The administrator account is something very special and powerful, and should only be used when it's absolutely necessary.
This account has complete control of whatever operating system, software, network device or domain where it resides... it owns all keys to the castle. As such this account should be treated with respect, it's password guarded carefully and never given out.
A good principle to abide by, is what is referred to as "the principle of least privilege" in computer lingo. In short, the principle states that you give enough access for users to perform their specific tasks.
In corporation, this means that administrators grant users only enough access to resources (printers, shared folders, ability to add/remove programs, etc...) to perform their jobs without too much assistance or intervention from the network administrator.
On the home front (this means you), this would mean divvying up a computer into normal user accounts for everyone who uses it.
By living by this principle, everyone can limit the amount of damage that can be done to a computer if it is compromised by an infection by segregating accounts and access to files and folders.
In the present, Microsoft has enable Windows Vista with a UAC (user access control) system that prompts a user if administrative privileges are needed to perform a task (add/remove a program, add/remove hardware, etc....). While this may be annoying, it is actually a good thing, as this forces people to abide by the Principle of Least Privilege.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment