Monday, January 23, 2017

Administrator

In presentations i mention to use a non-Administrator account for normal day-to-day use to avoid malware infections. Most malware runs as the current user. If that user is not an administrator the depth and scope of the malware byte (sic) may be lessened.
 Administrator has almost full privilege on a Personal Computer (PC). Normal (non-admin) accounts have lesser privilege and rights. When a function or request requires administrator rights or privileges the Operating System (OS) will ask for an administrator account's passphrase. We will cover this in more detail at a Cyber Security SIG meeting.
 Now to tell if your account is an administrator? How to add a non-administrator account? How to spot check that malware as not added or changed an account to add or remove administrator rights and/or privilege?

Microsoft Windows.
 Bring up the Control Panel. Cortiana - Control Panel

Click on User Accounts:
By default the Control Panel User Accounts shows the current logged in user. john in this case.
Note john is a Local Account.
Now by using the Manage another account you should get a User Account Control (UAC) pop-up window. This pop-up window will blank the background windows so it is more difficult to ignore.
By supplying the cited administrator's passphrase the system will display a window with all known accounts. Accounts can be local, workgroup, homegroup or domain. We will cover those types in a SIG session.

Note jpj is an Administrator.

If your current login account is an Administrator you can use the Add a user account at the bottom of the window to add a non administrator accounts to use for day-to-day.
For Windows 10 you will get a pop-up asking for an email address to add a Microsoft account by specifying an email address for a Microsoft account. This is handy for visiting relatives so they can have their cloud or Microsoft content available while on your PC. For our purposes we want to add a local non-administrator account.
Click on the Sign in without a Microsoft account (not recommended)   which i recommend.

Supply the requested information for the new non-Administrator account and click Next. This adds the local non-Administrator account to the system. Use the User Accounts Control Panel to verify the new account is a non-Administrator account.

 Now you have an local account for day-to-day use and an Administrator account to use as required for Administrator functions. You can have more than one of each type of account.
 For some functions you will get the User Account Control pop-up. Supply an Administrator passphrase and continue with the required function.
 For some functions you may need to right click on the function and click on the Run as Administrator.
 For some functions you many need to CRTL-ALT-Delete and choose Switch User to use an Administrator account.
 IMPORTANT: Use the Administrator account(s) with care. With great power comes great responsibility. If a User Account Control pop-up appears during day-to-day use and you have not requested any service requiring Administrator rights or privilege do not supply an administrator passphrase without research. Typically this is malware or similar attempting privilege escalation.
Then again it may be required for a function. Use care with the UAC pop-up.

MacOS
 Similar concept. Multiple non-Administrator and multiple Administrator accounts can be added.
Launchpad -> System Preferences > Users & Groups
This window shows the current Users and an indicator of Administrator rights and privileges. With the Allow user to administer this computer check box you can control the desired account(s).
 Functions that require administrator rights or privileges will require you click on the lock icon labeled Click the lock to make changes and supply an administrator passphrase.
 MacOS is linux based. So from the command line or terminal window use the technique listed for linux.

linux
 from a command shell search for User IDentification (UID) of 0.

for linux based PCs administrator is UID of 0. grep is a shell command to search for UID of 0.

No comments:

Post a Comment