Skip to main content.

Limited and Administrator Accounts

As part of our efforts to migrate our users to a more modern and supportable computing environment, we are implementing a series of best practices which include the separation of the accounts used for the management of the local machine (desktop or laptop) from those used for other day-to-day business.

This separation of these two types of accounts provides a measure of protection for your computer as viruses, spyware and other malware will find it more difficult to infect your computer if the user account you are using has limited rights to manage the local machine. For simplicity, let’s call the account you use to manage the computer your “administrative account” and your general use account your “user account.”

Not only is this practice an emerging requirement within VITA guidelines, it is also a very good practice and one that you might wish to consider for your personal (home) computers as well. An important consequence of the separation of the accounts is that we can log changes to the configuration of your machine and more quickly identify whether that change was intended or if it was made by malware.

The separation of the administrative account from your “everyday” account does have some draw-backs, namely that you have to log-in separately when changes to the computer are necessary and there are still some software packages (or versions) that will expect that your user account and your administrative account are the same.

What is a user account?

A user account tells your computer what files and folders you can access, what changes you can make to the computer, and sets your personal preferences (such as your desktop background or color theme).  When you turn on your computer, you are logging onto your computer at the same time that you are connecting to the campus network; up to now (at UMW) some individuals have also been logging onto the Novell network (the shared drive) at the same time that they logged onto their computer.

Types of User Accounts:

Currently, there are two types of user accounts in use at UMW:

Limited User Accounts

  • Limited user accounts give the user access to what he or she can do on the computer. Users with limited user accounts can still do everything necessary for their day-to-day activities
  • You’ll be able to surf the internet, send and receive emails, write documents in Word, create Power Point presentations, or make and enter information into Excel spreadsheets. With a limited user account, you can still listen to music programs, edit and view photos, and many other things.
  • Limited user accounts protect your computer and data by limiting the damage that can be done by spyware, malware, or viruses.
  • Limited user accounts cannot add new hardware or software.

Administrator Accounts

  • An Administrator Account gives you access to all the files on the computer.
  • An Administrator account is an account that lets you make changes that will affect other users, such as changing security settings.
  • An Administrator account can set up the computer, install software and hardware, set preferences and make repairs.
  • An Administrator account should be used sparingly. Viruses and spyware have easy access to the computer via an Administrator account.   If your computer is infected by a virus while you are logged in as an Administrator, the virus has an unlimited ability to compromise and corrupt your computer and its processes.

A Safer Computing Environment:

Using limited user accounts can greatly improve your online safety.

  • Limited user accounts give outside attackers limited access to your computer. Because the user is limited in what he or she can download, internet attacks are limited in what they can get at on the computer as well.
  • Users with limited user accounts are unable to download many internet applications. Downloading what may seem like harmless programs from the internet could actually put your computer at risk. Limited user accounts prevent this from happening in many ways.

The single most important step you can take to protect your computer from viruses, worms and hackers is to use a "limited user" account for everyday computer use.  If you work in a Limited User account, you will be able to decrease the effect of a virus or other malicious software.  If the attack happens while you're in an Administrator account, the attack will have full access to your computer and the results can range from annoying to catastrophic.  If a Trojan horse or virus makes it onto your computer while you're using an administrator account, it can get deep into the operating system (often without your knowledge).

By regularly using a limited account, you can safely avoid the vast majority of malware out there today, simply because the limited-user account does not have the right to install programs or change system settings. As a result, when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example, that installation process fails.

At UMW

Accounts

You will have 2 accounts on your computer. You'll have a Limited Access account that we suggest that you use for your daily work.  This account will provide you with a safe computing environment, and will protect your computer and your data.

Your computer will also have an Administrator account that you may use to install software, add printers, etc.. We strongly suggest that you do not use the Administrative account for daily use, as it is much more vulnerable to viruses and spyware.

You have to login under the computer’s Administrator’s account to install software, to install new hardware devices, and so on.  Your computer and your data will be safer for doing so.

Updates

UMW’s new managed environment is bringing two other changes that will help users with computer management.  The implementation of a Symantec Enterprise Server and Microsoft Windows Server Update Services (WSUS) will enable our technology administrators to deploy the latest virus definitions and Microsoft product updates to computers. 

This means that authorized UMW IT staff will be pushing out updates to you, so that your computer will be safe, and you won’t have to worry about it. Such updates will be pushed out on a scheduled basis. You may find that your computer has been rebooted in the morning when you return to your office. This can be inconvenient at times, but it does allow us to maintain your computer without having to visit each individually – a very time consuming task given the number and frequency of such updates.

As always, you should close all applications, turn off your monitor and log off your computer before you leave work.