Here at Komando.com, we talk a lot of about ways to keep hackers from slipping viruses on to your system. Whether it's by avoiding suspicious attachments and links in phishing emails, keeping your browser and plug-ins updated to close security holes, or having security software installed, the name of the game is to keep threats at arm's length.
However, at some point a virus is going to arrive on your system. You might not have spotted the fake email, maybe a security update didn't come through fast enough, or perhaps a guest on your computer downloaded something they shouldn't have. Security software can help keep you safe, but there's one other change you can make to your computer right now that will shut most hackers and viruses down before they can get going.
You can find the clue to this trick in any Microsoft security bulletin that addresses a flaw related to hackers attacking you remotely. You'll see this line: "An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user."
In short, your safety depends on your user rights, or to put it another way, what type of Windows account you're using. In case you didn't know, and many people don't, there are two main types of account you can set up on a Windows computer: administrator and standard. The one you choose determines how much control you have over your computer's features, and how much security you have.
Stick around because we're going to tell you how to pick the right account for you, and get it set up right on Windows Vista, 7, 8 and 10.
Your account options
Let's start by looking at your main account options. The administrator account is a password-protected account you have to set up before you can use a new computer. It gives you full control of Windows from changing security settings to installing programs and anything else you want to do.
The standard account is more restrictive. You can surf the Web, run programs and download files. However, you can't change advanced settings or install programs unless you type in the administrator password.
Finally, on pre-Windows 10 systems there's a guest account. It does exactly what the name implies and creates a super-secure account you can let guests use without fear that they'll mess up your computer.
Since the administrator account has the most control, and doesn't bug you every time you want to install a program or change a setting, you might be tempted to use it. However, remember what we said earlier about user rights? If hackers get access to your system, they have the rights of whatever account you're using.
So, if you're using an administrator account when a hacker takes control, a relative is on your computer or a virus gets on your system, then they can do anything they want. If you're using a standard account, however, then they can only do things that don't require administrator permission.
That means a hacker or relative can't change major settings or install viruses, and viruses themselves can't install unless you enter the administrator password. You'll know right away something is up when your computer starts asking for permission to do things you didn't ask it to do.
In other words, for security reasons a standard account is the way to go for anyone using the computer. Next we're going to look at how to see what account type you're using now, and how to switch over or create new accounts that are the right kind.
When you first create an account in Windows 10, you can choose to make it a Microsoft account or a local account. A Microsoft account uses a Hotmail, Outlook, Live or other Microsoft email to log in, and links you to Microsoft's cloud services. A local account is like an old-school Windows account. Whichever you choose, both of these are going to automatically be an administrator account.
You need at least one administrator account on your computer, so you'll either need to create and use a new standard account, or create a new administrator account and switch your existing account to a standard one.
To add new accounts, go to Start>>Settings and select Accounts. In the left column, select "Family & other users." The options here are a little different than what you might be used to from older versions of Windows.
In the top area you can add and manage family members, which are other Microsoft accounts linked to your main Microsoft account. Learn more about family accounts and how you can use them to protect the kids in your life.
To create a new family account, click "Add a family member." Note that if you're using a local account as your main account you won't see this option. Then select if you want an adult account or child account.
An adult account can be set as either an administrator account or a standard account. After you create the account, simply select it from the list and click the "Change account type" button. A child account is always a standard account.
If you want to create a user account that isn't linked to your Microsoft account, or you want to create a local account, look under "Other users" and click "Add someone else to this PC."
Windows will ask you for the user's email or phone number so it can find their Microsoft account. If the person doesn't have a Microsoft account, or you want to make a local account, click "I don't have this person's sign-in information."
Windows will give you a form to fill out so you can create a new Microsoft account for them. If you want to create a local account, click the "Add a user without a Microsoft account" link. Put in the username, password and password hint and click Next.
Once Windows creates the account, you'll go back to the Accounts area. Under "Other users" select the new account and click the "Change account type" button. You can make it an administrator or standard account, depending on what you want.
With so many ways to do things with accounts in Windows 10, making sure your accounts are what they're supposed to be could be a bit confusing. Here are two general situations you might encounter and what to do.
