PC Accounts and Security

User Accounts

On a computer it is possible to have multiple users each with their own access or 'account'.
This allows each user to have their own personal settings so that the look of the computer is familiar and what other users change is not reflected on another's account. It is also possible to make each account with a controlled level of access.
This can enhance security, manage child protection and minimise security breaches.
The level of privileges or access to computer settings can be varied in each account.

Microsoft Account

On Windows 10, Microsoft encourages the use of a Microsoft account and password to get access to the computer.
It provides direct access to OneDrive cloud service and Microsoft app store. (see below for Pro and Con of MS Account)
This type of account allows Microsoft to more closely monitor your usage and stores the password with Microsoft.
You would normally have to create this account first before any others.
This is always the highest level or Administrative (Admin) account when created (see below).

Local Account

A 'local' account (ie not Microsoft) can be set up using the access from the Microsoft account.
This type of account can be used at Admin level or non-Admin level which has lower privileges.

The reason for using non-admin level is that a compromised non-Admin account cannot be used to change critical computer settings.

Family Member

This is a special category for parents to manage children's access to the computer and internet.
Screen time can also be controlled

Account Access Levels

The account access level limits the amount of control a user has over the computer.
For good security it is usual to have only one Admin account.

Administrator (Admin) Account Level

The highest level account is that of Administrator .
This account has full control of the computer to add, delete or modify software and settings.
It should be protected by a strong password.

Non-Administrator Account Level

A non-admin account cannot add software or gain access to secure parts of the computer.
This is a useful account for most users as they have enough control to use the applications and change personal settings
It is harder for them to unwittingly or intentionally compromise the computer.
To install, uninstall or update applications requires a request to the Administrator.

Account Management

In Win10 Settings accounts can be created, deleted and modified.
An Admin level account is required to create, delete and modify accounts, including setting and re-setting passwords.
All users can change their password or Sign-in option.

It is good practice for everyone (including Admin) to have a Non-Admin account for day to day usage.
The Admin account is then kept only for managing changes and updates to the computer.
This approach means that any intrusion into an active user account will not have Admin privileges so cannot instal malicious software.

Microsoft Account Pro and Con

If you always use a Microsoft Account you can:

  • Download free or paid apps from the MS store
  • Have your settings automatically copied to any Windows 10 computer where you are logged in
  • One Drive is connected to your account so you can access your cloud files when logged in on any computer
  • When logged in to your MS account you are also automatically logged in to any other MS services

Your Microsoft Account:

  • Has privacy risks as information is sent to Microsoft about how you use the computer
  • Microsoft holds your password details so is a security risk
  • You must give Microsoft personal email and / or phone details for account recovery or risk account problems
  • Is an administrator level account with full control of your computer

To return to the page on new Computer Set Up please click here

To return to the page on Managing Computers please click here

Example Account Arrangements

Here is a short story about how someone could set up multiple accounts on one home computer.

Peach buys a new computer for the household.

Peach sets up:

  1. A Microsoft Account when first starting the new computer (which can be used in place of the next step as the only Admin account)
  2. Creates a Local Admin account for the user who will be Admin (Peach)
  3. Creates a Local Non-Admin account for Peach and Plum
  4. Creates a Local Non- Admin account for Guest

Peach signs out of the Microsoft Account (OR uses this as the Admin account)

Peach logs in to the Local Admin account to set up all the software, security settings and Apps.
Peach logs out of the Local Admin account.

Peach then logs in to the Local Non-Admin account to change personal settings.

Plum then logs in to the other Local Non-Admin account to change personal settings.

Both users now have separate accounts with their own preferred settings.
If Guest arrives and wants to use the computer they will log-in to a Non-Admin account and only be able to use the computer without changing settings or software.

If any computer maintenance is required Peach logs in to the Local Admin account (or Microsoft Account) to make changes.

And when the scammer calls…
Plum is using the computer when a phone caller claims he is from NBN and that Plum needs to urgently install software to prevent damage to the NBN
Plum panics and tries to install malicious software but her account will not allow installation of software.
Plum calls Peach to help and Peach realises this is a scam and does not give the Admin password to the caller.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License