Category Archives: How to

Bash IF statements

In computer programs sometimes you need something to happen if a condition is fulfilled. Other times if the condition is not fulfilled the program has to do something. In programming IF statements is one of the ways that is used to have a computer do multiple tasks based on a variable outcome. Here’s an example using a small bash script I wrote.

This script shows the user three options and prompts the user for a response. Either 1, 2, or 3.

If 1 is chosen then the computer will display the word “Yes”

If 2 is chosen the the word “No” will display.

If 3 is chosen then the program will quit.

Here's the first part of the script.
Here’s the first part of the script.
Here's the second part of the script.
Here’s the second part of the script.

Here’s the breakdown of the script:

  • shebang (#!/bin/bash)
    • This is telling the OS which programming language I’m using. In this case it’s the built in bash scripting language.
  • The text in blue is just comments for the programmers reference
  • I have the program echo or display the options to choose from to the user
  • The read command take user’s input and puts it into a variable. In this case the variable name is option1
  • Next are my IF statements. These statements use the option1 variable as a condition to check and see what code to execute. For example if the user selects 1 then the first IF statement will execute because option1 (which is the user’s choice) equals 1.
    • The IF statements require several things in order to work right:
      • The condition
      • Brackets to encase the condition [[ ]]
      • Spaces between the brackets and the conditional
      • A semicolon at the end of the brackets
      • A then statement
      • Code to execute if the condition is met
      • A fi statement to end the IF statement

You will notice that all of the IF statements in this script have all of these.

Here’s the script in action using all of the options available to choose from.

option 3 part 1

option 3 part 2

option1 part 1

option1 part 2

option2 part 1

option2 part 2

Depending on what option I give the program it will either display Yes, No, or quit the program with a termination message. This is the power of IF statements. A programmer can have the computer test a large amount of possible options all within one program. Great stuff!

Another option is to use ELIFs and the ELSE statement with the IF statement. With ELIF (Else If) I can combine multiple conditionals into one statement rather then using multiple IF statements. The ELSE  statement will execute if the conditional for the IF statement is not met. To show this I’m going to modify the top script with ELIFs and an ELSE statement.

mod script part 1
Not only did I modify the script but I’m also using a different text editor. The editor is called vim which stands for vi improved. Vi is included in every distro of Linux.
mod script part 2
Instead of having multiple separate IF statements I now only have one huge statement that houses all of the conditions I want the program to evaluate. If any text other the the numbers 1, 2, and 3 are chosen the program will quit with a termination message. I also modified the user prompt using the -p (prompt) option with the read command. 

invaild input part 1

invalid input part 2

For more information on bash IF statements see: http://codewiki.wikidot.com/shell-script:if-else

Thanks for reading!

Acquisition: How to use three of my favorite tools

In my last post I talked about some of the acquisition tools that are available to use for imaging evidence. This post will demonstrate how to use the tools I mentioned: dd, dcfldd, and FTK Imager.

For dd and dcfldd I’ll be using the SANS SIFT kit and for the FTK Imager demo I’ll by using a Windows 7 machine.

First let’s start with dd:

With the dd command i need to know the location of the mounted USB device that I'm going to image. The mount command will show where the USB device is in the Linux filesystem.
With the dd command I need to know the location of the mounted USB device that I’m going to image. The mount command will show where the USB device is in the Linux filesystem. The third line before the last line says: /dev/sdc1 on /media/Thumb Drive This is the device I’m looking for. /dev/sdc1 is where the USB device is located within the Linux filesystem.
Now that I know the location of the USB devide I can start the imaging process. In this screenshot I invoked the dd command to image the USB bit for bit and to send the image file to a location of my choosing.
Now that I know the location of the USB device I can start the imaging process. In this screenshot I invoked the dd command to image the USB bit for bit and to send the image file to a location of my choosing.

