Win2k Administrator login security issues

Archived from groups: microsoft.public.win2000.security (More info?)

I recently found that login in win2k with administrator previlege can
cause serious security issues. And that for common tasks like surfing
the web we must log as a USER. I have a few questions on the subject
because I really hesitate to use anything else than administrator
previleges for these reasons:

- My system is very customized (lots of registry tweaks and settings
changes). And I found out that even if I copy the Administrator
account's Document and settings directory to my new account I loose a
lot of configurations and it causes many problems with some
applications.

- I am a programmer and I use a lot of debugging and monitor tools

- I do a lot of registry editing

- I'm always reconfiguring the system

- I love to be able to make any changes I want to the system

Here's my questions:

- Is it really true that using the Administrator account is really
dangerous for trojan horses and viruses? Can you give more info on
that? in normal user account will programs be unable to make changes
to system files?

- What are the other security issues with using the administrator
account? (coming from the outside, I'm the only one to have access to
my computer)

- I have installed the system using only FAT32 partition, I have
noticed that only NTFS seems to support owners. My questions are: Does
using the USER account is safer only on NTFS file systems? If I have
installed it using FAT32 and convert it to NTFS, will correct owner
names will be attributed to system files ? (now they seems to be owned
by everyone). Should I convert my system to NTFS for security reasons?

- Could I continue to use my administrator account but simply convert
to NTFS and change the file access permissions on system directories
to prevent modification. And restore them when I need to make some
changes.

- Do you know any good tools for account management that would easily
permit me to convert my admin account to a user account without any
problems?

Any other informations on that subject is welcome

Thanks in advance

P.S. do not reply by email
3 answers Last reply
More about win2k administrator login security issues
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I use the administrator all the time on my computers at home and never have a
    problem. Many vulnerabilities do not even need an administrator logged on and is why
    keeping current with critical updates is so important. The biggest problem users have
    is that they surf the internet while logged on as an administrator and have low
    security settings and click yes when they should not. Also opening files and
    particularly email attachments that contain a trojan can cause it to be installed
    since the user initiated the action and a logged on administrator would allow it to
    be installed.

    In my opinion it makes sense to not logon as an administrator if you are not going to
    be needed the privileges and permissions of the account such as for general web
    browsing. If you occasionally need the extra power of the admin account while logged
    on as a user you can use "runas" to run applications or do tasks that require
    administrator rights. You can look up runas in the help files for more info.

    What I do to protect my network and computers is to use a properly configured
    firewall that also allows only authorized outbound traffic, keep current with
    critical updates, use virus scan that also scans all emails, secure Internet Explorer
    settings, use complex passwords for my administrator accounts, have an account
    lockout policy with a threshold of ten bad attempts, disable unneeded services, don't
    use kazaa and such, and keep backups by making Ghost Images so I could restore my
    operating system/applications/data in less than ten minutes. The links below will be
    helpful in showing you how to further secure your computer. --- Steve

    http://mvps.org/winhelp2002/unwanted.htm
    http://support.microsoft.com/default.aspx?scid=kb;en-us;815141 -- this is how W2003
    locks down IE.
    http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
    http://www.microsoft.com/technet/security/topics/hardsys/tcg/tcgch00.mspx -- more
    for W2003 and XP Pro but most applies to w2K also.

    "someone92" <someone92@hotmail.com> wrote in message
    news:f458cae2.0409141524.4b1cc646@posting.google.com...
    >I recently found that login in win2k with administrator previlege can
    > cause serious security issues. And that for common tasks like surfing
    > the web we must log as a USER. I have a few questions on the subject
    > because I really hesitate to use anything else than administrator
    > previleges for these reasons:
    >
    > - My system is very customized (lots of registry tweaks and settings
    > changes). And I found out that even if I copy the Administrator
    > account's Document and settings directory to my new account I loose a
    > lot of configurations and it causes many problems with some
    > applications.
    >
    > - I am a programmer and I use a lot of debugging and monitor tools
    >
    > - I do a lot of registry editing
    >
    > - I'm always reconfiguring the system
    >
    > - I love to be able to make any changes I want to the system
    >
    > Here's my questions:
    >
    > - Is it really true that using the Administrator account is really
    > dangerous for trojan horses and viruses? Can you give more info on
    > that? in normal user account will programs be unable to make changes
    > to system files?
    >
    > - What are the other security issues with using the administrator
    > account? (coming from the outside, I'm the only one to have access to
    > my computer)
    >
    > - I have installed the system using only FAT32 partition, I have
    > noticed that only NTFS seems to support owners. My questions are: Does
    > using the USER account is safer only on NTFS file systems? If I have
    > installed it using FAT32 and convert it to NTFS, will correct owner
    > names will be attributed to system files ? (now they seems to be owned
    > by everyone). Should I convert my system to NTFS for security reasons?
    >
    > - Could I continue to use my administrator account but simply convert
    > to NTFS and change the file access permissions on system directories
    > to prevent modification. And restore them when I need to make some
    > changes.
    >
    > - Do you know any good tools for account management that would easily
    > permit me to convert my admin account to a user account without any
    > problems?
    >
    > Any other informations on that subject is welcome
    >
    > Thanks in advance
    >
    > P.S. do not reply by email
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks a lot. And what about my NTFS vs FAT32 questions, can someone
    give me some info on it?

    Thanks in advance


    > > - I have installed the system using only FAT32 partition, I have
    > > noticed that only NTFS seems to support owners. My questions are: Does
    > > using the USER account is safer only on NTFS file systems? If I have
    > > installed it using FAT32 and convert it to NTFS, will correct owner
    > > names will be attributed to system files ? (now they seems to be owned
    > > by everyone). Should I convert my system to NTFS for security reasons?
    > >
    > > - Could I continue to use my administrator account but simply convert
    > > to NTFS and change the file access permissions on system directories
    > > to prevent modification. And restore them when I need to make some
    > > changes.
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    To take full advantage of managing user access you must use ntfs. If you do
    not use ntfs, user accounts would only be good for restricting a user to
    logon to the computer. Ntfs is a must to secure a computer and you can
    convert file system to ntfs without losing any application or data.
    Converting to ntfs will have no affect on current user group memberships.
    Use the convert /? command to see more about the convert command. --- Steve


    "someone92" <someone92@hotmail.com> wrote in message
    news:f458cae2.0409191315.44b251d5@posting.google.com...
    > Thanks a lot. And what about my NTFS vs FAT32 questions, can someone
    > give me some info on it?
    >
    > Thanks in advance
    >
    >
    > > > - I have installed the system using only FAT32 partition, I have
    > > > noticed that only NTFS seems to support owners. My questions are: Does
    > > > using the USER account is safer only on NTFS file systems? If I have
    > > > installed it using FAT32 and convert it to NTFS, will correct owner
    > > > names will be attributed to system files ? (now they seems to be owned
    > > > by everyone). Should I convert my system to NTFS for security reasons?
    > > >
    > > > - Could I continue to use my administrator account but simply convert
    > > > to NTFS and change the file access permissions on system directories
    > > > to prevent modification. And restore them when I need to make some
    > > > changes.
Ask a new question

Read More

Security Login Windows