Sign in with
Sign up | Sign in
Your question

Win2k Administrator login security issues

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
September 14, 2004 8:24:08 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I recently found that login in win2k with administrator previlege can
cause serious security issues. And that for common tasks like surfing
the web we must log as a USER. I have a few questions on the subject
because I really hesitate to use anything else than administrator
previleges for these reasons:

- My system is very customized (lots of registry tweaks and settings
changes). And I found out that even if I copy the Administrator
account's Document and settings directory to my new account I loose a
lot of configurations and it causes many problems with some
applications.

- I am a programmer and I use a lot of debugging and monitor tools

- I do a lot of registry editing

- I'm always reconfiguring the system

- I love to be able to make any changes I want to the system

Here's my questions:

- Is it really true that using the Administrator account is really
dangerous for trojan horses and viruses? Can you give more info on
that? in normal user account will programs be unable to make changes
to system files?

- What are the other security issues with using the administrator
account? (coming from the outside, I'm the only one to have access to
my computer)

- I have installed the system using only FAT32 partition, I have
noticed that only NTFS seems to support owners. My questions are: Does
using the USER account is safer only on NTFS file systems? If I have
installed it using FAT32 and convert it to NTFS, will correct owner
names will be attributed to system files ? (now they seems to be owned
by everyone). Should I convert my system to NTFS for security reasons?

- Could I continue to use my administrator account but simply convert
to NTFS and change the file access permissions on system directories
to prevent modification. And restore them when I need to make some
changes.

- Do you know any good tools for account management that would easily
permit me to convert my admin account to a user account without any
problems?

Any other informations on that subject is welcome

Thanks in advance

P.S. do not reply by email
Anonymous
a b 8 Security
September 15, 2004 5:27:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I use the administrator all the time on my computers at home and never have a
problem. Many vulnerabilities do not even need an administrator logged on and is why
keeping current with critical updates is so important. The biggest problem users have
is that they surf the internet while logged on as an administrator and have low
security settings and click yes when they should not. Also opening files and
particularly email attachments that contain a trojan can cause it to be installed
since the user initiated the action and a logged on administrator would allow it to
be installed.

In my opinion it makes sense to not logon as an administrator if you are not going to
be needed the privileges and permissions of the account such as for general web
browsing. If you occasionally need the extra power of the admin account while logged
on as a user you can use "runas" to run applications or do tasks that require
administrator rights. You can look up runas in the help files for more info.

What I do to protect my network and computers is to use a properly configured
firewall that also allows only authorized outbound traffic, keep current with
critical updates, use virus scan that also scans all emails, secure Internet Explorer
settings, use complex passwords for my administrator accounts, have an account
lockout policy with a threshold of ten bad attempts, disable unneeded services, don't
use kazaa and such, and keep backups by making Ghost Images so I could restore my
operating system/applications/data in less than ten minutes. The links below will be
helpful in showing you how to further secure your computer. --- Steve

http://mvps.org/winhelp2002/unwanted.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;815141 -- this is how W2003
locks down IE.
http://www.microsoft.com/technet/security/guidance/avdi...
http://www.microsoft.com/technet/security/topics/hardsy... -- more
for W2003 and XP Pro but most applies to w2K also.

"someone92" <someone92@hotmail.com> wrote in message
news:f458cae2.0409141524.4b1cc646@posting.google.com...
>I recently found that login in win2k with administrator previlege can
> cause serious security issues. And that for common tasks like surfing
> the web we must log as a USER. I have a few questions on the subject
> because I really hesitate to use anything else than administrator
> previleges for these reasons:
>
> - My system is very customized (lots of registry tweaks and settings
> changes). And I found out that even if I copy the Administrator
> account's Document and settings directory to my new account I loose a
> lot of configurations and it causes many problems with some
> applications.
>
> - I am a programmer and I use a lot of debugging and monitor tools
>
> - I do a lot of registry editing
>
> - I'm always reconfiguring the system
>
> - I love to be able to make any changes I want to the system
>
> Here's my questions:
>
> - Is it really true that using the Administrator account is really
> dangerous for trojan horses and viruses? Can you give more info on
> that? in normal user account will programs be unable to make changes
> to system files?
>
> - What are the other security issues with using the administrator
> account? (coming from the outside, I'm the only one to have access to
> my computer)
>
> - I have installed the system using only FAT32 partition, I have
> noticed that only NTFS seems to support owners. My questions are: Does
> using the USER account is safer only on NTFS file systems? If I have
> installed it using FAT32 and convert it to NTFS, will correct owner
> names will be attributed to system files ? (now they seems to be owned
> by everyone). Should I convert my system to NTFS for security reasons?
>
> - Could I continue to use my administrator account but simply convert
> to NTFS and change the file access permissions on system directories
> to prevent modification. And restore them when I need to make some
> changes.
>
> - Do you know any good tools for account management that would easily
> permit me to convert my admin account to a user account without any
> problems?
>
> Any other informations on that subject is welcome
>
> Thanks in advance
>
> P.S. do not reply by email
Anonymous
a b 8 Security
September 19, 2004 6:15:46 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks a lot. And what about my NTFS vs FAT32 questions, can someone
give me some info on it?

Thanks in advance


> > - I have installed the system using only FAT32 partition, I have
> > noticed that only NTFS seems to support owners. My questions are: Does
> > using the USER account is safer only on NTFS file systems? If I have
> > installed it using FAT32 and convert it to NTFS, will correct owner
> > names will be attributed to system files ? (now they seems to be owned
> > by everyone). Should I convert my system to NTFS for security reasons?
> >
> > - Could I continue to use my administrator account but simply convert
> > to NTFS and change the file access permissions on system directories
> > to prevent modification. And restore them when I need to make some
> > changes.
Anonymous
a b 8 Security
September 20, 2004 8:16:28 AM

Archived from groups: microsoft.public.win2000.security (More info?)

To take full advantage of managing user access you must use ntfs. If you do
not use ntfs, user accounts would only be good for restricting a user to
logon to the computer. Ntfs is a must to secure a computer and you can
convert file system to ntfs without losing any application or data.
Converting to ntfs will have no affect on current user group memberships.
Use the convert /? command to see more about the convert command. --- Steve


"someone92" <someone92@hotmail.com> wrote in message
news:f458cae2.0409191315.44b251d5@posting.google.com...
> Thanks a lot. And what about my NTFS vs FAT32 questions, can someone
> give me some info on it?
>
> Thanks in advance
>
>
> > > - I have installed the system using only FAT32 partition, I have
> > > noticed that only NTFS seems to support owners. My questions are: Does
> > > using the USER account is safer only on NTFS file systems? If I have
> > > installed it using FAT32 and convert it to NTFS, will correct owner
> > > names will be attributed to system files ? (now they seems to be owned
> > > by everyone). Should I convert my system to NTFS for security reasons?
> > >
> > > - Could I continue to use my administrator account but simply convert
> > > to NTFS and change the file access permissions on system directories
> > > to prevent modification. And restore them when I need to make some
> > > changes.
!