i've tried to understand the logic of the UAC and the Administraor account, but I feel left hanging when something is not clear.
I am assuming the very 1st entry when Windows is being setup should be reserve for the OS and no personal account information used.
2. The next account should be for a key person with administrative rights. This is also where apps softwares can be installed. 2b. In a business group a second key person would be setup for the IT tech.
3. This is where all users should be for normal daily activities as Standard users, right? If I understand this The primary key person should be here too.
-
Windows setup, admin, UAC, standard user accounts
-
@Stephen-Smith another a great question (please keep them coming) - The User Account Control evolved out of the necessity to implement the principle of least privilege. In the days of XP the first account would be an administrative account (Windows Administrator), with the problem being that most users did not need elevated privileges to do their day-to-dat tasks. In the context of XP, if a user downloaded an application (malicious or benign) it would run with complete administrative privileges. When Vista came out, Microsoft implemented something called the Standard User Architecture (SUA). With this architecture the first account was an "administrative" account, however the default administrator account was disabled, and still is. When a user needs privileges that make changes to the OS or registry then the UAC blocks this action from "silently" happening without the user's knowledge, like they would under the XP user model. Essentially the UAC blocks unauthorized access, until the user interacts with it. I hope this helps but in today's Windows environment, there is no need for the default Windows Administrator account to be enabled.
