Hi!  Eric Murcia here with another episode of Tech Tip Tuesday.  Today we’re going to be talking about security accounts, and how you should use those on your computer as they relate to administrative access.  One of the things that we see very often is that users are also an administrator on their computer, or in some extreme cases, an administrator on their entire network.  That’s something that we really recommend against as a best security practice.

Separate Administrative User Account

We always recommend that you maintain a separate administrative account.  We do that here.  We do that on all the client networks that we support.  This is perfectly applicable whether you’re at home or in the office. You want a separate admin account that you don’t use unless it’s absolutely necessary to install software or make changes.  It decreases the likelihood that you would click on a link and inadvertently launch an application and infect yourself or inadvertently give someone information or access to something that they don’t necessarily need.    It also since it’s an account that’s out of the ordinary and we don’t use it all the time, the likelihood that it can become compromised and then be used against you to take administrative control of your computer is severely minimized.

Creating the User Account

How we [create an administrative account] on Windows 10 is click on Start and type in “user”, [and click on] “Edit local users and groups”.  Click on “Users”.  You’ll see that I already have an admin account in here that’s separate from my normal account.  I’ll create another one (right-click and click “New User…”).  We’ll call this one “eadmin2”.  We’re just going to give it a password.

Password Recommendations

Because I’m creating this already as an admin, I’m going to uncheck the “change password at next login”, because I’ve already set it.  With the recent changes to how frequently passwords should be rotated, the generally-accepted rule is no longer that we should change it every 30, 60, 90 days.  Now it’s that we should not change it.  I’m going to go ahead and select “Password never expires”.

We created our account.  I’m going to close that.  Here’s my account.  We need to do one more thing.  We need to go to “Groups”.  Double-click on “Administrators”.  Then I’m going to “Add…” my “eadmin2” account in there.  I’ve added it here.  Click “Apply”, and hit “OK”.

Use Your Standard User Account

Now I can go about my day doing everything I need to do without having to worry about inadvertently causing myself harm.  Whenever I need to, I can log in with that separate admin account, or when I’m prompted, I can feed it those credentials to install whatever I need to install and make changes at that point in time.  I’m not always logged in as an administrative account.  [Be sure to downgrade your daily account to a “Standard User”.]

That’s your security Tech Tip for this week.  I look forward to talking to you again next week.

Looking for More Tips?

We have new tips every Tuesday.  You can view our previous episodes in our Tech Tip Tuesday library.  Click the Sign Up button on this page to subscribe and receive every tip directly in your inbox each week.  Pit Crew IT Services can also help your organization with their IT needs.  Get started with a free consultation.

Get a FREE IT Consultation!

Start Now