Network Productivity Group

... a computer consultancy



Technical tip #62, March 14, 2005: 

Hi, its about time we lived up to some promises made long ago and document tips  #62 and #63, which we will again split into two for easier future reference (although we can’t find any evidence we ever sent #62 -but it is on the web site, see

Technical tip #62, March 14, 2005: Protect your Windows XP (or 2000) system by running as a “limited” user.

If you can install programs and change your system at will it means that the user id you are currently using (which may be “Default”) has administrator capability.  This is fine but it means that any worm or virus you might pick up while online can also make any change it wants to your system.  You can prevent this possible damage by creating a new id (like “mynameadmin”), give it administrative capability and resetting your current id to “limited”.  To do this you go to Start>> Control Panel>> User Accounts and then Create new account.  Here you create “mynameadmin”.  We suggest you also password protect it.  Once that is created, logon as mynameadmin (you can get to the logon screen by pressing the “Windows” key (usually between CTRL and ALT unless you are using a laptop, then who knows?) + L.  Once logged on as mynameadmin, return to User accounts and change your original id to a limited account.  This preserves a lot of useful information like your browser favorites and history, mail settings and all that.

 You will need to know a couple of further useful tips.  You can still do some administrative things from your limited account by RIGHT clicking some programs that will only run in admin more and selecting “Run as”.  See Fig. 1.  As you can see we am trying to open Live Update.  Once we select (left click) “Run as” we will get the opportunity to select the “mynameadmin” id, as in Fig. 2. 

Fig. 1

Fig. 2

Click for full size

Click for full size

 You will also need to know how to use the Shared folders.  These make it helpful to pass data back and forth.  One example is we always download new program to Shared folders when running in our limited account, knowing that we will need to log on as the administrator in order to install anything. ( If you are sharing the root of the C: drive, none of this is necessary.)

You will occasionally run into programs that insist on running in admin mode, you just have to give in and let them have their way.  We have an ancient version of Publisher and it cannot save anything unless run as administrator.  C’est la vie.

Finally, Windows Update will only run in administrator mode, so be sure to log on as administrator once or twice a week.  It appears to us that the Norton virus updates run in limited mode but to update the programs you must run Live Update as administrator.

Some folks have found it not worth the effort but we suggest you give it a try.  Better safe than sorry!


Contact us:

Telephone US (562) 930-1343- Fax (562) 439-7174