User Account Control and user safety in Windows Server

While you can run Windows Server 2019 as a regular desktop, it is now time to go over the basics on securing your computer with User Account Control. There are some things that you should know before proceeding to use your computer regularly without no worries.

Administrator

The “Administrator” account in Windows Server is set by default. Usually when installing Windows, you will be prompted to make another user account and designate it as an administrator. Here, you will need to do this manually.

In order to do this, go to the Start Menu->Run. You will then type in “lsusrmgr.msc” and click “OK”.

You are now at the User account manager. Here you can disable users, add users, and even force password resets upon next login. For the first step, we are going to add another user account to take place of our Administrator one. One the left folder pane, make sure “Users” is selected and then right-click within the box in the middle.

Click “New User”.

A new window opens up allowing you to configure options for your new user account. Fill it out in anyway you like. The “Full Name” and “Description” boxes are optional. Below make sure you uncheck the box that says “User must change password at next login” and “Password never expires”. When you’re done, click “Create” and then “Close”.

Note: There are password requirements of 8 characters, uppercase and lowers letters, numbers, and special characters such as period(.) or forward slash(). This policy can be changed by running “gpedit.msc” from Start Menu->Run. You will then navigate to Computer Configuration->Windows Settings->Account Policies->Password Policy. Double-click on “Password must meet complexity requirements” and click on “Disabled”.

Double-click on your newly-created user to open up the properties window. Head to the “Member Of” tab.

We are now going to add our new user to the “Administrators” group. Click on the “Add” button.

Under where it says “Enter the object names to select” type “Administrators” and click “OK”. Click “Apply” and “OK” to close.

From this point forward, you should only log on to your new account.

User Account Control

User Account Control(UAC for short) helps prevent malicious programs from running in the background. For every app or piece of software download, you should always get a prompt asking whether you want to run it or not. By default the “Administrator” account does not have this function, therefore putting you at risk for malware.

The easiest way to configure UAC is by going to Start Menu->Search. In the search box type in “Security and Maintenance”. You will then click on “Security and Maintenance” to open it.

You are able to configure your security settings here. We are now going to click on “User Account Control settings”.

These settings are pretty self-explanatory. The default setting ensures that you will be notified whenever you install software or when something tries to execute an external program. You can always drag the bar down to “Never notify”, but do so at your own risk.

Click “OK” when you’re done. You will receive a UAC prompt asking to confirm your action. Click “OK”.

You have now secured your Windows Server computer better than ever. Always make sure to keep your system up-to-date through “Windows Update” and make sure “Windows Defender” is always working.