Helping people with computers... one answer at a time.

There are situations where running a limited user account is the right thing to do, but running as an administrator is often more practical.

What are your recommendations regarding User Account Control and operating a PC as an administrator in Windows 7? I've read many times that one shouldn't routinely operate a computer while logged in as an administrator, but when you set up Windows on a new computer, the first user that you create is automatically an administrator on that PC. That makes it easy to get through User Access Control prompts by just clicking Yes. Is that risky? If you create a non-administrator user and log in as that user, UAC quite often prompts you for the user name and password of an administrator. Is there a benefit to that?

You'll get a variety of opinions on this one.

I tend to fall on the side of pragmatism. What that means is that it depends on just how much you trust the user of your computer.

And it's probably not the type of "trust" that you think.

User Account Control

User Account Control

UAC was added in Windows Vista and made more palatable (meaning less annoying) in Windows 7.

There are two principals at play:

"Because you know the password, you're empowered to make mistakes either way."
  • Even when logged in with an account that has administrative privileges, you do not actually run "as" the administrator by default.

  • When something needs to happen that requires administrative privileges, you are prompted for permission. If you're logged in as an account with administrative privileges, it's a simple OK/Cancel choice. If you're not logged in with an administrative-enabled account, you must also provide the administrator password in order to be able to choose OK.

This is extremely similar to security measures on other operating systems, including both MacOS and Linux.

The reasoning is simple: by not truly running as administrator, malware that you encounter will have a more difficult time infecting your machine. In general, they have to fool you into saying OK to the UAC prompt before they can infect the deeper levels of your system.

In addition, it can also be helpful in preventing accidental or non-malicious changes from happening to your system.

Who do you trust?

The question is simply this: do you trust whomever is using your computer to answer the UAC prompt correctly?

Will they know when to say no?

If not, then a limited-user account - without knowledge of the administrator password - is the way to go. That way, anything that might potentially affect the system will require not just confirmation, but confirmation by someone who would presumably understand the risks.

Put another way, it's perfect for the kids in the house who keep wanting to install and/or download all sorts of questionable software. A common example might be those who might not understand that the codec that's supposedly required to view the video that they just downloaded from a questionable site isn't a codec at all and that saying Yes won't play the video, but will instead install malware on your machine.

You might as well trust yourself

I'll probably get some flak for this, but if you know the administrator password and particularly if you're the only person who routinely uses the computer, I see no reason to annoy yourself with a limited account. The only practical difference is whether or not you'll need to supply that password in order to say OK. Because you know the password, you're empowered to make mistakes either way.

More important than using a limited account or not is to adopt a skeptical mindset.

Don't be in such a rush to get whatever it is that caused the UAC pop-up that you fail to take the time to look closely at it, understand it, and even research it, if necessary.

UAC as a reminder

Personally, I love the UAC pop-up.

It's an important notification that whatever it is that I'm about to do has the potential to impact the overall security of my machine.

That's a great reminder.

And yes, even though I'm supposed to know what I'm doing, I've absolutely said No to UAC prompts that were unexpected, something that I clearly didn't want, or something that I just didn't understand.

Skepticism and education as a way of life

Purveyors of malware are turning to social engineering and phishing more and more because of these types of barriers that technology can put in place. By tricking you into somehow thinking that a UAC prompt is appropriate, safe, or required, they can bypass any barrier and wreak all sorts of havoc.

Skepticism and education are the only answer.

As has been said time and time again, there is no software, no tool, no scanner, no operating system, no technique that can protect you from yourself.

Article C4829 - May 27, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
Duane Ferguson
May 27, 2011 7:02 PM

Love your closing comment on this one Leo. I disable UAC on all computers in our house, mostly because I know exactly what to install during the initial build. If I miss something, or need to install something at a later date, I'll do my research first, and I've always got a ghost image if something does go unexpectedly wrong. As you say, it is up to the computer operator (especially if they are also the owner of the machine) to understand exactly what they are doing before they install any software, or make any changes to their computer.

Just J
May 28, 2011 10:09 AM

"I'll probably get some flak for this, but if you know the administrator password, and particularly if you're the only person who routinely uses the computer, I see no reason to annoy yourself with a limited account."