I’ll break down the command: First I have sudo, this command allows me to run a command as a different user. In this case I’m running this command as the root user. This user has privileges to make changes to the system. This is required because root access is needed to use the /dev/sdc device. Next is dd, this is the invocation of the dd command. Next is if=/dev/sdc. This is telling dd that the input file is the /dev/sdc device. Notice that I put /dev/sdc not /dev/sdc1. The reason for this is because the 1 is the first partition of the USB drive. I want to image the entire drive so I have to take out the 1 and that will allow dd to image the entire drive front to back. After if= is bs=, this is the block size. The block size tells dd how many bytes to convert at one time. The default block size is 512 bytes. This can be changed to a larger size but it may affect performance. Typically I use the block size of 4096 bytes or 4KB. The last part of the command is of=ntfs_usb1.dd. This is the where the output of the dd command is going to be placed. Because I only have the name of the file rather then the full path of the file, the output of the dd command will be placed inside of the file and that file will be placed inside of the current working directory. Notice the the file name ends with the dd extension. This is a raw file, literally ones and zeros. It can not be read by normal means. Forensic software has to be used to be able to view its contents.

dd image completion
This screen will show after the dd command has completed imaging the USB drive.

After imaging to file I take MD5 hashes of both the USB drive and the image file to make sure that the image file is exactly the same as the USB drive.

md5 sum of original and image
Notice that the random stings of numbers and letters before ntfs_usb1.dd and /dev/sdc are exactly the same. This verifies that the USB drive and the image file are the same.

Next is dcfldd, this program is almost identical to the dd command:

Using dcfldd to take an image
The only differences between the dcfldd command the dd command shown above is dcfldd after sudo, that’s the invocation of the dcfldd program, hash=md5 (I’m telling dcfldd to use MD5 as the hashing algorithm for image verification), and md5log=md5hash.txt (I’m telling dcfldd to send the md5 hash it generates to a text file named md5hash.txt)

Notice that dcfldd shows what it has copied so far.

After imaging is complete the same output screen as dd will show.

dcfldd image completion

After dcfldd completed imaging the USB drive I took a MD5 hash of the USB drive and compared it to the hash the dcfldd generated during the imaging process.

md5 hashes of image file and original
Both hashes match

The last tool is GUI based and has far more options then the command line tools used above.

After starting FTK Imager here's the screen that you will see.
After starting FTK Imager here’s the screen that you will see.
Click on create image
Click on create image
Select the source of the evidence. In this cases it's a physical drive.
Select the source of the evidence. In this case it’s a physical drive.
Next select which drive to image
Next select which drive to image, the drop down list will have all of the drives that are connected to and recognized by the system.
After drive selection
Next a destination for the image has to be specified. Click add.
Select which format the image is going to be. In my case I chose Raw (dd)
Select which format the image is going to be. In my case I chose Raw (dd)
Next FTK Imager will ask you to fill in some case information.
Next FTK Imager will ask you to fill in some case information.
Next select a destination for the image file.
Next select a destination for the image file. I choose to place the image file on the desktop. Also notice the image fragment size. FTK Imager can split the image file into multiple pieces based on what size is placed in the fragment box. If the size is zero then FTK Imager will not fragment the image file. The image file can also be compressed and encrypted.
After all of the options are selected click start to begin the imaging process
After all of the options are selected click start to begin the imaging process
FTK Imager will display the current progress of the imaging
FTK Imager will display the current progress of the imaging
After imaging is complete FTK Imager will show hash reports and other data related to the imaging process. The most important thing is to make sure that the hashes match.
After imaging is complete FTK Imager will show hash reports and other data related to the imaging process. The most important thing is to make sure that the hashes match.

So here are the three tools that I use the most when it comes to forensic imaging. I hope you enjoyed this post. My next post will be a mock case where I will go through the first two steps of the forensic process: acquisition and examination. Thanks for reading!

Rob’s toolbox: Ninite

I always used to download and update my programs the hard way. I would wait until the programs complain that an update is available. From there I would download the update and patch the program. I sure many of you do the same thing. It’s quite time consuming, until I discovered Ninite.

Ninite is a service that supports the installation and update of multiple programs simultaneously. The Ninite service supports a number of popular programs including iTunes, Skype, and Steam. The way Ninite works is you visit the Ninite website and select the program(s) that you wish to update or install then click the “get installer” button and your computer will download a program that will install and update the programs you selected in the background without any configuration required. Ninite will install the programs in their default locations and with the default settings.

