Best practices
- As a security best practice, it is
recommended that you do not log on to your computer with
administrative credentials.
When you are logged on to your computer without administrative credentials, you can use Run as Administrator to accomplish tasks that require a higher level of privilege than a standard user account. For more information, see Using Run as (http://go.microsoft.com/fwlink/?LinkId=28314).
- To further secure your local computer, it
is recommended that you implement the following security
guidelines:
- Limit the number of users in the
Administrators group because members of the Administrators group on
a local computer have Full Control permissions on that
computer.
For more information, see Why you should not run your computer as an administrator.
- Leave the Guest account disabled. The Guest
account is used by people who do not have an actual account on the
computer. The Guest account does not require a password; therefore,
it is a security risk. The Guest account is disabled by default,
and it is recommended that it stay disabled.
For more information, see Local user accounts.
- Leave the Administrator account disabled. The
Administrator account is disabled by default, and it is recommended
that it stay disabled.
For more information, see Local user accounts.
- Some default user rights that are assigned to
specific default local groups may allow members of those groups to
gain additional rights on your computer, including administrative
rights. Therefore, you must trust equally all personnel that are
members of the Administrators and Backup Operators groups.
For more information about these groups, see Default local groups.
- Review important security considerations
about local users and groups.
- Limit the number of users in the
Administrators group because members of the Administrators group on
a local computer have Full Control permissions on that
computer.
- Use passwords no longer than
14 characters if you are on a network with computers running
Windows 95 and Windows 98.
You can create a password containing up to 127 characters. However, computers running Windows 95 and Windows 98 support passwords up to only 14 characters. If your password is longer than 14 characters, you may not be able to log on to the network from computers running Windows 95 and Windows 98.
For more information, see Create a local user account.