The official home of It's Geek to Me on the web!

Issue #655: February 9-15, 2020

Q: I read in one of your recent columns that in the past you have recommended that we don’t run our systems in administrator mode.  I must have missed that issue, because I always use an account with administrator privileges on my computers.  Can you please re-explain your position on running in administrator mode?

 – Jim N.
Fort Walton Beach, Florida

A:  Things have changed over time in the way security is implemented in Microsoft-land.  Arranging this explanation in a way that makes sense is going to be a little challenging, because a lot of what people think they know may not be correct. 

Let’s start by settling some terminology.  Despite what people think, running a user account that has “Administrator Privilege” is not the same thing as running in “Administrator Mode.”  It used to be, once upon a time, but administrator accounts were never intended for day-to-day use, and study after study revealed that despite users being warned not to configure their regular user account with administrator privileges, a substantial number of people ignored that advice and did it anyway.  So, Microsoft subtly altered the rules so that accounts with administrator privileges are capable of running in administrator mode, but are not in that mode by default.  Activating administrator mode requires manual intervention via User Account Control.

Ok, so, why can’t people just run their systems the way they want to without Microsoft poking their nose into it?  Well, the harsh answer is that people are ignorant of the ramifications of their choices, and since the blame falls to Microsoft when things go wrong, Microsoft decided to fix the problem the best way they knew how, and they cut the legs out from under people who insisted on unnecessarily running as an administrator.

Now, to the heart of the matter, and the answer to your question, Jim.  Administrators are Super-Users, with all the rights and privileges that go with such a title.  Those include the ability to make changes to protected files, install software, access data across multiple user accounts, and so forth.  To a point, that’s acceptable when there’s a person sitting at the controls.  What most people don’t realize is that new processes get silently created all the time as you use Windows, and every one of them spins up with the privileges and settings of the signed-in user.  That means all processes – whether you know about them or not, and whether you approve of them running or not.  That would include processes that illicit websites inevitably slip past your system’s gatekeeper that launch and install malware.  It’s bad enough when these run as a standard user, but running them as an Administrator allows them to install in such ways that your virus scanner probably can’t find them, or even if it can, it won’t be able to remove them.  Administrator privileges enable abilities that make it possible to go beyond merely using the computer to altering its configuration.  It’s all pretty pointless for the daily use of your PC. 

I hope you can now see why I recommend not having Admin privileges on your user account.  The bottom line is that Administrator privileges are for performing administrative functions, not for the day-to-day operating of your computer.  Elevating an account or process to Admin mode is not something that should be taken lightly, and should be a rarity for most Windows users – not the norm.

Leave a Reply

June 2024

Search the site


Copyright Notice

All content on this site is Copyright © 2007-2024 by Jeff Werner – All rights reserved.