Ninite is very easy to use, I’ll demonstrate it below:

Ninite website
Open your favorite web browser and head to http://www.ninite.com
Ninite screen showing programs
As you can see on the bottom of the Ninite website are the programs that the Ninite installer supports.
Ninite screen with programs selected
Click the boxes next to the programs you wish to have Ninite install and update. Then click get installer.
Ninite installer screen
Next you will see this screen. It shows what programs you want downloaded , a confirmation page of sorts. Click download installer to download the Ninite program. You can either choose to run the program or save the program to your computer. I recommend saving the program because then you can run it at any time to update to programs you selected. Ninite will usually download the program to the default location (which is the user downloads folder) unless you specify somewhere else.

 

Locate the Ninite program icon and double click it to run it. After that Ninite will take care of the rest.
Locate the Ninite program icon and double click it to run it. After that Ninite will take care of the rest.

Ninite is a fantastic tool that will save time when updating and installing programs on computers. For my next post I’m going to start diving into my specialty: digital forensics. This post will explain what digital forensics is and why it is important today. Thanks again for reading and if you have any questions or concerns please comment below.

Rob’s toolbox: Free file sync

A little while back I was using a simple way to backup my computer’s data. I used to drag and drop the folders between my original hard drive and the backup. Eventually when I had a great deal of data on my computer it became difficult to keep track of what was backed up and what wasn’t. I could have just continued to drag and drop my folders and files onto the backup drive but I did not want to deal with all of the duplicate warnings that came along when I backed up my data. Strangely enough I never used the Windows built in backup program, before I had a chance to do so I was shown an interesting backup utility called free file sync.

So what is free file sync? Free file sync is a program that synchronizes one hard drive’s data contents to another. It is perfect for backing up data. Free file sync is what is called open source software. Open source software is programs that have their source code (the actual programming code) openly available for the public to view and edit. What is great about open source software is that it is usually developed by a public community of developers, so updates happen very often. This is the case with free file sync as well so updates happen quite often.

Download link for free file sync: http://sourceforge.net/projects/freefilesync/

Free file sync’s GUI shows the two hard drives in two separate tables. On the left is the primary hard drive and on the right is the backup or secondary hard drive.

Free file sync's GUI interface
Free file sync’s GUI interface

Free file sync has some great features:

  • Multiple drives can be backed up at the same time
  • Compares contents of one drive against the contents of another
  • Multiple ways to backup data
    • Two-way
      • Two-way updating is where changes to one hard drive will be reflected on the other when the back up in done. This occurs both ways. For example say I have two hard drives: A and B. I want to backup the contents of drive A to drive B. Free file sync will compare A to B and see what is different and write changes to B depending on those differences. If I create a text file on A then backup to B the same text file will be written to B. But with two-way if I change a file on B then the changes will be written to A when the backup is done. In my opinion this isn’t a good approach if the two drives are a primary and a backup. The only time I would write from the backup to the primary is if I was restoring the contents of the primary drive using the backup.
    • Mirroring
      • Mirroring is where the backup drive is changed to match the primary drive. This is the type of backup method I use and recommend. If I make changes to the primary drive, say deleting a few files and adding some others those changes will be written to the backup when I use free file sync.
    • Update
      • Updating is where new and updated files are copied to the backup drive. Any files that are deleted from the primary drive that were previously backed up will still remain on the backup drive.
    • Custom
      • The custom setting is where the user can configure the way free file sync will back up hard drive contents. There are five options that can be turned on or off to create the custom setting:
        • Copy new items to the right
        • Overwrite right items
        • Leave as unresolved conflict
        • Overwrite left item
        • Copy new items to the left
      • Cross platform support
        • Free file sync can be used on Windows, Mac OS-X, and Linux

For Mac users I recommend using the built in time machine for backing up data and settings.

You can take the contents of an entire hard drive and just place them into a folder on the backup drive. It’s all up to user preference.

Free file sync is easy to use. I will demonstrate its use in the tutorial below.

