Why the default account is an administrator and not a standard use

The first user account in Windows Vista beta2 is an *administrator* protected
by UAC (go to management console to see the account type). But why it's not a
*Standard user* protected by UAC?
I think the best is that the first account is by default a standard user
protected by UAC and not administrator and during installation is also
created another account administrator protected by UAC, non visibile, but
with a password chosen by the user. Only in this way there's a chance that
many users will run Vista as standard account.

Because you shouldn't (and generally can't) use the built-in account to log
in. After you create the first user, which is put in the administrators
group by default, all subsequent user accounts are "standard" ones by
default. This makes sure you have at least one account to manage your
machine with, without having to use the (super-privileged) built-in
"Administrator" one. As soon as the first admin account has ben created,
"Administrator" becomes unavailable for login except in safe mode. This UAC
protection for the Administrators group is overkill, IMO, but then many
people will omit the creation of standard accounts for their day-to-day
work, so I suppose it's a necessary precaution. It *would* be awfully nice
and thoughtful of Microsoft, to turn off the f(censored)g UAC warnings for
the Administrators as soon as at least one standard account has been created
and initialized (I mean, used at least once), though.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"BillD" <BillD@discussions.microsoft.com> a écrit dans le message de news:
176F71D4-7981-425D-A945-FD1E128EFA4D@microsoft.com...
| The first user account in Windows Vista beta2 is an *administrator*
protected
| by UAC (go to management console to see the account type). But why it's
not a
| *Standard user* protected by UAC?
| I think the best is that the first account is by default a standard user
| protected by UAC and not administrator and during installation is also
| created another account administrator protected by UAC, non visibile, but
| with a password chosen by the user. Only in this way there's a chance that
| many users will run Vista as standard account.
|

"Pierre Szwarc" wrote:

Quote:

> This UAC
> protection for the Administrators group is overkill, IMO, but then many
> people will omit the creation of standard accounts for their day-to-day
> work, so I suppose it's a necessary precaution.

Microsoft should force the users to create 2 accounts: Administrator with
UAC + Standard with UAC.

Quote:

> It *would* be awfully nice
> and thoughtful of Microsoft, to turn off the f(censored)g UAC warnings for
> the Administrators as soon as at least one standard account has been created
> and initialized (I mean, used at least once), though.

I like UAC warnings for administrators. Anyway in the next RC1 UAC will be
improved to reduce elevation prompts: http://blogs.msdn.com/uac/
Remember that Vista is still in beta.

"BillD" <BillD@discussions.microsoft.com> a écrit dans le message de news:
B382355D-3572-45C7-A9ED-1E5C3E2C01ED@microsoft.com...
|
| Microsoft should force the users to create 2 accounts: Administrator with
| UAC + Standard with UAC.

Agreed.

|
| I like UAC warnings for administrators. Anyway in the next RC1 UAC will be
| improved to reduce elevation prompts: http://blogs.msdn.com/uac/
| Remember that Vista is still in beta.

Each to his own tastes <g> I know it's still Beta. What irritates me is that
so little thought seems to have been put into this feature. It's as though
MS were unable and/or unwilling to learn from user feedback. Also, the
features are frozen by the time the public Beta is released, so it's largely
useless except for bug identification and correction. That's something
important, of course, but no enough by far.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

I think that two accounts should be created during the install. An
administrator and a standard user. Both should be protected by UAC by
default. You can always turn it off yourself for the administrator if you
desire. It is an extra level of protection for non-expert users which are
the vast majority. It will make them think twice about what they are doing.
I have set up this computer for use as a standard user logged on to a SBS
domain with a separate local admin and another domain admin account. So far
for everyday use UAC is not that intrusive. I do have UAC turned off for the
domain admin account.

--
Kerry Brown
MS-MVP Shell/User

"BillD" <BillD@discussions.microsoft.com> wrote in message
news:176F71D4-7981-425D-A945-FD1E128EFA4D@microsoft.com...

Quote:

> The first user account in Windows Vista beta2 is an *administrator*
> protected
> by UAC (go to management console to see the account type). But why it's
> not a
> *Standard user* protected by UAC?
> I think the best is that the first account is by default a standard user
> protected by UAC and not administrator and during installation is also
> created another account administrator protected by UAC, non visibile, but
> with a password chosen by the user. Only in this way there's a chance that
> many users will run Vista as standard account.
>

"Pierre Szwarc" <pierre_szwarc@hotmail.com> wrote in message
news:eb7fSXijGHA.412@TK2MSFTNGP05.phx.gbl...

Quote:

> Because you shouldn't (and generally can't) use the built-in account to
> log
> in.

You can if. you assign it a passowrd.

Control Panel---->Administrative Tools----->Computer Management---->Local
Users and Groups----->Users.

Then right click on the Administrator account in the middle column and
select "Set Password". The rest is self-explanatory. This account will
still be hidden from the login screen, but you'll now have a password for
the hidden Administrator account.

Quote:

>After you create the first user, which is put in the administrators
> group by default, all subsequent user accounts are "standard" ones by
> default.

Not in my case. I created a total of three accounts. All were
Administrators by default. I had to manually change two of them them.
That's been Microsoft's biggest screw-up for years. Most users are too
ignorant or lazy to change an account (or two...) from an Administrator to a
User.

On the other hand. a of software progammers (who should know better) write
software with use by any user in mind, but then require everyone have
administraive privlidges (Symantec - A "Security Company" is a big offender
in this area).

You're correct, unfortunately. Let's hope MS changes that before RTM. As for
offending the security principle, up to Vista, MS itself was the biggest
offender. Just as the MS developpers all assume every user out there has a
19" 1600*1200 monitor, if one judges by the screen real estate required by
the new GUI and widgets.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Scott" <angrykeyboarder@angrykeyboarder.com> a écrit dans le message de
news: 6F3C38EC-EFAD-4CB7-A68C-FD71E9977CFB@microsoft.com...
[snip]
|
| On the other hand. a of software progammers (who should know better) write
| software with use by any user in mind, but then require everyone have
| administraive privlidges (Symantec - A "Security Company" is a big
offender
| in this area).
|