In Windows, an admin account has full access and control over your entire operating system, which is exactly what hackers hope for when sending malware out into the world. If you’re on a Windows account that’s allowed to install programs, then malicious apps will have an easier time taking root in your PC.
And so, for years, the going advice has been to avoid a Windows administrator account for day-to-day use, since funny business could happen unbeknownst to you in the background.
But this advice could soon become obsolete.
During Microsoft’s Build 2024 event, the company announced a welcome but surprising change to Windows accounts: for administrator accounts, admin-level access will switch to being available only when needed rather than at all times.
Currently, Windows admin accounts have full access to the operating system for software installation, registry key changes, and other system file alterations, while standard accounts can only perform those tasks by entering an admin account’s credentials. Going forward, explicit approval is required for both types of account.
This update simplifies the advice given by security experts and tech journalists on how to improve your digital security. The prevailing recommendation has always been to create two accounts on your PC—one as an admin account that you use to set up the computer with all the software and settings you need, and another as a standard account that you use as your daily driver. But most people still use an admin account every day, since that’s the default.
At the moment, Microsoft says admin users will authenticate approval requests using Windows Hello (a simplified version of what happens with the two-account system outlined just above).
You probably don’t have access to this more-elegant handling of account permissions yet because it’s been first released to private preview, but Microsoft says in its blog post that will move to public preview “soon.”
Further reading: How to turn on the built-in ransomware protections in Windows