How to Protect Your Windows XP PC Against Accidental or Unauthorized Changes

January 31, 2009

in privacy & security,Windows

by Gabe Goldberg

Bill Gates must be a trusting soul, since Windows was designed to be an open and flexible computing environment, usually allowing any user full authority to do all sorts of complex and (potentially) dangerous things. In a perfect world — one in which nobody made mistakes and no malicious acts occurred — this would be useful and convenient.

But in reality, the PC’s openness means that a well-intentioned – and even knowledgeable — user can do damage, sometimes simply by visiting a Web site which has been corrupted to include malware (evil-intending software such as a virus, work, Trojan, etc.) which will download and install itself by stealth.

And of course, friends, guests, and children may use your PC without practicing safe computing. That is, they may install random games, click links in spam email, visit unsavory Web sites, etc., which can be equivalent to visiting a gang hangout late at night, alone, to solicit donations for the Salvation Army.

Fortunately, Windows XP offers protection, in the form of defining two kinds of PC user: Computer Administrator and Limited. A computer administrator has full power to create, change, and delete accounts; make system-wide changes; install programs; and access all files. A limited user can only manipulate files and data belonging to that account.

Most computers are delivered with one account defined, that being an administrator. But most computing activities — Web browsing, email, etc. — don’t require that authority. So it’s worth creating a limited account for routine use and reserving the administrator account for tasks requiring its authority, such as installing software or tweaking the system (installing Windows or other software updates, defragging the hard drive, etc.)

Limit PC access

Limit PC access

To create a new account, click Start, open the Control Panel, click User Accounts, click Create a New Account. Enter the new account’s name, then select Computer Administrator account, and click Change Account Type. Close the User Accounts window.

Now you’ll make your regular computing account limited. Click Start, then Log Off. You’ll see a welcome screen with your two account names. Log on as the administrator account you just created. Return to the User Accounts dialogue box, click Change an Account, and select your other account, the one you’ve been using. Click Change the Account Type, then Limited, then Change Account Type.

Limited accounts can change or remove their account passwords; change their pictures, themes, and other desktop settings; view files they create; and view files in the Shared Documents folder. Authority to install programs is limited and programs designed before Windows XP or Windows 2000 may not work.

When you start your computer, the Welcome screen will show your two accounts. Use the limited account for routine work and the administrator account only for installation or maintenance tasks which need it.

The good news is that when using a limited account, you’re more protected from your own finger fumbles and errors. And limiting what non-tech savvy spouse, guests, or reckless children can do definitely improves peace of mind. My wife’s PC has a limited account for her and an administrator account for me; we’re both happier that way and her PC seems to like it as well.

Windows Vista operates differently, with more default protections enabled. But some people are annoyed by their intrusive nature and disable them, opening themselves up to danger and mischief.

Gabe Goldberg (, a lifelong computer pro and technology communicator, has written three books and hundreds of articles for audiences including techies, baby boomers and senior citizens. He enjoys sharing tips and pointers that help people use and have fun with technology.