User accounts

[videobruce 0]

I have been running 2k for 7 months now logged in as a administrator. I have read in other forums that for security reasons AND for performance reasons you shouldn't do this. The administartor function runs additional processes that the regular or power users don't need.

 

I finally got around to trying this and when I logged in as a regular user or power user, I still have the same 21 processes running at startup as I did as a administator (in task manager)! Also, I tried some basic changes as: moving and deleting shortcuts on the desktop, changing folder view options from those stupid Windows 3rd grade cartoon icon defaults to details, single click instead of double click, but everything returned to the default state after a reboot!

 

Are the user permissions so strict you can't even do simple things like those??????????

 

I added the path from the administrator settings to the new user I created for the desktop shortcuts and start meun shortcuts, but the folder views for example never changed!

[clutch 1]

I haven't a clue why people insist there is a performance increase when you logon as a power user or using any other group. I create my own account, and then give myself admin rights to the system (but this is by default anyway since I am a domain admin in most cases). Now, if you use a profile long enough, you will accumulate a lot of files and other things, and the larger a profile gets the slower it will load. So in short, don't use the default admin profile so you don't screw it up with excess crap (and you should rename it anyway as many hackers start with "Administrator" as the username) and create your own user account with the privileges you need.

[videobruce 0]

Supposedly, less processes are loaded, at least that's what I have read, but don't remember where.

[Davros 0]

The only reason to not use the admin account is for security. For best security, use a regular users account, and use the Run As option when you need admin rights for a program.

[clutch 1]

I figure that since this was posted twice ( ;( ), I will just copy my post over from this other link:

 

Quote:

Why? Why would you suggest this? Are you simply suggesting this for regular users, or for any user? Bear in mind that if you plan on administering any systems remotely from your desktop, you might run in to problems if you are not logged in with the proper credentials as many times you will not have the option to elevate them at connection time. But then again, I am not so crazy about the "runas" option anyway (long time, and current, NT 4.0 admin) and have found it clumbsy if the application decides to call another executable which switches the app back to the current user's credentials. The "runas" option doesn't replace being a "superuser" in *nix.

 

 

Using "runas" is more for the one-time necessity (like an admin coming over to a user's machine to do something), rather than a replacement for logging in with the necessary elevated priviledges.

[Gambler FEX online 0]

Win2k is secure enough, just make a user and give it Administrator status. My experience, my server I have been logged in as user thats member of the administrator group and no problem til now.

[Champion_R 0]

I've found that most games require admin rights to run or require the registry permissions to changed to run as limited users.

 

Personally for home computers just create another account with admin rights and use that.

[Admiral LSD 0]

Quote:

I've found that most games require admin rights to run or require the registry permissions to changed to run as limited users.

What Windows needs is a feature similar to the SUID bit in Linux. That way nominated programs automatically run with Admin priveliges without having to specify the Admin password (which is the clumsiest thing about Run As).

[snakefoot 0]

I just changed from the built in Administrator account to a new account. First tried being a power user, but that was way too restrictive, since I like to fiddle around

 

What I did was :

 

http://snakefoot.fateback.com/tweak/winnt/tips.html#USERPROFILE

[DosFreak 2]

The same processors are loaded no matter who you log-in as. UNLESS you have a service thats starts with a profile. ALL of the services that come with Windows 2000 or any program create by Microsoft do not start services with a profile. They do not "interact" with the desktop. They are totally seperate. They are SYSTEM level processes that are not affected by such a trivial event as a user logon.

 

Also if you do not protect your ports then renaming the Admin account is a very minor security change but should be done nevertheless. (If you don't block the ports then it's a very simply matter to discover the admin account even if you do rename it).

 

Using a profile with Admin rights is just the same as using the primary Admin account. Your still gonna FUBAR your system if a program wanted to. Even if your not using the Primary Admin account but an account with Admin privelages then your Primary Admin account is still at risk. This is why in a perfect world you would ONLY use the Admin account for Administrator tasks (fixing stuff). Unfortunately most of us do not do this because we perform these tasks ALL the time, taking breaks, researching, trying stuff out, etc etc. So basically ANY time you use an Admin account on an NT box and you are doing ANYTHING other than an Administrator task then you are puting your box at risk.