User and admin accounts - control access to your computer

What are you able to do on your computer? What can anyone else do - either sitting in front of it, or remotely?

Types of account

Each time a new person logs on to a computer or other device (whether that device is new or not) and creates a new user account or has an account created for them, the type of account determines what that user is able to do.

Administrator

Administrator accounts are in charge of the settings and controls of a computer. Someone logged into an account with administrator privileges can do pretty much anything on the computer. They can view every file on the system, including any account maintenance, billing and subscriptions, change system-wide system settings, run all installed programs, add new programs, install new hardware drivers and change the usernames and passwords of other user-accounts.

Standard or regular user

Standard users cannot perform administrative tasks, they are usually limited to everyday tasks such as sending emails, creating documents and conducting internet searches. If they are able to access additional files and data, it will only be those that the administrator allows.

Using a regular user account when you are on your computer helps keep your system more secure. Let's say you accidently click on a malicious link or open a dodgy file attachment, malware (which is software designed to do harm) might try to download automatically. However, as the malware would have the same privileges as the account you are logged in as, the malware download would automatically require an administrator password. This would alert you to the fact that software was trying to download and you would be able to deny it. If logged in as an administrator, the download could happen without your knowledge.

Default accounts

By default, user accounts in Windows have administrator privileges, meaning they allow you to install, modify or delete software. If you are the only person that uses your computer, you might not realise this and be working from an administrator account all the time. This level of access carries security risks, as unfortunately, you have the ability to do things that you never really intended to do, some of which can cause major problems with the computer. It's quite easy for an administrator to accidentally delete an important system file or change a setting that renders the PC unstable or un-bootable.

Account separation

No one, not even home users, should use administrator accounts for everyday computer use, such as web surfing, emailing or office work. Instead, those tasks should be carried out by a standard user account. Administrator accounts should be used only to install or modify software and to change system settings. If you're a Windows user who has administrative rights, you should create a separate administrator account, and downgrade your regular account to standard-user account. (You can still perform administrative tasks by typing in the password to the admin account.)

Additionally, most computers come with a 'guest' account enabled which allows anyone to freely access your device – you should disable it. In a similar vein, if there is an account on your computer that is no longer used, be sure to delete it.

As more of our information and activities go online, cyber security has become a necessary part of life that keeps us safe from crime. Just like learning anything new, it can be broken down into small steps and implemented in bite sized chunks. Businesses of all sizes are at particular risk of cyber crime and would benefit from working towards Cyber Essentials which is a Government approved scheme. By implementing just five core controls that protect against most cyber attacks, businesses can ensure they are on the right track as well as demonstrating to their customers and suppliers that they are serious about cyber security. Find out more about the Cyber Essentials scheme or contact us to discuss how we can help.