Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


How well non-admin rights protects Windows

  • Please log in to reply
2 replies to this topic

#1 IHateW10


  • Members
  • 1 posts
  • Local time:01:08 PM

Posted 23 August 2016 - 07:38 PM

I've been working towards migrating my end-users away from belonging to the local administrators group. I've said to hell with UAC - I only want standard accounts running. This has already protected one system where an individual clicked a malicious email link. I have been finding ways to allow programs to run that would normally require admin level privileges, but I'm still uncertain of just how safe my systems are. 


I believe a piece of malware could still log keystrokes, delete user's data files, and try to compromise\crash other software to elevate privilege. A standard user account could still run a stand-alone executable such as a cryptovirus but would be limited to altering data that their account has write permission on. 


My question then is, just how secure is a fully patched Windows 7 system if end-users do not hold admin rights?


Thank you in advance for any insight. 


BC AdBot (Login to Remove)


#2 bwv848


    Bleepin' Owl

  • BSOD Kernel Dump Expert
  • 3,029 posts
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:12:08 PM

Posted 24 August 2016 - 09:46 AM

As far as I know, you still can get infected but to a certain degree...

"No, this is not a dumb question by any means.

To answer your original question, no a standard account wont protect you from infections. Infections can still be installed into the user's profile and launched under HKCU registry keys/User's Start Menu. On the other hand, these types of infections are typically easier to remove and only affect the user that is infected.

Other users on the machine will not be infected when they log in. "

quote from Grinler in this thread

Read this post by quietman7 too (Be sure to read the articles on the bottom):


If I do not reply in three days, please message me.
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,062 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:08 PM

Posted 24 August 2016 - 04:49 PM

Keep in mind that most crypto malware (ransomware) typically will run under the security credentials of the user....it will run on non-admin accounts under the same privileges as the infected user and encrypt any files that are accessible to that user. If the user can write to a file then the ransomware will be able to encrypt it. Ransomware needs write-access to files it encrypts so it will not be able to encrypt files owned by another account without write-access while running as a non-admin account.

Since crypto malware can run as a non-admin user, will not see a UAC prompt. If your normal user account is member of the Administrator group, the malware can install itself to run for all users.

This is a quote from Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.

Executables can run as the user who started it or can ask for elevated privileges to run as Administrator. CryptoLocker is happy to run as a non-admin and will thankfully only be able to encrypt those files that particular user has access to.

How To Avoid CryptoLocker Ransomware: Comments by Lawrence Abrams November 3, 2013 at 10:33 am
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users