Montel IT Support Support when you need it, peace of mind when you don't.

How to correctly setup user accounts on a new computer


0 ratings
Almost all of the customer computers I look at have been incorrectly configured when they were first setup. I can understand this for any machine that has been configured by and end user rather than an IT professional as the vast majority of end users don’t know what they are doing.

However, when I come across machines that are supposed to have been configured by someone who claims to know what they are doing, and in many cases has charged for their knowledge, then I simply cannot accept that they have got it wrong.

A lot of the blame for this complete mess lies with Apple and Microsoft as they know how a machine should be configured and they even have advice on how it should be done. The problem is that you have to hunt for it and if you don’t know that it exists then you are not likely to go seeking it out. As a result the average person simply turns the thing on and follows the on screen prompts.

If Apple and Microsoft wanted to then they could make sure that the user is prompted to do it correctly but they don’t. They don’t even tell the user how they can do it correctly at any point and as a result machines are not as well setup as they should be.

Of course if you are an IT professional then things are different. You should already know how to correctly configure a new device and it should be something you do automatically. Ideally, you will also explain to the user what you have done and why you have done it. You may even show them the advice that Apple and Microsoft publish so that they know it comes from the software developers themselves.

I’ve been doing this for years and as a result I get less calls from my customers and that has to be, for them at least, a really good thing. Just don’t tell my bank manager because they won’t agree.

Let’s take a look at what Apple and Microsoft say and then we can begin to understand why so many machines are incorrectly configured from day one.

Here is what Apple has to say on the subject:

About administrator accounts

When you set up macOS, you create a user account that is also an administrator account. A person with an administrator account can create other user accounts, install software in the Applications and Library folders, and change computer settings.

When you create new user accounts, you specify whether the user is an administrator or regular user. If you don't want the user to be able to change preferences or install software on the computer, don't give the user administrator access.

To keep your computer secure, don't share an administrator name and password with anyone. Be sure to log out when you leave your computer, or set Security preferences to require a password. If you leave your computer while you're logged in, someone could sit down at your computer while you're away and make changes using your administrator privileges.

For added security, don't set an administrator to be automatically logged in when the computer starts up. If you do, someone could simply restart the computer to gain access as an administrator.

This is the advice that Microsoft gives:

Why use a standard user account instead of an administrator account?

The standard account can help protect your computer by preventing users from making changes that affect everyone who uses the computer, such as deleting files that are required for the computer to work. We recommend creating a standard account for each user.

When you are logged on to Windows with a standard account, you can do almost anything that you can do with an administrator account, but if you want to do something that affects other users of the computer, such as installing software or changing security settings, Windows might ask you to provide a password for an administrator account.

Both of them are saying the same thing although I think the Microsoft advice is more succinct.

What neither of them say though is that it is a really bad practice to use a computer running any Operating System (OS) with a user account that has administrator level privileges. If you want your machine to be as reliable and secure as possible then you need to create a second user account and make sure that it does NOT have administrator privileges.

This is really easy in practice as an Apple computer or a PC running Microsoft Windows will automatically create any additional user accounts with standard privileges and not administrator privileges. This will not impact the use of the machine but it will make it harder for malware to attack it and it will prevent users from doing some really dumb things that cause no end of problems.

In order to do the job correctly you just need to organise yourself before you turn the machine on for the first time. Here is my advice on how to do it the right way.

Write down the names you will use for two user accounts as a minimum. The first user account always has to have administrator level privileges so this is the one you will NOT be using every day. The second user account will be your daily driver so you want to use your usual name for this one.

Let’s consider an example so you can see how it works in practice.

Supposing we have someone called Charles Philip Arthur George Windsor and he wants to configure a new computer. The first thing he needs to do is to choose two different user names as he will need to create two user accounts. The first account will always have administrator privileges so for this account he would choose one of his middle names as he won’t be using this account very much at all.

He could choose to use Arthur Windsor for the first account and for the second account he will use his first name, Charles Windsor, as this will be a ‘standard’ user account and the one he uses every day. Now he creates the two accounts using the names he has chosen. As a result of doing this he has made his new machine more secure and more reliable.

He will also be very happy that he has two user accounts as if anything goes wrong with his usual user account, Charles Windsor, he will still be able to log into the machine using his administrator account.

If you have a middle name then you could always use your middle name for the administrator account, the first one you create, and then use your first name for the second account. If you add any other accounts they will also only be standard accounts so no problems with those either.

I hope you can now see that for a correctly configured computer it must have a minimum of two user accounts. If it only has one user account then it must be incorrectly configured. That is why I can spot them as soon as I turn them on. Easy when you know how.

The image below shows how one of my machines running Microsoft Windows has three user accounts. You can see that two of them have administrator level privileges but the account I normally use, Terry Montague, does not.

Stacks Image 45
If the machine you are using only has one user account then the best advice I can give you is to add a second one ASAP. Then promote that account to administrator level. Now log out of your account and log in using the newly created account. As it also has administrator privileges it will let you change your usual user account to a standard privilege account.

Log out of the newly created administrator account and log back in using your usual account. You have now improved the security of your machine and your usual account can no longer let you wreak havoc by doing daft things that can break the OS. When you need administrator level privileges you can use your other user account or its credentials.

You should be able to find lots of help online for adding user accounts to Apple computers and PC’s running Microsoft Windows.

If you don’t know how to do this, or you don’t want to do it yourself, I can do this for you and I don’t even have to visit you as it can usually be done remotely. Just drop me an email or give me a call and I will be happy to assist. It doesn’t usually take very long either but please have at least one more user account name and a suitable password ready for me.

If you need to wipe a computer to reinstall its OS then you should follow this advice as well. It doesn’t just apply to new machines.

If you are using Microsoft Windows then you do have the option of enabling a hidden Administrator account and this can be worth doing for an extra way to log in when your usual account has a problem. You can find instructions on how to do this here:

https://www.howtogeek.com/962/enable-the-hidden-administrator-account-on-windows-vista/

One word of caution. For some reason Microsoft does not automatically enforce a password for this special account. This is such a bad practice that it beggars belief so make sure that you add a password if you enable this account. Log in as Administrator and then press CTRL-ALT-DEL to get a list of options. Select the Change password option to add a password to this account.

You can leave the existing password box empty as there isn’t one. Now create a new and strong password for this special account. Log out and back in to make sure that the password is working. Now you should have two or three user accounts on your machine.

I hope this has been helpful and allows you to improve the security and reliability of your own computers. Please pass this information on as every computer user should be following what is best practice as recommended by Apple and Microsoft. Just a shame that those two businesses don’t make this much easier to do in the first place.

One final tip.

Make sure that each user account on your computer has a unique and strong password. If you have trouble remembering them just write them down or better still use a password manager with proven security. For me that rules out LastPass and 1Password as they have both been compromised. You don’t even have to pay for a good one as Bitwarden is highly rated and has a really good free version. Check out this review if you want to know more about Bitwarden:

https://www.pcmag.com/reviews/bitwarden

You can find more details about Bitwarden here:

https://bitwarden.com/

I use a very secure password manager that can be used on any Apple device. Contact me if you want advice on the best password managers as there are plenty to choose from.


Your privacy really matters.
This website will NOT track you.

If you value your privacy I recommend that you use Firefox, Brave or Safari on an Apple device for your web browser. I also recommend using DuckDuckGo for your search engine.