Admin+1 -vs- Single User

[ccc]

Admin+1 -vs- Single User

I've read some about MinLogon (as a replacement for WinLogon), but this is just for a single “system wide” Admin account.

What I would like to set up is a system with an Admin account (maybe hidden & renamed), but also with one single “All Users” account. And have it auto-logon to this single All Users account for net activity, etc..

One might think that with all MS’s “experience” with security issues, that this would be XP’s default: with maybe a component that could be installed (or left out) for additional users. But alas, I’m asking:

Can anyone direct me to a thread or project dedicated to such an Admin+1 system?

Googled for several hours with no luck.

Or maybe a MinLogon system (single Admin account) would be easier & simpler to secure than an Admin+1 system? And thus maybe I should be asking about projects to secure a MinLogon system.

Thanks

System Use:

Might be temporarily connected to a home network to transfer files and to the net with either a dial-up or Wi-Fi connection. As far as I know, it will not need to be defined as part of a domain.

To quote the security section of MS’s Introduction to MinLogon:

“It is important to understand that MinLogon will never prompt a user for login credentials such as a user name or password. In addition, MinLogon does not include support for an Administrator account and has no concept of user accounts or privileges to the local machine's file system or resources. MinLogon also does not have a concept of global users or accounts and cannot be joined to a domain. Embedded designs that require domain participation support should use WinLogon.

With MinLogon, users have unlimited power over the system, much like the Administrator account has in typical Windows XP Professional installations. Users will be able to delete or modify the files, settings, and services of the system as they want. However, this does not mean that MinLogon completely lacks security mechanisms; rather, it means that security features that were inherited and enabled by default under a WinLogon configuration must be incorporated into a MinLogon design if security is desired. Developers using MinLogon in their embedded designs must be conscious of this fact, and proactively take measures to block access to exposed areas of the operating system.

Conversely, a locked down MinLogon system could be considered more secure than a locked-down WinLogon system because there is no "back door" such as an Administrator or Guest account to hack into. But beware that once all the doors are locked, there is no back door for even the creator of the runtime image to enter.”

Thanks