There is always a balance between security and convenience. There are also times when there are too many controls that lead to too much inconvenience. In short, the balance for the need of controls should match the situation and the environment – not too little and not too much. This article looks at the benefits of not using an administrative account for regular daily computing.1616
I usually run my own computer with two user accounts. One standard account for daily usage and one administrative account for software installations and system configuration changes. The advantage of running on a password-protected limited account are the pop-ups that occur when additional privileges are needed to perform a certain task on the computer. Because a password is required, it tends to make one think a bit more to the potential consequences when providing the administrative override. Should the administrative account not have a password, the “Yes/No” prompts are just too easy to click through without reading.
(Photo from CCMEXEC.COM)
Because of the lack of administrative permissions, the likelihood of performing system wide damage is reduced as the most damage malicious code would be able to do without permission is damage only to an individual user’s profile. This makes the cleanup process for simpler with the ability simply to re-create the user account and copy back one’s important data rather than having to wipe out the entire operating system and reinstall all the programs. This can take hours to do should one not be restoring from a system image backup. The use of a limited account is also an enterprise best practice.
Ready to create and start using a limited account? Here are some guides to show you how!