Should You Log On Using The Administrator Account?

Welcome to Internet Fixes Customer Support

Feature Article!

Should You Log On Using The Administrator Account?

A security best practice dictates that you shouldn't use the Administrator account to perform everyday tasks because of the risks associated with accidentally introducing problems as a result of using elevated privileges. To steer clear of such problems, you should create a regular user account for day-to-day use. Then, when you need to perform a task that requires local or domain administrative privileges, use the Runas command to perform such tasks. This command restricts the administrative abilities to the task that you’re performing. For example, to open a command prompt with local administrative privileges, enter the command

runas /user:<local machine>\administrator cmd

To open a command prompt with domain administrative privileges, enter the command

runas /user:administrator@<domain name> cmd

Be aware that you can use the NetBIOS naming format with this command. For example, to open a command prompt with domain administrative privileges on my network, I typed

runas /user:yourname01\administrator cmd

Any commands that you enter at the new command prompt will run as the user that you entered in the Runas command with that user's associated privileges.

You can replace "cmd" with any command. For example, to start the Microsoft Management Console (MMC) Computer Management snap-in, type

runas /user:<computer/domain>\<account> "mmc
%windir%\system32\compmgmt.msc"

To start the MMC Active Directory Users and Computers snap-in, type

runas /user:<computer/domain>\<account> "mmc
%windir%\system32\dsa.msc"

For example, to open this snap-in on my computer, I typed

runas /user:administrator@yoursite.com "mmc
%windir%\system32\dsa.msc"

Be aware that if you run the Runas command on a client computer (e.g., running Windows XP or Windows 2000 Professional), the command will fail unless you've installed the administration tools. Although using the Runas command is slightly more work, you can create shortcuts for each command that you routinely run and make your system much safer. If you experience problems, ensure the Secondary Logon service is running--the Runas command requires this service for operation.

Gary Chambers

Get My New Microsoft Windows How-To Tips Package On Ebay!!

Don't wait for an Email with A Download Link! Get The Files Instantly On Ebay!

Get My "Free" Access Searchable Database! Keep All Your How-To Tips in One Place!

View The 600 XP Titles Here!

All products mentioned are registered trademarks or trademarks of their respective companies.
Questions or problems regarding this web site should be directed to the Webmaster.
Copyright © 1999-2007Internet Fixes. All rights reserved. Legal Disclaimer

06/02/2008