temporarily disable the firewall. I'm going to set up another account on my HP.

Does setting up a new user account affect the path names of files? Her first name (which is the name of my partner's admin account) appears in her path.

- Collapse -
Yes...
Jul 24, 2007 4:34AM PDT

Each user account has a 'personal folder' associated with it which houses your documents, photos, videos, music, account preferences, application settings, cookies, temporary internet files, etc. By default it is C:\Users\the person's username. If she creates a new account it will start with the default settings, so she'll have to re-setup her preferences and copy over all of her personal files so she has access to them.

John

- Collapse -
New user account file access...
Jul 24, 2007 5:06AM PDT

John, What do you mean by "so she'll have to re-setup her preferences and copy over all of her personal files so she has access to them."

Where do you find the preferences for access to personal files (like Excel files, etc?)

This idea of logging on as a non administrator seems like a great idea. I just setup a new account. However, I can't access any of my files. I'm really looking for an easy way to be able to access all of them from my new user account.

Another question. When I setup my new user account using Vista, besides my present administrator account, I saw another account called

ASP.NET Machine Account that is password protected. Since I didn't setup this account, I don't know what the password is. I clicked on it and there was an option to remove the password. When I clicked on that option, I got the follow warning.

You are removing the passwored for ASP.NET Machine Account. If you do this, ASP.NET Machine Account will lose all EFS-encrypted files, personal certificates and stored passwords for the Web sites or network resources.

To avoid losing data in the future, ask ASP.NET Machine Account to make a password reset floppy disk.

With that warning I bailed out of messing with this account. What is it and should I be concerned that it appears when making a new user account? It does NOT appear on a normal bootup. The only accounts I see there are my present administrator account and the new account that I just made.

- Collapse -
Access...
Jul 24, 2007 11:38AM PDT

What you have to do is log into the administrative account, then copy-and-paste or cut-and-paste the files from their current location in the Documents, Pictures, Videos, etc folders and into the respective folders of the new user account. The location is C:\Users\new username here. This is because a regular user cannot access another user's files.

As to the ASP.NET account, it is created through the installation of the .NET Framework. It's hidden by default as it's used solely for select Microsoft software to operate efficiently in the background. It's nothing to worry about and is best left alone as some programs you have may fail if you remove it.

Hope this helps,
John

- Collapse -
And then do I delete files from the admin account?
Jul 24, 2007 12:12PM PDT

After I make sure that everything copied to the new user account do I go back and delete the old files? What is the best (i.e. most secure, won't push Vista to flip out, etc.) method?

- Collapse -
If you wish, yes...
Jul 24, 2007 12:18PM PDT

You must have at least one administrative account at all times, but you're free to delete the files once they've been successfully copied over. Right-click and delete or drag-and-drop to the recycle bin are fine options, followed by right-clicking the recycle bin and emptying it. Just be sure you can access the files on the new 'standard' account before deleting.

John

- Collapse -
Thanks again for Administrative Account Clarification
Jul 25, 2007 1:45AM PDT

John, I wasn't clear in my last post.

I meant to say that I would check that the files copied and then would check that I could access them but thanks for clarifying the point for anyone else reading this. Also, the point about always needing an Administrative account. I understood ths too but I can imagine that other home may not have understood this distinction and if they're not on networks may think they do not need an admin account.

- Collapse -
ASP.NET Machine Account - Remove Password
Apr 6, 2008 11:14AM PDT

Hi John,
By mistake, I remove the password of this user "ASP.NET Machine Account" (In Windows Vista Home Premium). Is there any way to fix it?
Thanks!


"As to the ASP.NET account, it is created through the installation of the .NET Framework. It's hidden by default as it's used solely for select Microsoft software to operate efficiently in the background. It's nothing to worry about and is best left alone as some programs you have may fail if you remove it."