I recently reinstalled Windows XP. Now in my User Accounts I have an Account labeled Administrator. And then I have another account with my name which also has me listed as a Computer Administrator. How do I get rid of one of these? I don’t think I need both. And when my computer goes into hibernation mode, it asks me under which account I wish to logon. I really would like a simple way to get rid of one of these accounts. Any help would be most appreciated.
Control Panel --> Administrative Tools --> Computer Management --> Local Users and Groups --> Users
Double click Administrator and check the Account is Disabled box
Just a quick follow up question. I have inadvertantly opened up my email on one of my Adminstrator accounts and have different settings on one of them also. Is it possible to merge these two accounts somehow? Or am I going to have to save what I can from both of them and reinstall again?
Dog, wouldn’t it be easier and better to go:
Control Panel > User Accounts
and then just delete the account that s/he doesn’t want?
Creative Munster, there are many people who are of the opinion that it’s best, when using WinXP, to have two separate accounts.
Account 1: Administrator Account, with full administrator privileges, allowing you to install and uninstall software, change hardware settings, and do other stuff related to the operation of the computer. This account should be password protected.
Account 2: Regular User Account, with limited privileges. This account should be used for regular, day-to-day computing. You cannot use this account to change hardware settings, or install new programs.
On my computer, i actually have three accounts. There are two regular user accounts—one for me, one for my wife. Then there is a main administrative account, which is password protected, and which is only used to change global settings or to add new software or hardware.
I’m sure there are some people who know a lot more about computers than i do, and who can tell you whether or not this type of setup is really necessary, but i read a few articles recommending just such a setup when i first got XP, so that’s how it is on my computer.
By the way, if you do get rid of an account, be very very sure that you have transferred any files you need to the other account first.
And re. your email question: what email client are you using?
Outlook Express
Creative_Munster: I would check on the account that you are planning to keep if the email will download for you. If you did not have your Outlook settings to delete the email from the server after download, you should still be able to get it. If the email is not still on the server, the simplest thing would be to reset your send/receive options to somthing like 20 minutes and then forward the email to yourself. That should give you pleny of time to log out and log back in, with the account you want the email on, then perform a send receive to get the email. Just make sure to log out and not use the switch user option when changing accounts.
I second this advice. The idea is that, if you don’t have write access to the majority of your system while you’re on the computer, no virus/trojan horse/whatever has write access either. Thus, you are much safer than if you hang out online with admin priviledges available to any nastiness that feels like attacking you.
I just installed XP yesterday, on my new blazing-fast 4 year old computer. (Upgraded from my P2 300mhz 64mg ram 4gig HD; can you say slooooowwww?) So let me offer you a tip that took me a few minutes to figure out.
Like mhendo, I have two “live” accounts with “limited access”, and one password protected admin account. I created that admin account and named it admin, btw. (If you didn’t create the admin account you see, it won’t be in the Control Panel => Users area. XP creates an internal admin account that I never see and mostly ignore.)
But when I first set it up, I set up only two live accounts and made them both admin. Then I read the recommended practices thing, and added a third admin account, and stripped the two live ones down to limited.
All of a sudden, one of the limited accounts, (mine), couldn’t access its own “My Documents” folder, or anything underneath it. Didn’t have rights to it for some odd reason.
To fix this, I finally figured out (I’m slow) that I needed to log in as the Admin and do the following:
- Navigate to the folders in question
- Right click and select properties
- Click the security tab
- Hit the Add button
- Hit the Advanced button
- Hit the Find Now button
- Select my user account and hit OK
- Hit Check Names (I’m anal retentive)
- Hit OK
- Select the User account in the “Group or User Names” window
- Select “Ful Control” and hit OK
(It recommends against assigning priviledges to a single user, but since it was My Documents, it seemed like the best approach.)
Now I’m a terror with user priviledges, limiting both accounts willy-nilly to give us the absolute bare bones minimum access absolutely required. I also have a newfound appreciation for all the harried network techs I’ve hassled over the years to give me access to whatever programming flavor of the month task I had going at the time.
I have two accounts set up - the admin account, and the “guest” account for when family needs to use my computer. It only allows access to whatever I specify, and since none of my family are tech savvy, it keeps them from seeing “sensitive” files (read: embarassing, like porn :)).
… Stands up and applauds …
Yes, yes, YES run as a non-privileged user for day-to-day activities.
I wish more people would do this.
I’m convinced that a lot of the problems with viruses, spyware, adware and other crap would disapper if people would stop running as admin all the damn time. Microsoft is to blame of course - they make all users admin by default in Win XP. So it creates a vicious circle: developers run as admin while they’re writing software, so they inadvertently build in the requirement to run as admin to use it, so people run as admin…etc. etc.
Note that the Microsoft Windows Logo Guidelines require that applications behave well in the face of non-admin privileges; of course, not all applications follow this rule, but you’ll find most software from Microsoft runs just fine as non-admin.
Here’s a couple of chapters from a book on security for .NET developers; don’t worry, the principles in these hold good even if you’re not a programmer:
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsThePrincipleOfLeastPrivilege.html
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsANonPrivilegedUser.html
This one is more developer-focussed but it has some great tips for running as non-admin - including Terminal Service-ing into your own computer!
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToDevelopCodeAsANonAdmin.html
In one of his other articles, Keith mentioned that running with admin privileges all the time would be rather like a surgeon who constantly walks around with an unsheathed scalpel, or an ambulance driver that has the siren and lights on everywhere he drives. The surgeon and the ambulance driver have special privileges available to them, but they should only exercise those privileges when they need them.
There is pain associated with running as a non-privileged user; you have to put on the admin hat to install programs, change configuration settings, perform user maintenance, change the clock, view the clock (!) and a host of other annoying things. You can’t even install ActiveX controls under Internet Explorer, which will cause some websites to malfunction (and some spyware to fail to install…what a pity.)
UNIX users have been doing this for years - “su root”, anyone? There is a feeling of comfort associated with knowing that you can’t f**k up the machine by mistake. Even as an experienced user, too many times I’ve accidentally dragged something into or out of \System32, or renamed a folder I didn’t mean to. When you’re not running as admin, you can’t mess up system files by mistake.
I also suggest that you rename the built-in Administrator account to something only you would know; “Administrator” is very well known to hackers, and they know that if they can crack the password for that, they “pwnt” your computer. By changing the ID to something weird, you put another barrier up against them, and security is all about erecting as many barriers between your assets and the hackers as you can.
Lastly, as someone else mentioned, if everyone runs as Admin on your box, they can easily get to your pr0n files, whatever permissions you set on them!
The Administrator is a special account and is normaly not listed in the User Accounts.
Also, I second using an underprivileged account for everyday work.
I don’t think you can delete the Administrator account. You’d be in fairly deep trouble if you did.
It would be a good idea to rename it to something unusual so that hackers have to guess the name as well as the password, which should be long and hard to guess naturally.
Make sure the Guest account is disabled and rename that too.
/IT support pro.
I wouldn’t attempt to delete or disable the Administrator account; set a complex password on it - one that contains a mix of letters and numbers and is not based on dictionary words (and invent some way to remember it), then forget about the account; there may come a time when your user account gets screwed up and you’ll want to log in as Administrator to fix it.
In that case you’d better not forget about it, becasue you won’t remember your complex password.
If you are going to do it that way, write the password down and store it somewhere very secure, like a Bank deposit box, or a with some other trusted party.
If this is a home PC, then storing the password on its own (just written on a piece of paper with no other comments) in a filing cabinet or your sock drawer should be adequately secure, as the main thrust of setting a complex password in this case is to present obstacles to hacks and trojans arriving via your internet connection - in which case they will not have access to your sock drawer.
Well, for me, I’m using an account with Admin privileges. I can’t be bothered to log in and out all the time to fiddle with the system, and I haven’t had any major virus/spyware problems so far. Of course, I imagine I’m in the minority, being confident in my computer skills in case anything gets fuxxored and having firewall etc running all the time.
Still, I guess it’s a good idea, especially if you tend to visit dodgy sites/have less computer savvy people (who like to click on flashy blinky things on the net).
As a professional computer geek, I’m always fiddling with my machine. I have to agree with Tabby_Cat . But, I also know what I’m doing, so I very rarely have a problem with either spy-ware or viruses.
My biggest problem is the administrator himself breaking something! But of course, even that’s no big deal, as a rebuild doesn’t take that long for me. (repition at this point).
-Butler