The highlighted section is where the primary hard drive's contents will be
The highlighted section is where the primary hard drive’s contents will be

 

In the highlighted section click the browse button and select the folder(s) and/or file(s) to backup to the back up hard drive
In the highlighted section click the browse button and select the folder(s) and/or file(s) to back up to the back up hard drive

 

This is where the backup drive's contents will be. Click on the browse button and select the location where you want your back up files to go.
This is where the backup drive’s contents will be. Click on the browse button and select the location where you want your back up files to go.
Click on the comparision button and free file sync will compare the two locations to each other. By default whatever is not on the left side (primary hard drive)will be placed into the right side (backup hard drive).
Click on the comparision button and free file sync will compare the two locations to each other. By default whatever is not on the left side (primary hard drive) will be placed into the right side (backup hard drive).
If you are satisfied with where the files are going to be placed click on the syncronize now button. Make sure to have the backup settings you want. Click on the gear icon next to the sync now button to change the back up settings.
If you are satisfied with where the files are going to be placed click on the synchronize button. Make sure to have the backup settings you want. Click on the gear icon next to the sync now button to change the back up settings. After that click on the start button to begin the syncing of the two drives.
After the syncing is complete free file sync will report how much data was transferred and how long the back up took.
After the syncing is complete free file sync will report how much data was transferred and how long the back up took.

Free file sync is an easy tool to use for backing up a single folder or an entire hard drive’s contents. For the next post I’ll be showing another tool I use that allows me to install and update multiple programs on my computer at the same time. As always if there are any questions or concerns please email me at hackingdefense@icloud.com or leave a comment below.

Keeping your computer healthy

I remember when I got my first computer back around 2000. It was a great machine when it first came out. It operated quickly, my programs ran quick, and it didn’t act up too much. All of that changed after about three months of using it. It started getting sluggish, programs would not run properly, and it would lock up quite a bit. I didn’t know what to do at the time. Afterwards I just bought a new computer. A few months after that I learned what was causing the original computer to act up. It was due to a lack of maintenance. I didn’t have any AV (anti-virus) or anti-malware programs on it. I also did not regularly run two built in Windows tools: chkdsk (check disk) and defrag. If I had used this set of tools then I may have been able to keep the older computer healthy. This post is about how to keep your computer virus and malware free. Also this post will show you what built in Windows tools will help with file system maintenance.

First let’s start with anti-virus programs. What exactly is an anti-virus program? These types of programs fall under an umbrella of programs called HIDS (Host based intrusion detection). Some may disagree with this assumption but I believe that AV does fall under this category since these types of programs monitor the internals of the computer system for unwanted software. Examples of AV programs are:

  • Microsoft Security Essentials
  • Norton Anti-Virus
  • McAfee Anti-Virus

How do these programs work? After installation of the program it usually updates with files called signatures. These signatures are used by the program to pick up unwanted software that is on the computer. When the AV program scans the computer it will look for programs that match the signatures that the AV program has in its database. If there are any matches then the program will flag them and inform the user about what it has found. After that the program prompts the user about the unwanted software it found and gives the user options on what to do with the unwanted programs. Most AV programs have the same set of features: virus detection, real time protection, signature downloads, etc.

In my opinion there is nothing but pros when it comes to having AV software. No computer in use today should be without some form of AV software.

Here are some of the pros:

  • Instant detection of viruses
  • Deletion of viruses
  • Quarantine of viruses

There are no cons to having an anti- virus program installed on your computer. Today with hacking being so widespread anti-virus is critical to the safety and security of computers.

I use Microsoft Security essentials. It’s a free anti-virus solution that is available from Microsoft.

Download website: http://windows.microsoft.com/en-us/windows/security-essentials-download

Another type of program that is extremely useful for computer security is anti-malware. These programs do essentially what anti-virus does. These programs are built to target malware. Make no mistake a virus is not a piece of malware. They are two different malicious programs. In my experience it’s best to have both an anti-virus and an anti-malware program installed on a computer at all times. Some examples of anti-malware programs are:

Features, pros, and cons for the anti-malware are pretty much the same as the features for the anti-virus software packages. These days never have a computer that does not have some form of anti-malware installed on it.

The next couple of tools that are useful are two built in windows utilities that assist with maintaining the file system and hard drive(s) of the computer. The first is chkdsk (check disk) and the second is disk defragment.

The first tool: chkdsk (pronounced check disk) is a Windows built in tool that checks the hard drive for errors in the file system. These errors can prevent the computer from functioning if they are not repaired. This tool will help in fixing these errors. This tool can be used in both the Windows GUI (graphical user interface) and the command line.

Click the start bar then computer
Click the start bar then computer. After that right click the C drive and click on properties.
Under error checking click on check now
This screen will allow you to check the C drive for errors. I normally click on the checkbox for scanning the disk drive for bad sectors. Under normal circumstances Windows will not allow this scanning to take place. This is because the drive is currently “mounted” and in use. If Windows allows the checking to take place it usually take quite a while. Using the command line is a much faster method for checking the disk drive for errors.

This is the second method for checking the disk drive, using the command line.

blog11
Click the start bar then enter “cmd” into the search bar. After that right click on the cmd icon then click run as administrator. You may have to enter an administrator password in order to open the command prompt window.
Screen Shot 2014-10-16 at 2.54.11 PM
After the admin command prompt comes up type “chkdsk” into the command line. Since there is no drive letter specified after the command Windows will check the boot drive (C:) by default.
Screen Shot 2014-10-16 at 2.54.15 PM
After hitting enter for the check disk command Windows will go through checking the disk for errors. In the output notice that the program says that the F parameter was not specified. This means that Windows is only going to check for errors and not fix them. In order for Windows to perform a complete check the C drive must be “unmounted”. This is done by typing “chkdsk /F” at the command prompt. Windows will then ask you if it can perform a disk check on the next reboot of the system. enter y then hit enter. The next time you reboot the computer Windows will run check disk while the system is booting and also fix the error if any are found.
Screen Shot 2014-10-16 at 2.54.36 PM
This is what is displayed when the /F parameter is used on the C drive. Enter y and the next time the computer boots the drive will be completely checked and any errors will be fixed.

The second tool: disk defragment is a tool that is used to organize the contents of a hard drive. As the hard drive is used the contents of the drive become fragmented. As fragmentation occurs the performance of the computer slows down. This tool helps to mitigate that problem. This tool can also be used in the GUI and the command line. I will demonstrate both methods in the tutorial below.

Click the start bar then computer
Click the start bar then computer. Then right click the C drive and left click properties.
Screen Shot 2014-10-16 at 7.19.14 PM
Under disk defragment click defragment now
Screen Shot 2014-10-16 at 7.19.19 PM
This is the disk defragmanet screen. Click on the C drive then click analyze. Always have Windows analyze the disk first, When this is done Windows checks to see how much of the C drive is fragmented. Based on this percentage Windows will tell you either to defragment the disk or to leave it alone. If the drive needs to be defragmented then click defragment disk after the analysis is complete. This method is much slower then the command line method. Also Windows might complain that the disk drive is in use so it will not be able to defragment it.

Here’s the command line method of using defragment.

Screen Shot 2014-10-16 at 2.55.45 PM
Using an administrator command line prompt (see above on how to open an administrator command line prompt) type in ” defrag c: /a”. “defrag” invokes the defrag program, “c:” is the letter of the drive you want to defragment, and “/a” is the parameter that tells defragment program to analyze the drive. To defrag the drive without analyzing just type in “defrag c:”
defrag screen
This is what is displayed in the command prompt when defrag is invoked without any parameters.

One of the most important things you can do with your computer is to keep Windows patched. What exactly is a patch? A patch is a piece of code that fixes a flaw in a program. When Microsoft finds a flaw in Windows they create a patch to fix the problem. Sometimes you will see a window pop up that says updates are ready to be installed on the computer. These are the patches that Microsoft comes out with to fix problems. These patches are usually released on the second Tuesday of every month. This Tuesday is called patch Tuesday. Always keep your computer patched with updates. There is a GUI window that will allow you to check for updates anytime you want. I’ll show this in the tutorial below.

Using search bar to find windows update
Click the start bar then enter “windows update” into the search bar and hit enter.
Checking for updates
This is the Windows update screen. On the left click “check for updates”. Windows will then check for updates.
screen after checking for updates
After Windows completes checking for updates it will tell you what updates are available to download and install. These updates will be split into two categories: important and optional. Always download all of the important updates.
Screen after optonal updates is clicked
After clicking on “1 optional update is available” this screen pops up. This tells you the details of what optional updates are available to download and install. You will see a check box to the left of name. When selecting which updates to download and install this will select all updates. Do this when installing important updates.

