Windows Vista Best Practices for User Access Control
Posted by raxsoAug 5
1. Create a Standard User account and use it every day! - When setting up a system, you should make only the first user account an Administrator account, even on a child’s machine. Be sure to choose a good password to protect the Administrator account. By default, this first account had approval mode enabled, meaning it can be used to configure Parental Controls and manage any setting on the system.
2. Make everyone enter a password – even Administrators! - You can also increase security by requiring the Administrator account to ‘Prompt for Credentials’ rather than simply use the Consent prompt. Making this change will help ensure fewer mistakes are made when logged in using the Administrator account.
In addition to “Good Practice” you might consider also requiring the special Control-Alt-Delete key sequence for consent to complete administrative tasks. Control-Alt-Delete is a special key sequence that places the computer in a very secure mode of operation and makes entering Administrator credentials far more secure.
Like this blog? Why not buy me a cup of coffee?
![[hackers black book]](http://raxso.net/images/hbb-ani-misuse.gif)
User Account Control annoayance taught users that first thing they must do is disable security.
I think best practice is to use good 3rd party security tools and avoid Microsoft ones.
[Reply]
I don’t really agree with Rarst that UAC is annoying because you can easily disable it from prompting while protecting system from any installation by normal users.
Also, many of the users do not know that there is another Administrator account disabled in the User Management. Thus, it is always good to enable the Administrator account in the User Management rather than using the first user account as the Administrator account.
[Reply]
Thanks for the link. Sounds like interesting read
[Reply]