Best practice to not run as admin?

Discussion in 'Mac Basics and Help' started by techmonkey, Feb 12, 2008.

  1. techmonkey macrumors 6502a

    Joined:
    Jun 8, 2007
    #1
    I am getting ready to reformat and install Leopard. When I first got my Mac back in June, I setup the default account out of the box. This account is the "admin" account. Is it best practice to create and admin account, then create another account that is limited user?

    Any suggestions, please post. Thanks.
     
  2. Fearless Leader macrumors 68020

    Joined:
    Mar 21, 2006
    Location:
    Hoosiertown
    #2
    Yes that is best practice, and you shouldn't find it annoying. I really shouldn't but I just run as admin as I don't really care. What ever you do don't enable root and run as that, that would be very very bad. Sometimes terminal apps will yell at you But from what I've read you probably either have no idea what I'm talking about or don't use the terminal that often. no offense.
     
  3. techmonkey thread starter macrumors 6502a

    Joined:
    Jun 8, 2007
    #3
    So when I first install Leopard, it will ask me for a username/password for the first account. Will this be the "admin" account by default? Im asking this because I tried doing this when I first got my computer and somehow I ended up with an "Admin" user and I couldnt figure out how to change the name.

    Also, will I have to sign out of the limited user account and into the Admin account whenever I want to install a program, or will it just ask me for the Admin password?
     
  4. MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #4
    Yes, the username and password you assign at the welcome screen after a successful install is the "admin" account. Also to answer the second question, no you will not have to log in as "admin" to install programs. You will however be prompted with a login dialog whenever you place an app in the Applications folder. All you have to do is insert the "admin" username and password for authentication.

    Running a limited/standard account is best practice. I do this to all my machines and it's just a precaution to whenever a virus or trojan becomes wild. It's just a matter of time before OS X is targeted more. This isn't anything like antivirus, but it does stop apps from running unless you insert your "admin" credentials. A few years ago (2006?), someone started to spread a file that supposedly contained exclusive Leopard screenshots. Turned out it was some sort of worm known as OSX.Leap.A. When people would open the file and double-click the pictures, the admin dialog would pop up. Why would you need admin privileges to see a picture? Anyway, long story short ... non-admin users were more protected. Within admin accounts, the worm was able to run without the user knowing what just happened.

    Also might want to check this old thread out. Someone was asking about viruses/spyware and I gave out some helpful tips for staying secure. Also has some good links at the end that you may want to check out. All this is for OS X 10.4 Tiger, but most of it still applies to OS X 10.5 Leopard.

    For the lazy, here are the links I was talking about.

    Corsaire's Securing Mac OS X 10.4 Tiger (.PDF) By Stephen de Vries.

    Here the easier one to read from Princeton.

    Just to let you know, I am not a security expert. Just a poor medical student wanting to stay secure. :)
     
  5. techmonkey thread starter macrumors 6502a

    Joined:
    Jun 8, 2007
    #5
    Thanks for the great tips MarkMS :)


     

Share This Page