Lock down your Windows PC with a dedicated local administrator account

To protect your Windows 10 PC from hackers, try this: Creating a local user account to be your Administrator account. Many Windows 10 users make the mistake of using the Administrator account as their everyday user account, which makes your PC more vulnerable if your user account is hacked. 

One of the advantages of Linux PCs is that by default users don’t have “always-on” administrator accounts. Instead, authorized users elevate their privileges to act as an administrator for brief periods of time. It’s a good system that can help thwart attackers and keep the PC more secure.

Technically, we have the same situation on Windows 10, where we temporarily elevate our user privileges to install a program or carry out other privileged tasks. The difference is that in Linux you have to enter a password to elevate privileges, but in Windows 10 most of us just have to click Yes inside a User Account Control (UAC) dialog box. 


An example of a User Account Control dialog box in Windows 10.

The UAC is a little more robust than that description suggests. Nevertheless, we can improve the situation by removing administrator privileges from our everyday account. Then we create a separate local user account to act as administrator. You’ll still be able to authorize almost all the actions you do now from your everyday account, but you’ll have to enter a separate password each time instead of just clicking Yes or using your current account password.

The argument for doing this is pretty straightforward. If malicious software ever got onto your PC or it was hacked remotely there’s the potential for bypassing the UAC and using your account’s elevated privileges. Acting as an administrator an attacker could install more malicious software, run a command line program with elevated rights, delete user accounts, and more.

Restricting admin privileges to a separate account helps mitigate, but does not entirely remove, these threats. A key logger installed on your system could easily snap up your administrator password, for example, and a UAC pop-up can trick you into doing something you didn’t intend. Still, removing administrator rights adds a little more security than leaving them intact on your everyday account.

Windows 10 does come with a built-in administrator account that we could activate, but we’re not going to do that. Most experts caution against using the built-in administrator account, because it has free rein on your PC in a way that other account types don’t. For that reason we’ll leave the built-in account alone.

Creating a dedicated admin

The first thing we need is a new local account, which we’ll call “Admin.” We can’t call it Administrator, as that name is reserved for the hidden administrator account on the PC. We’re also not going to use a regular Windows 10 account connected to an Outlook or Hotmail address, because that increases the potential of getting hacked. Plus, there’s no good reason to connect it to the cloud like a regular account.

Source link