Admin User vs Standard User

The problem lies deeper. Windows software often tend to ask for admin rights without any real reason. It's just became a normal behavior for users to click "Yes" in the UAC prompt without second thought (or even disable UAC, I will just press F for them). Because lazy software developers just don't build their apps properly (e.g. storing settings in the installation folder instead of the user home directory or registry etc.) or even ask elevation for "just in case".

mkvoq

Titus: *Pirates a game made by EA*
Me: Ah yes, the man of culture.

patrxgt

Thank you for letting us know in real world, very relatable struggles for a Windows user!
When moving from Windows XP to 7 and 10 I always wondered if the UAC actually helped from a security standpoint.
On Linux, whenever it does ask me for sudo It lets me think If I need to do the thing that I'm setting out to do, where Windows is, like another comment mentioned, asking so often. Windows cry's wolf so often we're numb to it 😸

Karla_Finch-Cluff

@Chris Titus Tech you're a smart guy. You wouldn't lay out a problem if you didn't know or have a plan to tackle it. Awaiting a Vid on the solution for partitioning/segmenting users ...

adrianteri

I think the solution in these cases is —kinda— simple (it depends, anyway): You just don't run any "shady" piece of software/code without knowing what it does, just because some random guy/group of people on the Internet says that "it's safe" (I recently had a discussion with someone on this platform 'cause he was recommending the use of "Windows AME" to anyone who wanted to avoid Microsoft's telemetry, almost claiming that "it was totally safe and trustworthy...").
There are methods and tools to avoid any disastrous outcome, like using VMs to try anything that could be potentially dangerous, sandboxing software, you can even upload a file to VirusTotal and see if there's anything wrong with it. Or, if you have the resources and knowledge —or the will, money and time to learn—: use another PC/laptop exclusively for anything "risky", don't connect it to your main network (or else, learn to use and configure VLANs, firewall rules, etc., and isolate it completely from the rest of the other clients in your network...) and then, run whatever you want as Admin. I mean, minimize the "impact surface".

Or else, put your trust in it, take the risk and deal with it.

See you next time, Chris. Keep up the good work!

SilentPlain

"By some girl that happens to be fit" lmao you killed me. Yeah if you use that i would advise disabling the run as admin option on the shortcut that get created. Or better just treat your windows install as hacked and encrypt all your important data on the linux drive. Also having backups is important.

zagorim

There are some programs that fail to install correctly when the user’s primary account is not an administrator. I had to make a pair of scripts to elevate my account and restore it to normal just to deal with those issues. Also, don’t get me started on admin-owned shortcuts on the desktop. It’s clear to me that Windows was not made for the average home user to run as anything other than administrator.

OcteractSG

I generally agree with you but I can see how requiring a password for elevated privileges would enhance security. If a malicious actor attempts physical access to the machine a password would stop them from deploying malware onto it (assuming the malware needs elevated privileges), the same applies for scammers through a remote desktop software connection or a malicious rubber ducky USB plugged in by accident.

spook

I'm running Win 11 (fresh install) and I can't drag-n-drop things anymore, my main issue is draggin images/links to my other running programs, but I also can't add an app shortcut into the taskbar with drag-n-drop and after some research it seems the issue can be fixed by disabling user account control, and while researching if that is a good idea (someone said they can't log in anymore after disabling it) I landed on this video. Do you have any thoughts on that?

JoeGP

I just used a windows 10 install for nearly 2 years with a standard user but I did run into some problems with some programs. My most recent install I gave up on that. I have TPM, memory isolation enabled and malwarebytes so I figure im alright.

cypher

I try Windows every version as user, there is always some program or windows setting that doesn't work right.

BillSawyerPlus

It really may not matter as much as people think because you computer stores login info so even if you are not a admin but the admin was on of the last 5 to login the cridentials for the admin account could be comprimised unless you make changes.

pshubert

I only understood the user problem after getting old enough to have my own personal computer! Problems just magically disappeared! lol

costafilh

I tried Standard User but it caused more problems with where it installed files when I had to elevate. I gave up and went back to Admin

CmdrX

"Some Girl that happens to be Fit", That is a good reference for those who get it.

Naresh-gjvc

I 100% agree with you Chris .. great video.

ThePaulSIN

Windows does allow you to kida restrict an admin account by changing a group policy in the registry. When the authentication pops up, you can configure it to ask for username and password, or only just a password, every time for any user, including admins. The registry key is ConsentPromptBehaviorAdmin; do search on Microsoft docs for the entire list of options. Some thing to add to Windows toolbox?
I dual boot and keep untrusted programs on windows so i made my default account an admin and have authentication ask for a password only, like sudo and other authentication windows work on Linux. What are they going to do?? Make me suk less in League???

duser

I agree in theory on this. But as an MSSP and someone dealing with many different types of users, Business, Residential, businesses with HIPAA, PCI and other compliance needs I've taken a different approach. And it doesn't matter if you have Admin rights or not. If your running Threatlocker (like all my systems do) along with other layers like Huntress, some sort of AV, and Senteon, well I have yet to have a single client of mine get ransomware or even malware for that matter. I'm well aware that nothing is 100% secure. However, and I'm not divulging all the things I do but it is A LOT!!!! just so I don't get that call about Ransomware, or cleaning off malware etc. And of course and last resort and layer, ya just have to have air gapped backups that are tested regularly in case the worst happens. but, like the old saying, an ounce of prevention is worth a pound of cure. And after 35 years of doing this, I was tired of cleaning malware back in the day so for the last 15 years, I have done everything possible to prevent the mess (which is Windows) and it's users and just Deny everything unless I approve it. Harsh stance for Managed Systems, but it's the only way to get close to that 100% secure. Mine might be like 99.99% And yeah, I take it to extremes but hey, it is windows so ya kind of have to unless it's a system you don't care about then game, install and do whatever, and if it breaks, nuke and pave as they say.

glenmichaelson

I only partially agree, some users I have helped will break everything if there isn't some big pop up that requires a un/pw, they are the kind of people that don't like passwords at all, so when faced with that prompt they give up quickly.

MrBreadoflife

I have to agree. I work in a computer repair store and have set up a few computer's for a customer with standard account plus paid anti virus and never gave them the admin password as they never should have need of them. A few days later some of them came back with ransomware. If someone wants to download that free game they will find a way

Bishop