Microsoft

User Account Control and Administrator Rights on Windows 10

Are you the network administrator for your household or family? At some point, one of your nearest and dearest will install something nefarious or break something without meaning to, and that’s why the type of Windows User Account used makes the difference.

If everyone on your network is using an Administrator account, you’re going to have a bad time. That said, there’s a lot of confusing information regarding what Standard accounts can and cannot do. Here’s what you need to know.


What Is a Windows User Account?

Every time you use your Windows 10 computer, you log in to a User Account. If you are the only user on your computer, you likely have an Administrator account. Administrator accounts are privileged, meaning they can perform any action on the system with minimal restriction (usually requiring a password for confirmation).

Standard accounts can use the computer in the literal sense: browsing the internet, sending emails, playing games, using software, and so on. Standard accounts can also make some system changes, with restrictions, and nothing that affects the other users on the same system.

There is also an option for a dedicated Child account in Windows 10, which come with a range of limitations and integrated monitoring for overseeing parents. Windows also has a range of integrated parental controls.

MAKEUSEOF VIDEO OF THE DAY

The real consideration is the account type in conjunction with the User Account Control (UAC) setting.

Understanding UAC and User Accounts on Windows 10

The default setting for both Standard and Administrator accounts is to use UAC. However, this is the first thing that some users switch off, deeming it unnecessary and time-consuming.

But look at it another way: every time you have to enter your password, you know a malicious process must do the same. And if the malicious process doesn’t know the password, you instantly save yourself from a world of computing hurt, plus save a boat-load of time in the process.

Let’s consider how UAC works with both accounts.

Both Standard and Administrator accounts access resources and run programs in the security context of a standard user. When you enable UAC, each app requires the go-ahead using an administrator access token.

This means your account, Administrator or Standard, is protected using the same security mechanisms. What differs is the permissions available to each account which in turn are moderated using User Account Controls.

How to Change User Account Control Prompts on Windows 10

So, when UAC is enabled, a Standard account receives different levels of prompts to maintain security. The prompts ensure the user validates each significant change to the system, rejecting anything unknown or unexpected (in theory, at least).

UAC Levels

You can set UAC to one of four levels:

  • Always notify me: The highest UAC level, requests validation for every application, every piece of software, and every change to Windows settings.
  • Notify me only when applications try to make changes: The default UAC level, requests validation for new applications, but not Windows settings.
  • Notify me only when applications try to make changes: This is the same as the default UAC level but does not dim the desktop when the validation prompt appears.
  • Never notify me: The lowest UAC level, you receive no notifications for any system changes, at any time for the specified user account.

The default setting is fine for the majority of users. Of course, that depends on the user. The difference comes in the type of prompt the user receives, depending on the account.

An Administrator account will receive a consent prompt. This prompt appears for the three levels of UAC that require validation. The administrator only needs to click through the consent prompt to confirm the changes to the system.

Credential Prompt

A Standard account instead receives a credential prompt. Unlike the logged-in Administrator account consent prompt, a credential prompt requires the administrator password to validate the system changes.

Color Codes

UAC verification prompts are color-coded, too. This allows both Standard and Administrator accounts to understand the risk posed to the system immediately.

  • Red background (with a red shield icon): The app is blocked by Group Policy or is from a publisher that is blocked.
  • Blue background (with a blue and gold shield icon): The application is a Windows 10 administrative app, such as a Control Panel item.
  • Blue background (with a blue shield icon): The application is signed by using Authenticode and is trusted by the local computer.
  • Yellow background (with a yellow shield icon): The application is unsigned or signed but is not yet trusted by the local computer.

Please note that the shield icon isn’t always present, but the background coloring does indicate the level of UAC verification required. As with most things, when you see the red UAC warning, you know some serious is going down.

Shield Icon

Throughout Windows 10 are settings that require a mixture of Standard and Administrator privileges. A prime example is the Date and Time Control Panel option. While Standard account users can view the clock and change the time zone, only Administrator accounts can adjust the system clock.

Settings that can only be changed using an Administrator account appear with a blue and yellow shield icon, as per the image above. A Standard user will encounter the credential prompt when attempting to change these settings.

Should You Use an Administrator Account?

An Administrator account is important. Every system has one, as you’d be unable to install software and make other changes without one. But should your primary account be an Administrator?

The answer actually lies in your system users.

For instance, I am the only person that uses this system. Therefore, I run a password-protected Administrator account. But on the family laptop, I have a password-protected Administrator account (with UAC), and a Standard account with UAC enabled. UAC is what makes the difference for both Standard and Administrator accounts.

In that, you do not necessarily need to use an Administrator account as your default. Sure, it speeds up certain things, but entering your password only takes a second. I wouldn’t go as far as entirely disabling the Administrator account, as some other guides suggest.

But again, this depends on who is using the system. It is possible to hide an account rather than completely disable it, and there is a built-in Administrator account for backup purposes. Furthermore, turning UAC notifications off isn’t a great idea. It simply removes a basic level of system security that, at times, will save your system from a malicious process.


And even if you turn the notifications off, UAC is still running. It just means every validation request is immediately approved. For Standard accounts, however, it means all validation requests are immediately denied.

TL;DR: A Standard account with the correct UAC settings is just as useful as an Administrator account and perhaps even a little more secure.

Manage User Accounts and User Account Controls For a Safer Windows 10 Experience

It’s tempting to continue using the Administrator account for everything. For many people, the Admin account is the fastest and easiest option for managing your computer. But, in those situations where the user needs a little more oversight, the Standard user account with proper User Account Control settings is the best option.



Hide Installed Apps From Control Panel Windows

How to Hide Installed Programs on Windows 10

Read Next



Source link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button