- Disable the built-in administrator account and why it is best to leave it disabled.
- Set up an account purely to do system administrative work, such as installation
- Set up a limited user account for normal usage.
This sentiment is perfectly correct and explains precisely why so many people dislike Vista and I suspect grudgingly by now Windows 7:
But even with the more modern Windows NT systems, Windows 2000, and Windows XP, it was so painful to really get your work done as a non-administrative user that most people simply gave up and ran with an Admin account. This was almost entirely due to poor habits by software developers: they themselves ran as Admins, and they simply wrote sloppy code that assumed everybody was one too.I have been operating XP in LUA for years doing all sorts of development without difficulties. Initially yes, there is a learning curve but that actually is very beneficial because it teaches you the security model and let you feel the presence of the security envelop. You also experience the security side of a particular technology. In the end producing a more secure program.
I think Vista and Windows 7 are on the right track. I would love to see the file and registry virtualization removed to force developers to be more careful and not to be misled.