Improve Your Cybersecurity

The simple trick to protect you from 86% of Windows threats 😮

Privilege management is a vital component to any successful cybersecurity strategy, and this simple trick can mitigate up to 86% of Windows threats.

We need to talk about your privileges, but not in a woke sense 🙂

Privilege management is a vital – yet overlooked – component to successfully defending your devices from cyber attacks. 

Most attackers will have the same level of privileges of the logged in user they have compromised. Generally speaking, malware has the same privileges as the user or the process running an application. This means if your user is administrative user, any malware that has contaminated your system would have administrative rights, and therein lies the problem.

If you were logged in with a user that had restricted privileges, the malware would be forced to comply with the same permissions and privileges as the restricted user has. 

This would force any hacker that has compromised your device to perform privilege escalation attacks, and this is not always an easy thing to do.

In Linux and Unix operating systems, you are required to prepend ‘sudo’ before any command that requires administrative privileges. By default, Windows does not encourage such behaviour and it most likely must be configured by an administrative user.

Changing your account to a low privilege user is much easier than you think, and it has low administrative burden. This guide will only take a few minutes to follow, but I promise the reward will be worth the effort.

Currently, when you try to perform an action that requires administrative rights it will prompt you to click ‘yes’ to give permission. When you switch to an account that requires less privileges, you will only be required to enter a password for the administrative user. This will take seconds, and the security benefits of switching your account are significant: a Avecto report in 2015 has shown that up to 86% of critical vulnerabilities can be mitigated by restricting administrative rights

Privilege management in Windows

Step One: Adding a new low privilege user

Let’s look at how we can limit the privileges in Windows 11. We are going to create a new administrative user, and then remove the administrative rights that we use for our current admin user.

To get started, go to your search bar in the bottom left hand toolbar and type ‘user accounts’. You should see an option to ‘add, edit, or remove other users on this device’. Click on it.

The next step in the process is to create a new user, assuming you don’t have one already. If you already have a secondary non-administrative user, you can skip to the next step.

You will be taken through Microsoft’s account setup process. It is fairly intuitive. If you don’t want to create a Microsoft Account for the new user, you can do so by clicking ‘create new account’ and ‘create a user without a Microsoft account’.

Please use a passphrase on the new account instead of a password. A Passphrase is a sentence using at least 20 characters that you will find easy to remember, such as “1692I-liketoeatBeefWellingtons#”

In doing so, your password becomes much more difficult to bruteforce or use a rainbow table against.

Once you have created a strong password you can proceed to the next step, where you will assign administrative privileges to the new user. Under account options, click on ‘change account type’ and select ‘administrator’.

You now have two options. You can create another low privilege account and begin using this account for your daily tasks. Or, we can keep your current account but reduce it’s privileges to a standard user, ensuring that all your files, downloads, and everything else remain intact for your current user.

Assuming you would like to do the former, simply complete the above steps again however when you reach the ‘account options’ stage, click on ‘standard user’ instead of opting for an administrative user.

Step two: reducing your account privileges

Assuming you would like to keep your current account and remove its privileges, now it’s time to do so. Using your search bar, type ‘control panel’. You should see the options shown on the image below. Click on ‘change account type’ under the User Accounts tab.

Now you will be prompted to choose a user. Choose your current user, and not the user that you created in the previous step.

Finally, click on change account type. You will now see the following screen. Click on ‘standard’ and update your account. You will now have a low privilege account, and any time you want to run a programme or perform an action that requires administrative privileges you will be prompted to enter your administrative password.

Conclusion

Congratulations! This simple process that should have taken less than three minutes of your time is a crucial step towards bettering your cybersecurity. Privilege management is an important component of any successful cybersecurity strategy, and by using a low privilege account you can mitigate up to 86% of what would be catastrophic cyberattacks.

These articles and step by step guides take considerable time to produce. Please subscribe to my newsletter to be notified whenever I release a new article. 

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe 😇

Improve your cybersecurity

DNS Security 101

The 14 types of malware 💣

WiFi Security 101: A Quick Guide to Safeguarding Your Network 👀

Why it’s a good idea to have multiple email addresses 👍

The simple trick to protect you from 86% of Windows threats 😮

This is how you should THINK about your cybersecurity 💭

Fifteen Steps to maximising firefox privacy 🔒✅

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity. 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me 😇

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties 😇

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.