Two accounts for client based OS - security principle. RRS feed

  • Question

  • Hi All,

    Does anyone know what is current best practicies or recomendation about security requirements related with using two separated accounts for daily activities on client OS? As far as I remember Microsoft recommended using two different accounts, one for daily activities and second for admin purposes, however I could not find any formal statement about this matter on MS sites. It seemed to me that using two different accounts is the best way to go however not sure if nowadays is still valid. Maybe UAC mechanism mitigates this and no more two accounts are required? What do you think about it? Please help :)


    Monday, September 4, 2017 10:41 AM


  • Hi Krystian.

    The principle you've mentioned is still valid: it is always recommended using a standard account for daily activities and an administrator account for special, administrative tasks.
    For a complete overview of this topic, I suggest you to read the "Implementing Least-Privilege Administrative Models" document.


    Luigi Bruno

    • Edited by Luigi BrunoMVP Monday, September 4, 2017 1:16 PM
    • Marked as answer by Krystol Tuesday, September 5, 2017 1:41 PM
    Monday, September 4, 2017 1:16 PM