1. Accounts on a new computer
If you're setting up a new Windows 10 computer for the first time, your best option is to create a new local or Microsoft account to act as the administrator account. Remember to give it a very strong password.
Once Windows is set up with administrator account, follow the instructions from earlier to add a new adult family member or other user. You can create it using an existing Microsoft account, create a new Microsoft account, or create a new local account. Once created, set it as a standard user.
When you're done creating your standard user, click Start and then click on the account username at the top of the Start menu. Choose "Sign out" and then sign back in with your standard-user account information. Use Windows like normal and just enter the administrator account password when you need to install programs or change settings.
2. Accounts on a computer that's already set up
If you've already set up your Windows 10 computer, and you don't want to abandon the user account you've been using, follow the instructions above to add a new adult family member, or other user, and set it as an administrator.
Click Start and then click on the account username at the top of the Start menu. Choose "Sign out" and then sign back in with your administrator-user account information.
Go to Start>>Settings and select Accounts. Choose the "Family & other users" tab, and then select the account you've been using. Click the "Change account type" button and switch it over to standard.
Click Start and then select the account username at the top of the Start menu. Choose "Sign out" and then sign back in with your usual account information. Use Windows like normal and just enter the administrator account password when you need to install programs or change settings.
Windows 8 was the first version of Windows to include Microsoft accounts, so as with Windows 10 you'll have to decide if you want to use local or Microsoft accounts. You also have the option of making new accounts "child" accounts, which means they're automatically standard accounts and follow the Family Safety rules you set up in your main Microsoft account.
Note that we're going to give instructions for Windows 8.1, and it might be slightly different than it is in Windows 8. Microsoft isn't supporting Windows 8 anymore, so for security you should really take the free upgrade.
In the upper right corner of the Windows 8.1 Start Screen, click the magnifying glass and type in "account." Click the link for "Your account settings." Windows 8.1 won't tell you what kind of account you're using, but if you only have one account, it's administrator.
To create a new account, on the left select "Other accounts" and then click the "Add an account" button. You can use an existing Microsoft account, create a new one, or make a local account. Once the account is created, you should arrive back in the account settings. Select the new account and click the "Edit" button to set whether it's administrator or standard.
You're probably going to want to keep using the account you've been using to this point. That means you'll need to change it over to a standard account. Use the instructions above to create a new administrator account, and be sure it has a strong password.
Once the administrator account is created, go to Windows 8.1's Start screen and click on your username in the upper right corner. Choose "Sign out" and then sign in using the administrator account information.
In the upper right corner of the Windows 8.1 Start Screen, click the magnifying glass and type in "account." Click the link for "Your account settings." On the left select "Other accounts" and then select your account. Click the "Edit" button and switch it over to standard.
Next, go to Windows 8.1's Start screen and click on the account username in the upper right corner. Choose "Sign out" and then sign in using your regular account information. Use Windows like normal and just enter the administrator account password when you need to install programs or change settings.
Windows 7, Vista
Go to Start>>Control Panel and click "User Accounts." Select "User Accounts" on the new page that pops up, and then click the "Manage User Accounts" link.
You can see at a glance what accounts are administrator and which ones are standard. If there's only one account on your computer, it will be administrator by default. You need at least one administrator account on your system.
To create a new standard account to use, choose "Create a new account." Make sure to select "standard" when asked about the account type to create. Put in the information it asks for, including a strong password.
If you want to keep using your current account, it takes a few more steps. Choose "Create a new account," but make sure to select "administrator" when it asks you what type. Give this a name like "Computer admin" or anything else you want and give it a really strong password.
Next, go back to Control Panel>>User Accounts to edit your current account. Choose "Change the account type" and click Yes to continue. Select "Standard user" and click the "Change Account Type" button. You're done.
Now when you want to install a program or change a major setting, you'll need to enter the new administrator password you created. Make sure you don't forget this new password or you won't be able to make changes to your computer.
Kim Komando hosts the nation's largest radio show about the digital lifestyle, heard on 435 stations in the USA and globally on American Forces Radio. Find your local radio station, read more digital news, get the podcast and more at Komando.com.