OH has just bought a new Windows 11 PC, which is protected with a PIN and has only one user. Old-fashioned and traditional, I've always set an Admin account and a User account.
I understand that W11 has a preset Admin account and our son has set the PC up without a specific Admin.
I've always used an Admin account so that you need to think and enter a password to install stuff.
I've just installed some additional software and the new PC only gives a UAC warning. Is this safe/normal/standard practice? For context, if it was possible, my OH wouldn't touch a computer at all
Bump for the evening crowd. Thanks
Its normal!
If the objective is to have (another) user account under W11, then it is as I went thru this process sometime ago but (a) it took me an awful long time to figure out how to do it ("Help" was beyond useless) and (b) I can't remember how to do it [sorry!]
I can only assume Microsoft now think user accounts are no longer necessary but I don't know what the alternative is...
Or maybe you need the Professional edition or something like that 🤷♂️
I think that's how my Windows 10 laptop was delivered a few months ago. I remember I spent a while creating a non-microsoft account. The single account it comes with will have admin rights, and assuming it's the same as Windows 10 you can create another account, and then change it to non-admin. All I remember was that I spent a while on Google looking for info and went round in circles a few times, but in the end I have a laptop with Admin and User accounts.
An interesting thing about Windows passwords (this certainly used to be the case and I haven't heard otherwise) is that an account with a blank password can only be accessed from the keyboard. Probably not wise on a laptop, but on a desktop PC, a blank password means nobody can hack it over the network, they have to be sitting in front of it, and if an intruder is in my house them using my PC is the least of my problems.
Surprised the usual IT pros haven't piped up on this one. Maybe they're having the weekend off?
Personally I'm happy typing my password to gain admin privileges for the session. This prevents the butler from installing malware when I pop to the loo.
An interesting thing about Windows passwords (this certainly used to be the case and I haven’t heard otherwise) is that an account with a blank password can only be accessed from the keyboard. Probably not wise on a laptop, but on a desktop PC, a blank password means nobody can hack it over the network, they have to be sitting in front of it,
The most likely vector of attack is that you mistakenly or inadvertently install malware, code imbedded in a website etc. If you are not using an administrative account this risk is greatly reduced.
https://www.techrepublic.com/article/how-to-set-up-local-account-windows-11-pro/#:~:text=If%20yo u're%20already%20set,.%E2%80%9D%20(Figure%20I).
Yep, I still do this but it's usually my account that is admin and my wife has a regular account on the same machine.
As far as I remember it is just a case of Add a user, then 'I don't have this person's sign in' and finally 'Add a user without a Microsoft Account'. Set the new account to admin, login using it and flip the other to Standard
I think you can also do it using 'compmgmt' run as administrator and create a new account from there but it is slightly messier as you need to add the new account to the administrators group
Thanks all. It's not so much how, but should I?
OH doesn't install much software, but does like a nice additional art filter or font. Once she clicks through UAC will Defender catch any problems (that it has signatures for)?
If "admin" pops up in a dialogue then I get called
but should I?
It depends on the person really. There are some people that just zone out and click Accept on everything as the pop up messages are designed to confuse. Others are naturally suspicious and there is no issue. Most of the problems are with the web but people also sometimes receive emails with attachments that require something special to open them and they just Google and install whatever the first like tells them to :(.
So I still have an admin account and regular accounts at home. One of my children also is admin as they are even more suspicious than I
It’s not so much how, but should I?
You have a partner that doesn't want to learn about the nuts and bolts of computer usage. So yes you should as she's highly likely to click on a link she shouldn't and expose you to a world of fun and malware.
Surprised the usual IT pros haven’t piped up on this one. Maybe they’re having the weekend off?
Honestly, I just don't know Windows 11 well enough yet, I've installed it a grand total of once.
On Windows 10 it will create an admin user during setup. This will expect a Microsoft account if it can see the Internet and create a local one if not. Post-install you can - and probably should - create additional user accounts for each family member. An admin account will occasionally go "are you sure" (UAC as you said) whereas a standard account will instead request admin credentials for admin-level tasks.
Security best practice is what we call "least privilege" - users should have the minimum rights to do what they need to do and no more. Your partner probably doesn't need admin rights given what you've said in the OP, and small children certainly don't.
How much of this has changed with W11 I don't know, but I'd be surprised if it's wildly different.
Oh, and if nothing else, having more than one admin-level account will save your bacon if someone 'accidentally' changes the password. 😁