The settings for Windows update can also be set to download important updates automatically.

Checking for updates
On the left side of the Windows update screen click on “change settings”
Windows update settings screen
This is the screen that will changes the settings for Windows update. Install updates automatically is usually selected by default and is also the setting I recommend.

The last thing is probably the most important task of all: backup your data. I remember on one of my older computers I lost all of my data because I didn’t back it up. Do not make this mistake. With all of the information that is on the average computer these days it is a real pain to have to start from scratch if data is lost.

I run my anti-virus, anti-malware, patch updates, and my data backup once a week. This has been good practice for me and I’m sure it will work well for you.

There is a real neat tool that helps with backups called free file sync. I use this tool to back up my data. I’ll cover this tool in the first post of a new blog post series called Rob’s tool box. Thanks for reading this post and if there are any questions or comments feel free to comment below.

Windows User Accounts: How to build your first line of defense against hacking

Imagine yourself at a Bestbuy or other electronics store, you’re looking at a brand new computer tower that has Windows on it and your heart is set on buying it. After you get it home you go through the setup of the machine and the user account(s).  After a few months of using the computer BAM!!!! Everything starts acting odd and you do not know why. All you did was browse the web and install a program on the computer. In the background without you knowing it the program you installed downloaded and installed additional programs on the computer. How did it do this without you knowing it?

Everyday many people use their home computers for many things: email, homework, writing, blog posts and banking or other sensitive activities. Your files have to be protected from unauthorized access and the first step to this is to not allow a malicious person to have access to an administrator account. Well this new computer you setup in the story had you setup an administrator account as the one you use for regular usage.

What is an administrator account? First I have to talk about the concept of privileges. With Windows there are different types of user accounts. The important types are: standard user and administrator. An administrator account has the ability or “privileges” to make changes to the system. Some of these changes include:  installing and uninstalling programs, deleting certain files, changing security settings, and modifying the network settings. Standard user accounts do not have the privileges that administrator accounts have. This type of account can create files like documents and spreadsheets; they can also delete the files they create. However these accounts cannot make any changes to the system or access any file that does not belong to them. When a user logged into a standard user account tries to make system changes Windows will prompt the user for the administrator’s password (if there is one). Unless this password is put in correctly the system change will not take place. This feature is called user account control (UAC) and its primary purpose is to make sure unwanted system changes do not take place.

For regular computer usage an administrator account should never be used because you don’t want changes to be made to the computer by mistake. Also if a hacker gains control of your user account and it’s an administrator account then the hacker has complete control of your computer. Another reason to separate the user and administrator accounts is because if a user is logged into an administrator account and they click on a link that contains a malicious program then the program will install itself without the user realizing it. But if the same thing was done by a standard user account then the user account control will be triggered alerting the user that a program is trying to install itself. This is one way to stop programs from installing without you wanting them to.

For more information on how user account control works check out the Microsoft page that describes the User account control technology: http://windows.microsoft.com/en-us/windows7/products/features/user-account-control

Some of you may think that it’s inconvenient to have to type in a password every time you want to install a program on your computer. Think of it this way: you’re trading a little convenience for security. With airports getting to the gates can take a while because of airport security. Computer security is the same way; if you can put up with inputting a password every time you want to make a system change then you will have a layer of defense not only against attackers but also against user error and programs installing themselves without you knowing about it.

Setting up a separate user and admin accounts can sound like it’s hard but it is not. This can be done using one of two ways: The Windows GUI (Graphical User Interface) and the CLI (Command Line Interface). Personally I prefer the command line due to its simplicity and speed. But with the command line you need to know certain commands and syntax in order create the accounts. I’ll cover the GUI first:

  1. Start off by making sure the account you are using is an administrator account
    1. This is required because the admins are the only accounts that can make changes to a system. This includes creating user accounts.
    2. Click start -> control panel -> user accounts and family safety -> User accounts
Click on the start menu then click control panel
Click on the start menu then click control panel
Click on user accounts and family safety
Click on user accounts and family safety
Click on User accounts
Click on User accounts
User account screen
User account screen. On the top right hand corner of the Window you will see your account picture, account type, and if the account is password protected. Make sure your account type says “Administrator”

After you confirm that the account you are logged into is an administrator account the next step is to create a second administrator account that you know the username and password to. This account will take over the administrator privileges that your daily usage account will no longer have.

