CLT under Limited Account

Hi

This may have been posted before but if not, someone (i.e new users) may find this usefull :).

As a limited account user under XP (SP3), I thought I would give CLT a go with my security disabled (my security being CIS and BOClean ;D ). These are my results:-

Limited Account: 240/340
Admin Account: 30/340 (admin account is setup by default under XP)

So by using an limited account (with security disabled), my OS alone offers far greater security than using an admin account. To be honest, I knew the limited account would offer better protection but was quite surprized by the gap between the two :o.

Anyhow, hope someone finds this usefull and maybe… some users will convert over to limited accounts. It would be interesting to see how Vista performs in a similar setup.

:slight_smile:

I always run under a limited account. It seems silly to turn off all the OS security and then try to patch it with lots of security applications. A few addition rules in defence+ can then make it extremely secure.

With security in mind, I’m surprized Microsoft allowed the default account (after XP installation) to be an admin account 88). I can see why though (ease of use) but it does take a while to get used to doing things with limited access.

:slight_smile:

Not so bad if you use it from start the only pain is if you have problems installing a program, and have to keep going back to the admin account.
I was surprise some times what you can do in a limited account allows certain registry keys to be changed.
Dennis

Intressting…
But isn’t vista “limited by default”…

I mean the UAC thing… =)
Isn’t that “almost” the same as limited user? =)

It has gone some way in Vista giving you alerts all the time for you to click before you can proceed ;D
Also you are stopped deleting certain files no permissions.
As far as I am concern all they have done with UAC is to cripple the admin account but it is not a limited account.

The only thing I like about UAC is you can stay in a limited account no need for admin, I only use it for images and installing security programs.
Dennis

Here are my results under Vista Business SP1. Again, security disabled (CIS and BOClean) but Windows Defender left running as it’s installed by default.

Limited Account: 120/340 (UAC enabled. Limited account is setup by default under Vista)
Admin Account: 120/340 (UAC disabled)

Same test but with Windows Defender disabled:-

Limited Account: 120/340 (UAC enabled)

:slight_smile:

Was is allowed to “run as administrator” in the limited account test?

Do you mean by allowing clt.exe to run from the prompt? (click allow to run)

:slight_smile:

I have tried CLT and it only runs as administrator and so cannot be run under a limited user account. This is why the results are the same and it is not a fair test.

Thank you this had me confused as to why Vista limited account was no better than Admin.
Dennis

Sorry, you are right :-[. I forgot I was setup as a domain admin 88). That would explain the same results. Are you saying that clt.exe won’t load (show interface) or you can’t run any tests?

:slight_smile:

Vista automatically asks for elevation when you run it. If you don’t supply an admin password I don’t think you can make it run.

I’ve not seen this myself (prompting for a password) but I guess being a domain admin, I don’t need to do this but I’m still prompted (by allow or deny) to run clt.exe.

:slight_smile: