![[Creative
Commons License - You may reuse my original content from this site non-commercially, with attribution.]](https://www.penmachine.com/images/somerights.gif){kind=small}
![[RSS syndication feed]](https://www.penmachine.com/images/rssfull.gif){kind=small}
![[RSS comments feed]](https://www.penmachine.com/images/rss_comments.gif){kind=small}
![[Penmachine Podcast]](https://www.penmachine.com/images/rsspodcast.gif){kind=small}
![[Powered by Blogger]](https://www.penmachine.com/images/blogger_button.gif "Blogger powered"){kind=small}
![[Powered by BlogRolling]](https://www.penmachine.com/images/blogrolling_button.gif "Blogrolling makes the link list"){kind=small}
![[Layout with CSS and no tables]](https://www.penmachine.com/images/css_tableless.gif){kind=small}
![[Viewable with any browser]](https://www.penmachine.com/images/allbrowsers_button.gif){kind=small}
![[Meets U.S. Section 508a accessibility guidelines]](https://www.penmachine.com/images/sec508a.gif){kind=small}
![[Weblog Commenting by HaloScan.com]](https://www.penmachine.com/images/haloscan.gif){kind=small}
My main Mac user account is no longer an Administrator
Permalinks to this entry: individual page or in monthly context. For more material from my journal, visit my home page or the archive.
Last week a potential exploit for a security vulnerability in Mac OS X came to light, and finally convinced me to do what security-conscious gurus have recommended for awhile: running my main user account as a Standard user, not an Administrator.
Unfortunately, by default, the account you first set up on each new Mac is an Administrator. While that's convenient—you can move files around to most locations without a password, for instance—it has its risks. You do need an admin account in order to do those things, and for troubleshooting if anything goes wrong with your main account, so what I have done is set up extra accounts (a Guest, and in my case two separate admin accounts), and turned my regular account into a Standard user.
To do that, just go to Apple Menu > System Preferences > Accounts, then click the lock to unlock it and enter your password. Click the + button in the lower left to add a new admin user. (I like to call mine "Admin.") Check its "Allow user to administer this computer" checkbox. Then select your regular user and uncheck that box. Close the window and you're done.
You will get asked for the admin account's password on occasion, but it's not that inconvenient. As the article I linked at the beginning of this post says: "Run as a normal user. Open files you trust. Stick to that and you'll be fine."
And so I do.