Click start -> control panel -> User Accounts and family safety -> click add or remove user accounts

Click add or remove user accounts
Click add or remove user accounts
Click create new account
Click create new account
Select a username for the new account and make sure to click administrator then click create account
Select a username for the new account and make sure to click administrator then click create account
Your newly created account will then sow up on the manage accounts screen. Next you need to set a password for this new account. Click on the new account's icon.
Your newly created account will then show up on the manage accounts screen. Next you need to set a password for this new account. Click on the new account’s icon.
Then click create a password.
Then click create a password.
Select a password for the new administrator account. Make sure it is strong, You can also make up a password hint if you wish.
Select a password for the new administrator account. Make sure it is strong, You can also make up a password hint if you wish.

After the setup of the new admin account is complete you can proceed to downgrade your regular usage account to a standard user account.

Close the currently open windows and click start -> control panel -> User accounts and family safety -> User accounts

Click standard account then change account type
Click change your account type, UAC will not trigger (already admin). Click standard user then change account type. After this in the user accounts window it should say “Standard”

Log out of the changed account then log back in for the changes to take place.

As an additional measure I alter my User account control settings. I make it more sensitive.

Click on User account control settings
Click on change User Account Control settings
This screen will pop up. These are the default settings for UAC
This screen will pop up. These are the default settings for UAC. Personally I don’t like the fact that Windows does not inform me about when I make changes to the system. I make mistakes and I would like Windows to double check and make sure that I want to make changes to the system.
This is the UAC setting I recommend. I may be annoying that UAC will always trigger but I prefer  it. This will stop any unknown software from installing itself in the background.
This is the UAC setting I recommend. It may be annoying that UAC will always trigger but I prefer it. This will stop any unknown software from installing itself in the background.

For the more advanced user the command line can be used to change user account types. Each account in Windows belongs to a group. Examples of groups are: the user group and the administrator group.

  1. Open an administrator command line prompt. Click start -> type cmd -> right click on the cmd icon -> click run as administrator
Click start -> then type cmd into the search box -> then right click the command prompt icon and click run as administrator. After that click yes and this should show up.
Click start -> then type cmd into the search box -> then right click the command prompt icon and click run as administrator. After that click yes and this should show up. Make sure that the top of the prompt reads: Administrator  Another indicator that the command prompt is an administrator prompt is the current working directory is C:\Windows\System32
  1. Confirm that the account you want to remove is an administrator by listing the accounts that have administrator level access
    1. Syntax: net localgroup administrators
Typing the command: net localgroup administrators will show which users accounts are admins on the system. Make sure the user account you want to downgrade is in this list. If it is not then your work is already done.
Typing the command: net localgroup administrators will show which users accounts are admins on the system. Make sure the user account you want to downgrade is in this list. If it is not then your work is already done.
Type the command: user localgroup administrators (accountName) /del (account name is the name of the account you want to downgrade to a standard user) This command will not delete the user nor delete the administrators group. This command removes the user account you selected from this group. Making it a standard account.
Type the command: user localgroup administrators (accountName) /del (account name is the name of the account you want to downgrade to a standard user) This command will not delete the user nor delete the administrators group. This command removes the user account you selected from this group. Making it a standard account.
Type the command: net localgroup admnistrators agaiin the check if the account you wanted to downgrade is removed from the group. If it is the your work is down. Congratulations you have successfully downgraded an account from administrator to a standard user using the command line.
Type the command: net localgroup admnistrators again and check if the account you wanted to downgrade is removed from the group. If it is then your work is down. Congratulations you have successfully downgraded an account from administrator to a standard user using the command line.

Log out of the account and log back in to have the changes take place

After separating these accounts out make sure they are both protected with strong passwords. A strong password should be long and contain several different types of alphanumeric and special characters. In a later post I will be covering how quick common passwords can be broken, tools that can make and store passwords, passphrases, and how to make a strong password that is easy to remember.

I hope you have enjoyed and learned from this post. If you have any comments or concerns please feel free to use the comment box below.