Administrator has almost full privilege on a Personal Computer (PC). Normal (non-admin) accounts have lesser privilege and rights. When a function or request requires administrator rights or privileges the Operating System (OS) will ask for an administrator account's passphrase. We will cover this in more detail at a Cyber Security SIG meeting.
Now to tell if your account is an administrator? How to add a non-administrator account? How to spot check that malware as not added or changed an account to add or remove administrator rights and/or privilege?
Microsoft Windows.
Bring up the Control Panel. Cortiana - Control Panel
Click on User Accounts:
Note john is a Local Account.
Now by using the Manage another account you should get a User Account Control (UAC) pop-up window. This pop-up window will blank the background windows so it is more difficult to ignore.
By supplying the cited administrator's passphrase the system will display a window with all known accounts. Accounts can be local, workgroup, homegroup or domain. We will cover those types in a SIG session.
If your current login account is an Administrator you can use the Add a user account at the bottom of the window to add a non administrator accounts to use for day-to-day.
For Windows 10 you will get a pop-up asking for an email address to add a Microsoft account by specifying an email address for a Microsoft account. This is handy for visiting relatives so they can have their cloud or Microsoft content available while on your PC. For our purposes we want to add a local non-administrator account.
Now you have an local account for day-to-day use and an Administrator account to use as required for Administrator functions. You can have more than one of each type of account.
For some functions you will get the User Account Control pop-up. Supply an Administrator passphrase and continue with the required function.
For some functions you may need to right click on the function and click on the Run as Administrator.
For some functions you many need to CRTL-ALT-Delete and choose Switch User to use an Administrator account.
IMPORTANT: Use the Administrator account(s) with care. With great power comes great responsibility. If a User Account Control pop-up appears during day-to-day use and you have not requested any service requiring Administrator rights or privilege do not supply an administrator passphrase without research. Typically this is malware or similar attempting privilege escalation.
Then again it may be required for a function. Use care with the UAC pop-up.
MacOS
Similar concept. Multiple non-Administrator and multiple Administrator accounts can be added.
Launchpad -> System Preferences > Users & Groups
Functions that require administrator rights or privileges will require you click on the lock icon labeled Click the lock to make changes and supply an administrator passphrase.
MacOS is linux based. So from the command line or terminal window use the technique listed for linux.
linux
from a command shell search for User IDentification (UID) of 0.
for linux based PCs administrator is UID of 0. grep is a shell command to search for UID of 0.
No comments:
Post a Comment