Win 7 UAC and Passwords

Discussion in 'Windows 64bit' started by Sparky, Nov 17, 2009.

  1. Sparky

    Sparky Guest

    About to take delivery of a new Win7 box and I'm curious about assigning
    passwords

    I found this page

    http://unixwiz.net/techtips/win7-limited-user.html

    Which includes an interesting paragraph

    Curiously enough, it's not always necessary to have a password on an
    account. Since an account with a blank password cannot be accessed over the
    network, you can substantially reduce the attack surface of a machine this
    way.

    But this requires that you have good control of physical security over the
    machine: if there are users on the machine (or in the environment) who are
    not allowed to perform administrative duties, it would be a poor idea to
    have a blank password because it would allow anybody to walk up to the
    computer and go to town.

    In addition, a laptop that leaves the house is probably not a good candidate
    for a blank password because physical security is seriously problematic.

    For most home users, it probably doesn't really matter that much how you
    choose your password schemes, but if you have any questions about this,
    please present your scenario to a trusted security adviser for guidance.

    I intend to create an Admin account and a Standard user account ( for daily
    use )

    Under those conditions , do I really need to assign passwords during the
    initial setup ?

    Thanks
    Sparky, Nov 17, 2009
    #1
    1. Advertising

  2. Yes. Assign passwords and good ones. Especially for the admin account. If
    you actually run in a standard user account, and want to leave that one
    blank, I don't see a huge problem with that, given that you understand the
    limitations.

    --
    Charlie.
    http://msmvps.com/blogs/russel




    "Sparky" <> wrote in message
    news:e1%...
    > About to take delivery of a new Win7 box and I'm curious about assigning
    > passwords
    >
    > I found this page
    >
    > http://unixwiz.net/techtips/win7-limited-user.html
    >
    > Which includes an interesting paragraph
    >
    > Curiously enough, it's not always necessary to have a password on an
    > account. Since an account with a blank password cannot be accessed over
    > the network, you can substantially reduce the attack surface of a machine
    > this way.
    >
    > But this requires that you have good control of physical security over the
    > machine: if there are users on the machine (or in the environment) who are
    > not allowed to perform administrative duties, it would be a poor idea to
    > have a blank password because it would allow anybody to walk up to the
    > computer and go to town.
    >
    > In addition, a laptop that leaves the house is probably not a good
    > candidate for a blank password because physical security is seriously
    > problematic.
    >
    > For most home users, it probably doesn't really matter that much how you
    > choose your password schemes, but if you have any questions about this,
    > please present your scenario to a trusted security adviser for guidance.
    >
    > I intend to create an Admin account and a Standard user account ( for
    > daily use )
    >
    > Under those conditions , do I really need to assign passwords during the
    > initial setup ?
    >
    > Thanks
    Charlie Russel - MVP, Nov 17, 2009
    #2
    1. Advertising

  3. Sparky

    Sparky Guest

    Makes sense....thanks a bunch !


    "Charlie Russel - MVP" <> wrote in message
    news:...
    > Yes. Assign passwords and good ones. Especially for the admin account. If
    > you actually run in a standard user account, and want to leave that one
    > blank, I don't see a huge problem with that, given that you understand the
    > limitations.
    >
    > --
    > Charlie.
    > http://msmvps.com/blogs/russel
    >
    >
    >
    >
    > "Sparky" <> wrote in message
    > news:e1%...
    >> About to take delivery of a new Win7 box and I'm curious about assigning
    >> passwords
    >>
    >> I found this page
    >>
    >> http://unixwiz.net/techtips/win7-limited-user.html
    >>
    >> Which includes an interesting paragraph
    >>
    >> Curiously enough, it's not always necessary to have a password on an
    >> account. Since an account with a blank password cannot be accessed over
    >> the network, you can substantially reduce the attack surface of a machine
    >> this way.
    >>
    >> But this requires that you have good control of physical security over
    >> the machine: if there are users on the machine (or in the environment)
    >> who are not allowed to perform administrative duties, it would be a poor
    >> idea to have a blank password because it would allow anybody to walk up
    >> to the computer and go to town.
    >>
    >> In addition, a laptop that leaves the house is probably not a good
    >> candidate for a blank password because physical security is seriously
    >> problematic.
    >>
    >> For most home users, it probably doesn't really matter that much how you
    >> choose your password schemes, but if you have any questions about this,
    >> please present your scenario to a trusted security adviser for guidance.
    >>
    >> I intend to create an Admin account and a Standard user account ( for
    >> daily use )
    >>
    >> Under those conditions , do I really need to assign passwords during the
    >> initial setup ?
    >>
    >> Thanks

    >
    Sparky, Nov 17, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. canixs
    Replies:
    0
    Views:
    391
    canixs
    Mar 2, 2007
  2. canixs
    Replies:
    2
    Views:
    424
    Dshai
    Mar 6, 2007
  3. =?Utf-8?B?bGNpY2NhcjIyMg==?=

    UAC has to be turned off to run MS Office 2007

    =?Utf-8?B?bGNpY2NhcjIyMg==?=, Apr 20, 2007, in forum: Windows 64bit
    Replies:
    10
    Views:
    749
    John Barnes
    Apr 21, 2007
  4. Lawrence D'Oliveiro

    Bypassing Vista UAC

    Lawrence D'Oliveiro, Apr 29, 2008, in forum: NZ Computing
    Replies:
    1
    Views:
    328
    Hamish Campbell
    Apr 29, 2008
  5. Lawrence D'Oliveiro

    Re: Well UAC on vista sucks

    Lawrence D'Oliveiro, Oct 11, 2008, in forum: NZ Computing
    Replies:
    3
    Views:
    302
    Lawrence D'Oliveiro
    Oct 12, 2008
Loading...

Share This Page