Limited, Indeed « Wamblog

May 18, 2011

Limited, Indeed

Filed under: Main — Tags: laptop — admin @ 12:01 am

Last night I troubleshooting my son’s laptop. Curious problem: He could not get on the Internet.

The Internet was active. The connection was there. The widgets on the Windows sidebar were working. Windows Update was cheerfully (and successfully) downloading updates.

Internet Explorer, however, wouldn’t run. It was unable to connect.

Clicking the Troubleshooting button yielded the frustrating answer that nothing was wrong.

Yes, I was typing the proper web page address.

Reviewing the security settings in Internet Explorer didn’t help. There was nothing battened down too tightly, and I even dispensed with the Safe Browsing feature.

I disabled the firewall. I installed Firefox.

Nope, nothing: No Internet access from the web browser.

Then it hit me: My son had a Limited user account on the laptop. My own account on the same machine was an Administrator account. So I logged off my son’s account and logged into my own account.

Yep, I was able to access the Internet from my own account.

After upgrading my son’s account to Administrator from Limited, he too was able to get on the Internet.

Problem solved.

The frustrating thing is that I often recommend the Administrator-Limited setup for people’s computers. Even Microsoft recommends it: You have one Administrator account for the computer. Then you log in and use a Limited account, which Microsoft claims is safer.

B.S.

If the account is so limited that you can’t even get on the Internet, then what’s the point?

Now there is probably some system security policy thing that I’ve overlooked, some setting that blocks Limited-level accounts from browsing the web. Disabling that setting by default is wrong, of course. Not only wrong, it’s stupid.

The Administrator/Limited (or Standard) account type has its basis in the Unix operating system, which is generally thought to be far more security-conscious than Windows has ever been.

In Unix, the root user is the main account, the system administrator. Yet, it’s common knowledge in Unix that no one uses the root account for anything other than required maintenance. Otherwise, you use a typical user account, which pretty much lets you do anything. Too bad Microsoft wasn’t paying attention when they started aping that model.

New advice: Everyone have an Administrator level account. Only if you plan on using the Kid-Safe computing features should you bother with a Limited account. And even then, I think Junior is going to miss being on Facebook, so you may have to give up and give him an Administrator account anyway.

Comments Off

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Registration
Due to an inordinate number of robot registrations, I've closed the blog to new commenters. You don't need an account to read the blog. If you'd like to make a comment, send me an email and I'll set up an account for you. Thanks!
Administuff
Recent Comments
- admin on eReal Estate
- glennp on eReal Estate
- admin on WiFi Hardware Update
- glennp on WiFi Hardware Update
- admin on The Disappearing Android Tablet
Search for: