This entry is part of the series Ten things you can do to improve IT security and reliability without spending money

When you install Windows, or when it comes pre-installed on a new computer, the default settings provide user accounts that have full Administrator privileges.  It is very dangerous to use your computer when you are logged in as Administrator.  Here’s why: When you are logged in as Administrator, you have totally unrestricted access to every corner of your system, every setting, every software application, every network connection, every file, etc.  If you happen to come in contact with a virus, spyware, or other malware program—even just by clicking an infected link on a website—that virus or malware will then be able to attack anything and everything on your computer.

Instead, you should login in as a local user, with limited privileges.  Encountering that same virus, spyware, or malware as a local user will have much less impact—and in many cases no impact—on your computer.

Sometimes, you will need to login as Administrator to install software or perform other tasks.  As soon as those tasks are complete, you should log off.  Then you can log in again, as a local user with limited privileges. With limited privileges, your computer will be much less susceptible to virus, spyware, and other types of attacks.

How to determine if you are logging in as the Administrator
1. Right click on your “my computer” icon and select “manage”. If you do not see “my computer” icon on your desktop, then hit start and right click on “computer.

2. Expand the “Local users and group” from the left panel and right click on “groups” and double click/open “Administrator” on the right panel

 

3. You should see your user name in this box if you are the Administrator or equivalent user.


Setting up a local user account with limited privileges
1. Right click on your “my computer” icon and select “manage”. If you do not see “my computer” icon on your desktop, then hit start and right click on “computer.

2. Expand the “Local users and group” from the left panel and right click on “users” and  select “New User”

 

3. You should see this box. Proceed to fill in the information and hit “create”. This will create a regular windows user.

You can logout and log back in with this user which will have reduced privileges and hence would be safe to use.

Follow the instruction in the section “How to Determine if you are the admin” to make sure that this user does not show up in the Administrator group. If it does , highlight and remove.