Don said:
Why can't the roles be reversed?
Think of the built in Admin account as your back door (safety
net), and your personal account (Admin privileges) as your every
day account. Should your personal account get hosed that back door
may be the only way into Windows.
Don said:
I've yet to see a good explanation of how to avoid using the
predefined Administrator Account as the Regular Aministrator
Acount during normal operation. What is the difference between
the regular Administrator Account and one that you have
defined for the purpose. In particular can
roles be reversed? Can a new Account be defined and used as
the hidden Account, and the original Account be used as the
operating account. If the answer to this question is no, whst
is the reason?
First - what is the purpose?
Some sort of 'security by obscurity'? Unwise IMHO...
No matter the reasoning - where did you get that it 'could not be done'?
You can disable the built in administrator and create as many other
administrators on a Windows XP system as you desire.
How to disable the Local Administrator account in Windows
http://support.microsoft.com/kb/281140
The warning there says a bunch...
------
Note Before you disable the local Administrator account, make sure that
there is at least one other local or network user who can gain access to the
computer with administrator permissions. Otherwise, you will not be able to
reverse this action in the future.
------
Your original question should have had nothing to do with how to avoid using
the built-in account - it should be, essentially (and paraphrasing) - why is
it unwise to run as an administrator all the time and/or have only a single
user with administrative rights that you use for daily activity? The answer
is simple - you are apt to make a foolish/unwise decision and with that much
power on the machine - you can pretty much turn a small 'shouldn't have
clicked on that' to a complete format and install anew in a matter of
minutes. Not fun, not worth it.
Sure - you could say 'I keep good backups' or 'I have an image of my
machine' or whatever method you plan on reversing it - but while you are
doing that, someone with more than one administrative account with good
password and security built in will be fixed and running while you are
restoring and hoping you haven't lost too much.
As for the account being 'hidden' - only if you are utilizing Windows XP
Home Edition. Even then it is not really hidden - just more difficult for
the normal Windows user to get to and utilize than in the professional
version of the same OS (and all supersets of that.)
Now - what would REALLY be unwise is to have ONLY one account and use that
lone account with administrative powers (would pretty much have to have
these rights - given it is the ONLY user account) on a daily basis. After
all - if something gets corrupted - what account are you logging in as in
order to repair things? Sure - you can do the recovery console, you could
do a repair install, you could boot from a Windows XP BartPE CD and erase
the account's profile directory (or rename it) so a new profile is made at
the next logon - but that still puts all your eggs in one basket.