Win2k Administrator login security issues

  • Thread starter Thread starter someone92
  • Start date Start date
S

someone92

I recently found that login in win2k with administrator previlege can
cause serious security issues. And that for common tasks like surfing
the web we must log as a USER. I have a few questions on the subject
because I really hesitate to use anything else than administrator
previleges for these reasons:

- My system is very customized (lots of registry tweaks and settings
changes). And I found out that even if I copy the Administrator
account's Document and settings directory to my new account I loose a
lot of configurations and it causes many problems with some
applications.

- I am a programmer and I use a lot of debugging and monitor tools

- I do a lot of registry editing

- I'm always reconfiguring the system

- I love to be able to make any changes I want to the system

Here's my questions:

- Is it really true that using the Administrator account is really
dangerous for trojan horses and viruses? Can you give more info on
that? in normal user account will programs be unable to make changes
to system files?

- What are the other security issues with using the administrator
account? (coming from the outside, I'm the only one to have access to
my computer)

- I have installed the system using only FAT32 partition, I have
noticed that only NTFS seems to support owners. My questions are: Does
using the USER account is safer only on NTFS file systems? If I have
installed it using FAT32 and convert it to NTFS, will correct owner
names will be attributed to system files ? (now they seems to be owned
by everyone). Should I convert my system to NTFS for security reasons?

- Could I continue to use my administrator account but simply convert
to NTFS and change the file access permissions on system directories
to prevent modification. And restore them when I need to make some
changes.

- Do you know any good tools for account management that would easily
permit me to convert my admin account to a user account without any
problems?

Any other informations on that subject is welcome

Thanks in advance

P.S. do not reply by email
 
I use the administrator all the time on my computers at home and never have a
problem. Many vulnerabilities do not even need an administrator logged on and is why
keeping current with critical updates is so important. The biggest problem users have
is that they surf the internet while logged on as an administrator and have low
security settings and click yes when they should not. Also opening files and
particularly email attachments that contain a trojan can cause it to be installed
since the user initiated the action and a logged on administrator would allow it to
be installed.

In my opinion it makes sense to not logon as an administrator if you are not going to
be needed the privileges and permissions of the account such as for general web
browsing. If you occasionally need the extra power of the admin account while logged
on as a user you can use "runas" to run applications or do tasks that require
administrator rights. You can look up runas in the help files for more info.

What I do to protect my network and computers is to use a properly configured
firewall that also allows only authorized outbound traffic, keep current with
critical updates, use virus scan that also scans all emails, secure Internet Explorer
settings, use complex passwords for my administrator accounts, have an account
lockout policy with a threshold of ten bad attempts, disable unneeded services, don't
use kazaa and such, and keep backups by making Ghost Images so I could restore my
operating system/applications/data in less than ten minutes. The links below will be
helpful in showing you how to further secure your computer. --- Steve

http://mvps.org/winhelp2002/unwanted.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;815141 -- this is how W2003
locks down IE.
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://www.microsoft.com/technet/security/topics/hardsys/tcg/tcgch00.mspx -- more
for W2003 and XP Pro but most applies to w2K also.
 
Thanks a lot. And what about my NTFS vs FAT32 questions, can someone
give me some info on it?

Thanks in advance

 
To take full advantage of managing user access you must use ntfs. If you do
not use ntfs, user accounts would only be good for restricting a user to
logon to the computer. Ntfs is a must to secure a computer and you can
convert file system to ntfs without losing any application or data.
Converting to ntfs will have no affect on current user group memberships.
Use the convert /? command to see more about the convert command. --- Steve
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to Export Gmail Emails to PST Format? 4
Which is the best MBOX Converter Tool different formats conversion? 4
Voltage supply issue related to NUC PC Core i7 0
question on Device Manager permissions 0
Deleting duplicate programs in Administrator and user account 1
Why was I just banned for no reason? 2
Local System Account 10
system from domain is making many attempts to access the administr 1

Back
Top