Adminstrator rights

[DeekGeek]

By default, even administrators are not the owners of the system files. There is an Administrator Userid which by default does not have logon privileges but is the owner of everything. So there are two options - you modify the Administrator account to allow you to log on as that ID which IS the owner or you run the Take Ownership script as has been mentioned.

If you are the one and only user on your machine then you may also want to set User Account Control (UAC) to off so you don't get the questions "Do you want to run this with administrator privileges?"

Thnx TM but i wanna know by disabling the UAC completely does that gonna create any threat/make my OS prone to attack??? SInce i'm the only user of this com so there isn't any issue like having some1 installing any malicious apps without my knowledge... i know i'll get rid of those irritating question but how that gonna give me complete right as an admin???

 

[davehc]

Thnx dave that's using the TakeOwnership.zip seems to be much easier then other suggested in your post. I got a question on "Go to Start > Type Control UserPasswords2 " which user account does this command refer to my own & single account or any other account other then mine?

Ok. When you log out, as adviseed, you will find you now have another, alternative, account, named Administrator. You log in with this one, which makes you the so-called "Global" Administrator, and gives you more access to what is rightfully yours. As an extremme, you can then go into the user accounts and delete your own username account, but I would not reccomend this, as it still has it uses. I should advis that logging into the Admin account will mean thsat you will have to setup, again, your own preferences for customisation.

 

[DeekGeek]

Yeah aware of that & then settings up everything from scratch..///\\\i had tried that when was working with EDS that whole day ended up setting Outlook mailbox, all preferences, mapping files,drive on the network....Ufffff that was HELL...

Sure will give a try....but i wanna know the reason for this because every1 seems to tell me the way to get this straight but i wanna when i'm the only user on this com & also the account type is Admin then Why i'm not the Global Admin???

 

[TrainableMan]

Enabling the true administrator account for login opens you up to the highest risk of attack - files are assigned to the ownership of a non-logon account for a reason. I personally disagree with ever enabling the true administrator account with net logon privileges.

Granting your own ID as authorized is the second-most unsecure (Take Ownership script). Any compromised program or web script may be able to gain access has the same administrator rights as you. I did this for non-windows files because I want access to MY DATA directly, not through library pointers; it may protect basic users, especially on multi-user machines, but many users can handle it themselves.

Turning off the UAC is basically a minimal line of defense at best. It's sole purpose is to notify you whenever an app wants admin rights - but if you are always going to say YES whenever it asks then it really is no defense at all! It is rare that malware just tries to slip in; no it offers you something, it doesn't need to slip in because you are going to open the door! You are installing a desktop wallpaper of Megan Fox or getting free anti-virus software, so you ARE going to say YES because it's something you want. They don't mention the extras you don't want and the UAC can't tell the difference; you approved it!

So will it make you a little more vulnerable, yes slightly, but as always your real defense is keeping your anti-virus up-to-date (a good active version like MSE and a passive version like Malwarebytes is a pretty good defense) and the most important protection of all is YOU! Know what you are downloading, what you are installing, stay away from dangerous sites and suspicious programs and make external or network back-ups and remove them / turn them off during normal operation. My back-up drive is off 6 days a week so if something gets to my primary drive I know my back-up couldn't have been touched.

If you were an extremely paranoid person you would create a non-administrator account and only browse the web under that ID and you would never ever download anything; but most sane people don't go to this level.

 

[DeekGeek]

You are installing a desktop wallpaper of Megan Fox or getting free anti-virus software, so you ARE going to say YES because it's something you want. They don't mention the extras you don't want and the UAC can't tell the difference; you approved it!

Hahahahahaha v:lol: :beer:
Rightly said about UAC i find it of no use if you are smart that was a simple basic line of defense for people who are not sure what they are installing.

Hmmm i always get Megan Fox name for most e.g. Hahaahhaa

 

[DeekGeek]

Enabling the true administrator account for login opens you up to the highest risk of attack - files are assigned to the ownership of a non-logon account for a reason. I personally disagree with ever enabling the true administrator account with net logon privileges.

Granting your own ID as authorized is the second-most unsecure (Take Ownership script). Any compromised program or web script may be able to gain access has the same administrator rights as you. I did this for non-windows files because I want access to MY DATA directly, not through library pointers; it may protect basic users, especially on multi-user machines, but many users can handle it themselves.

Yeah i agree on this & thank you for this vital information i wasn't aware of some of the fact shared here....

 

[DeekGeek]

TM one more thing i wanna know why every1 seems to suggest Malwaebytes when my MSE already have an inbuilt Malware safety feature??? i tried it once but its usage is so complicated like disable firewall,MSE, run it & then reboot & what not....that got me lot of confusing & since for me that was pain taking so i preferred to stay away from it...something simpler that you gtot, do let know...Thnx TM buddy, g8 help......

 

[TrainableMan]

First, to be perfectly clear, it is never a good idea to have two active anti-virus programs running at the same time; active anti-virus/anti-malware software wants to be first because to do it's job it must run before any browser script or before any application to make sure the file or data is safe before allowed to run so even one active anti-virus impacts performance; with two active they will impact performance even more and may fight for control of who runs first.

But no anti-virus made can protect you from everything out there and 100s are released every day so they are always behind. So to help improve your odds it is good to have a passive secondary program which you run manually, perhaps once a week. Malwarebytes is a passive system you run "on demand" and it is not from Microsoft like MSE so it will have it's own update schedule and virus detection algorithms.

As they say, "two heads are better than one" and "better safe, than sorry".

 

[DeekGeek]

Hahahha well said...yeah i know about the fact that can't run two AV/Firewall never advisable...Hmm ok will give it a sort but can you just give the procedure on that because i don't remember how to go about running Malwarebytes & disabling what all security apps & features...meanwhile i'll go hunting for Malwarebytes & get it....Adios

 

[TrainableMan]

I simply installed the freeware version of Malwarebytes, had it get updates, and allowed it to run. If you have a firewall you may need to grant permission for it to get updates but that's all I did.

You can find a link in our freeware database along with several other great products.

 

[DeekGeek]

i got the Malwarebytes Anti-Malware from their website. But haven't tried yet because one of my friend told me the best way to use it is first disconnect from the network,disable firewall & AV,turn-off UAC (which is always for me) & then run it...
i wanna i that the procedure to do it???

 

[TorrentG]

Nah, you can use it under any circumstances and it's all the same.

 

[DeekGeek]

Thnx Torrent & hope this doesn't screw up anything...if we both are on the same page install--run & scan--update. Bcz i forgot to mention he also mentioned that uninstall it after you have scanned the com. Since my AV ie MSE has also an inbuilt malware feature so there will be 2 malwarebytes instead of 1 which the advisable...is that correct as well???

 

[TorrentG]

Yes, it's alright to have MSE and Malwarebytes on the same system and is actually advisable and well.

Just make sure you don't have Malwarebytes starting with Windows, which is how it will automatically be if you didn't pay for it.

Before you scan with Malwarebytes, go to the tab in it to update definitions. When it's done updating, go ahead and run the scan. It may find things it needs a reboot to remove. If so, it will tell you and then go ahead and reboot.

 

[DeekGeek]

Gottcha Thnx Torrent....