Thursday, March 01, 2007

Windows Vista - Users

Windows Vista changes the way we use Users and the Administrators group.
As always you should create an administrator account and then immediately create a standard user account that you will use for day to day work, the difference is that the standard user is not quite as crippled when it comes to installing sfotware as it was in XP.

You still need to know the administrator's password to install, but you don't have to log out of the standard user's session or fast switch between users to install programs, instead if you try to do any sort of administrative function when you are logged in as a non-admin user windows will just prompt you to enter the username and password of an administrator.

This means that while you are working away in a safely non-admin account you don't have to stop your work to install some piece of software or change some configuration option that Windows considers to be in the domain of the administrator.

On the other hand, while you can log in as an administrator and work that way, and you will only be prompted to click OK when you do an admin function, you'll find that the administrator's ability to map network drives and run startup scripts has been crippled this is a security feature that has the side effect of making it just inconvenient enough to run as admin all the time that you will prefer to be a standard user.

Also of note, there is no more power user, the new standard user with the ability to escalate privledges with a password replaces that role.

It may take a little getting used to but this new way of working makes Vista much closer to the Unix/MacOS security model, which has been proven to be more effective against viruses and intruders.
Post a Comment