Use standard accounts for daily use

There are different kinds of accounts in Windows. Standard accounts allow you to carry out day-to-day computing tasks (such as surfing the internet, writing documents, playing music and video).

The alternative to standard accounts are administrative accounts, which can be used to install programs (including viruses, if you are not careful).

Using standard accounts is important from a virus perspective because it means viruses cannot be installed system-wide behind your back. Using a standard account for daily computer reduces the risk that a virus will infect your entire system.

We recommend having at least two accounts on your computer. One should be a standard account that you use regularly. Another should be an administrative account that you use for administrative tasks. If many different people use your computer, they can each have standard accounts of their own.

In Windows 7, administrative tasks are indicated with the following blue and yellow shield:

Blue and yellow shield indicating administrative tasks

By default, clicking a task marked with this shield will darken the screen and bring up the following prompt:

Administrative prompt

If you are logged in with a standard account, you will be prompted for a password to an administrative account. Otherwise, you can click through the prompt. The screen is dimmed using a Windows feature called user account control, or UAC. We highly recommend keeping UAC enabled on your computer. Sometimes Internet tutorials recommend turning off UAC because it is annoying, but those Internet tutorials are dumb and you should not pay attention to them.

Create standard accounts

If you are lucky, you are already using a standard account for daily use. If not, you can create an administrative account and then make your account standard. Using a standard account will not protect you against all viruses (which can still attack and mess up your personal account files) but at least they won’t be able to affect your entire computer, which helps a lot.

To check the status of your account, click the Start menu, go to Control Panel, and click “Add or Remove User Accounts”:

Add or Remove User Accounts link

A list of accounts will show up. In this case, the “Charles” account is the only administrator account.

Charles is an administrator

This is bad! Let’s fix it by creating another account called “CharlesAdmin” and make that an administrator account. Start by clicking “Create a new account”:

Choose a name for the new account. We will call ours “CharlesAdmin”, but you can name it something else (but not “Administrator”, because that is a reserved account in Windows). Make the type of account “Administrator”, then click “Create Account”.

Create Charlesadmin and make administrator

Now you will see your new account created, but it does not have a password.

Charlesadmin does not have a password

You will need to set a password for this account. This can be the same as the password you already use, or something different. Different is better if you can remember the new password. Click on the account, and then select “Create a password”.

Create a password link

Enter the password twice, and do not enter a password hint.

Change Charlesadmin password

Now the admin account should have a password:

Charlesadmin has a password

Next, remove the administrator permissions from your daily-use account. Click “Manage another account”.

Manage another account

Then choose your old account:

Change Charles account

Click “Change the account type”:

Change account type link

Next, make the account a “Standard user”:

Make Charles a standard account

Then click “Change Account Type”, and you are done.

Charles is a standard user

Changes will take effect once you log out and log back into your computer.

Keep UAC enabled

You will want to make sure that User Account Control is enabled properly on your computer. To do this, click the Start Button, go to Control Panel, and search for “UAC”, then select “Change User Account Control Settings”:

Change User Account Control settings link

You will see a slider with four settings. Make sure the slider is set to “Always Notify”. Click OK and you are done.

UAC slider: choose "Always Notify"

Create separate accounts for each user

You may want to use the instructions above to create separate, non-administrative accounts for each person who uses your computer. In addition to giving each user of your computer more privacy, this can limit the damage created if one person’s account gets a virus: if regular user accounts are restricted, then it is likely (although not guaranteed) that only the account that was infected will be affected. This makes it easier to clean the viruses from the computer as a whole.

You can apply this principle even if you are the only user of your computer. You might create separate accounts for work-related tasks and for playing games, for example.