🟣 Lesson 007: The Golden Rule of Windows Security 👑

When you set up Windows 11, your main account is an Administrator by default. Think of this as the "master key" to your entire computer. It can unlock any door, change any setting, and install any software it wants.

While this is convenient, it's a massive security risk. If you accidentally click a bad link or open a malicious attachment, the malware instantly gets the same "master key" you have. It gains total control, allowing it to embed ransomware, install spyware, and steal your data.

The professional solution is to use a Standard account for your daily work. This is like your everyday "room key." It lets you do everything you need—browse the web, check email, write documents—but it can't open the critical doors to the system.

When you need to do something administrative (like install an app), Windows will stop you with a User Account Control (UAC) prompt. This is the system asking you to prove you have the master key. You'll simply type in the Admin password to proceed. This single step contains the threat, keeping malware trapped in a low-privilege account.

🎥 Video guide

📖 How to

This process involves creating a new, dedicated Admin account (the master key) and then downgrading your current, everyday account to a safer Standard account (the room key).

👇 Step 1: Create a New "Master Key" Account

From your current Admin account:

• Click the Start button, type: Settings > Accounts > Other users.
• Under the "Other users" section, click "Add account".
• Windows will ask for an email. Click the small link that says "I don't have this person's sign-in information".
• On the next screen, click "Add a user without a Microsoft account".
• Give it a clear username (e.g., "PC_Admin") and a strong, unique password (see this blog: How to Build Unbreakable, Memorable Passwords in Seconds). Click Next.
  

  Note 1: Your Admin account should never be a Microsoft Account. Using a local, offline account means it's not exposed to online data breaches. Note 2: The Security Questions window will now require you to create three security questions. Do not answer them honestly. This feature can act as a backdoor. Open your password manager or use the 1Password Strong Password Generator tool. For “Answer 1,” generate a random six-word passphrase and paste it as your answer. Repeat this process for all three answers. Save these “answers” offline on paper, separate from your PC.

• Critical part: By default, this new account is Standard. You must promote it. Back on the "Other users" screen, find the new account, click it, and select "Change account type".
• Change it from "Standard User" to "Administrator" and click OK.

✨ Step 2: Demote Your Everyday Account

Now you must use your new "master key" account to change your old one.

• Log out of your current account and log in to the new "PC_Admin" account you just created.
• Go back to Settings > Accounts > Other users.
• Find your original, day-to-day account in the list (it will likely show your email address).
• Click it and select "Change account type".
• Change it from "Administrator" to "Standard User" and click OK.

That's it. Log back into your original account. It is now a safer Standard user. You can work with peace of mind, knowing that any potential threat is kept outside the most sensitive areas of your PC. When you need to install software, the UAC prompt will appear—just type in the password for your new "PC_Admin" account when prompted.