Quite, Leo! You'll get no flak from me for that one, that is exactly how I run my machines. It is only myself that uses my machine, so don't feel the need to annoy myself. Quite right. I run Vista, so have a few prompts to put up with, but nothing too serious. I do not, however, unlike your previous commentator, disable UAC. I like you, quite like it (in a way), it lets me know when system wide changes are taking place.

Actually, it would be nice if Microsoft tamed UAC a'la Windows 7 in the next (wasn't in the previous) Service Pack or something; but that's a different tale...

steven
May 28, 2011 8:09 PM

Can UAC be installed on xp home, even third party.

Mark J
May 29, 2011 1:29 AM

@Steven:
UAC is a feature offered on Windows Vista and 7. It defaults your main user account to work in some ways similar to non-administrator account.

You can set up a non-administrator account in XP to use this account for your normal computer activities. This will give you the same (actually more protection) protection as using UAC but it will be a bit less convenient as you will need to type an administrator password before installing programs and certain other functions.

Stu
May 31, 2011 8:35 AM

An entire business has developed that creates computers just for gamers. Turning off UAC is almost mandatory to run some of the more advanced games (e.g. Flight Simulator X). Failure to do so results in very unpredictable behavior, to the point that the game is useless. Most mature gamers (is that an oxymoron?) know the inherent risks involved, but are able to deal with them. The danger comes from letting their less-informed family members use the same computer for other purposes.

njorl
May 31, 2011 9:33 AM

I am not a psychologist, but I think I've discovered an ability to click "OK" buttons reflexively.

I am not normally able, however, to type the whole of my administrator password before my higher brain functions catch up. Therefore, I perform all of my regular computer use from a "limited" account.

When I've a slew of system changes to make, I normally have the foresight to switch, temporarily, to my administrator account - thus avoiding the Repetitive Strain Injury.

David Powell
May 31, 2011 12:43 PM

"There are two principals at play:"

The only time you see two principals at play is when the boy's school and the girl's school have a professional development day on the same date, and the headmaster and headmistress indulge in some sporting activities.

Sorry, but I see so few errors that I couldn't resist taking a wee poke.

Jim Hillier
May 31, 2011 1:42 PM

Agree 100% with your observations Leo. I am an experienced user, nobody else gets anywhere near my machine. I run a single user account with administrator privileges.

@David Powell - David, you are waaay too observant!! LOL

Saetana
May 31, 2011 8:01 PM

I run an administrator account (without a password) as I'm the sole user of my home PC and I have disabled UAC, I wouldn't recommend this approach to everyone, particularly novices, but I found it annoying and intrusive (although apparently its not as intrusive as it was with Vista - I use Windows 7), I use other methods to keep my PC safe. My take on the matter is I never had UAC with XP and managed just fine so I don't see that I need to use it with Windows 7 either.

sefcug
June 1, 2011 3:59 AM

When I was using XP, I used separate administrator and limited user accounts.

With Vista I still did the same at first but, then changed to just UAC. Very annoying but, safer in my opinion.

Windows 7 UAC is still annoying but, not quite as much.

I can put up with annoyance, as long as it makes my computing safer.

Thanks for a great article.

Jayaram
June 1, 2011 5:08 AM

The following link takes you to the
Norton User Account Control tool
, which is, to the best of my knowledge, applicable to Vista users only... Windows 7 users probably don't need it anyway:


Norton Labs UAC tool link

With this tool I've retained UAC access only for specific files... the safe ones are permanently let through without further botheration. Microsoft should have done this right at the outset!!!!

Terry Hollett
June 1, 2011 8:56 AM

I disabled UAC completely and use Winpatrol instead. Been using it for awhile now. It just warns you when programs are trying to change your startup entries.

I've actually got a recommendation for WinPatrol coming up soon.
Leo
03-Jun-2011

Sheri
June 7, 2012 3:02 PM

I have always believed that the reason you should not routinely use your computer whilst logged on to the Admin account is that whilst this makes it easy for you to say yes to UAC control prompts without having to enter the admin password, it makes it just as easy for hackers or rogue programs to do so too! For that reason, I never routinely use my PC whilst logged on to the Admin account - even though I AM the only user of it.

Schnazola
September 28, 2012 1:59 PM

In the government (U.S. Navy) we say that security and convenience are (mutually) exclusive: As security measures increase, usability decreases and vice versa. I suppose it will always be such. I run my Win7 machine with a standard account; I don't mind the occasional "reminder" from the UAC to enter my password. In the big scheme of things, is THAT really a hardship?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.