September 6, 2010

Posts Comments

You are here: Home / Blog / Security Catalyst: Family Security Series Podcast, Episode 2 – Using a Non-Administrative User

Security Catalyst: Family Security Series Podcast, Episode 2 – Using a Non-Administrative User

April 5, 2007 By Michael Santarcangelo

You are invited to learn how to reduce the effectiveness of attacks and sleep better at night by using a non-administrative user account. In this brief podcast, we explain:
-    why you should be using a non-administrative user account
-    how to determine which type of account you are currently using
-    how to create normal user accounts
-    how to change to a regular user account

Thanks to a dedicated team of professionals, this podcast has been made better. If you see them on the street, give them a big hug. They worked hard (and continue to) to improve our efforts to make a difference:

• Gary Morgan, CISSP
• Alvin Liau, CISSP
• George Viconovic, MCIW/D
• James Costello, Security + SME
• John Biasi
• Peter Clark, CISSP

If you have not yet joined the conversation in the Security Catalyst Community, please do so now: http://community.securitycatalyst.com/forums/index.php

The specific link for this discussion is here: http://community.securitycatalyst.com/forums/index.php/topic,335.0.html
(note: joining the community costs nothing – except your active participation!; we enforce a naming standard of using your full name. It helps us keep the supportive environment positive. We look forward to sharing ideas and learning with you.)

Links and Information Mentioned During the Program

Least Privilege

In computer science and other fields the principle of minimal privilege, also known as the principle of least privilege or just least privilege, requires that in a particular abstraction layer of a computing environment every module (such as a process, a user or a program on the basis of the layer we are considering) must be able to access only such information and resources that are necessary to its legitimate purpose.
Source: Wikipedia: http://en.wikipedia.org/wiki/Principle_of_least_privilege

Determine the current status of a user account

Two basic options in windows XP
Windows XP: Option 1
• Start -> Run -> CMD (bring up a command prompt)
• type ipconfig /renew (this will be in the show notes)
• Limited Users will be given an error that access is denied.  Administrators will be allowed to renew their IP address.

Windows XP: Option 2
• Start –> Control Panel
• Launch the User Accounts application

If you are  a Limited User you will be presented with the option to Change your picture or to click on Mail or User Accounts.  • You are limited to changing your own password
• changing your picture
• or to set up your account to use a .NET Passport.

If you are an Administrator you will be given the option to Change an account, create a new account or change the way users log on or off.

For more ways, join the discussion in the catalyst community forums: http://community.securitycatalyst.com/forums/index.php/topic,335.0.html

Mac OSX
• System Preferences –> Accounts
• Right under the name it tells you the kind of account they have

Create a non-admin account

Mac OSX
• System Preferences –> Accounts
• Check that the lock is unlocked; if not, click it and enter your password
• click on the + sign
• Enter in the information, including a password
• DO NOT check (make sure you leave blank) the box for ‘Allow user to administer this computer’

Windows, pre-vista
• Start -> control panel
• Select ‘User Accounts’
• Select ‘Create a new account’
• Type in the name of the new user account
• Select the ‘Next >’ button
• Select the ‘Limited’ radio button
• select the ‘Create Account’ button

you’re not done! Time to select a good password
(We will go into details on good passwords in the future)
• You will be presented with a ‘User Accounts’ screen, with a ‘Pick a task’ option.  Select ‘Change an account’ option
• Select the account you just created
• On the next screen ‘What do you want to change about Child 1′s account?’ select ‘Create a password’
• Then enter a strong password, in the first two boxes, enter a password hint in the Third box.  Then press the ‘Create Password’ button’

Support the efforts of The Traveling Catalyst!
RV Tour (our pre-tour warmup for the Security Revival Tour)

• Nashville (April 24 – 25)
• Atlanta (April 26 – May 3 or 4)
• Key West (May 3 or 4 until May 8) • Baltimore/Washington/Northern Virginia (May 10 – May 18)

We’re working now to set up some public sessions of
• Are You Making a Living or a Life?
• Career Compass Coaching
• Speaking About Security

We’re also interested in offering some public keynotes in each of the areas to support the efforts of security professionals. Send me an email if you’re interested (securitycatalyst@gmail.com)

We are in the process of selecting cities for our ”security revival tour” for the second half of 2007. If you would like us to bring our training to your city, send me an email: securitycatalyst@gmail.com

Thanks for listening – now go make your user account changes and be safe out there!

No related posts.

Filed Under: Blog Tagged With: Family Security, Information Protection, Podcast

About Michael Santarcangelo
The author of Into the Breach and creator of Awareness that Works™, Michael Santarcangelo is known as a human catalyst that advocates for individuals while advancing organizations. By connecting people to the consequences of their actions, he delivers results that reduce risk, increase resiliency and allow organizations to more with less. Guaranteed. Learn more at www.securitycatalyst.com or engage with him on twitter.com/catalyst

Comments

  1. Santa says:
    April 14, 2007 at 1:50 PM

    Great point – I’ll mention this in the next episode.

  2. Santa says:
    April 14, 2007 at 1:50 PM

    Great point – I’ll mention this in the next episode.