Windows 10: Standard user e-mail safety

I volunteer at our senior citizen organization and we have a Win10 computer available for members and visitors. The other day I had to remove umpteen emails in the Mail app on the start screen by one person.
In order to use the computer, they log in using a standard account. No one is allowed to create an administrator account.
Although it isn't a fix, I uninstalled the Mail app from Start since most of the users aren't likely to find out how to get it back in Start or use it themselves.
All users use their own email accounts: that one person had been using both the Mail app in Start along with her Google & Yahoo email accounts.
Fortunately her attempts to download some software have failed since she is working from the standard account.
The manager asked me whether or not the computer could get infected if someone opened a dangerous link in their email account or the Mail app: I responded it shouldn't happen since nothing should be able to download from a standard account: but I'll research it so we'll be comfortable on a realistic expectation. One of my concerns is that it could be possible but highly unlikely. So I'd appreciate your advice.

:)

 

Did not get any invitation for one of the child accounts on Windows 10

I was able to successfully add two of my kids to our PC's as a child account that uses family safety.

My other daughter is not receiving the invitation in her e-mail to verify her identity. She can sign onto the PC as a standard user, but without Family Safety being active.

I did check her email and the invitation never came through.

Anyone have any ideas on how I can fix this?

Thanks.

 

Family Safety Requires Child E-Mail Now?

I upgraded our windows 8.1 machine that has all of the kids accounts on it to Windows 10. The upgrade converted all of their child accounts enrolled in family safety over to standard accounts, and the family safety site now pushes them to be converted
to Microsoft accounts. Trying to set up family accounts locally, there is no way to add a child account without making it a Microsoft account.

My children don't have e-mail accounts because they are children, yet it now seems that to be able to enroll them into family safety they have to have one. Am I missing something? Surely Microsoft is not expecting parents to set their 6 year olds up
with e-mail just to push Microsoft accounts. Is there no way to participate in family safety without e-mail now?

 

Hi, start by reckoning anything bad can happen. From disk failure to ransomware.

1. Use disk imaging routinely (Macrium Reflect (free) + its boot disk + external storage for disk image sets).
This means you can recover Windows, data partitions, disks...
- if your PC is unbootable
- if Windows is corrupt and cannot be 'fixed'
- if someone downloads a virus/trojan/rootkit

quite quickly and without technical help - without clean installing Windows.

2. Use a decent antivirus program. (You can compare options using the AV comparatives site,
AV-Comparatives Independent Tests of Anti-Virus Software - AV-Comparatives
or simply run with Windows Defender).

3. You can apply restrictions.
- block access to programs. There are 3rd party programs that help here.
How to Block (or Allow) Certain Applications for Users in Windows
-stop people installing programs
How to Block Users from Installing Software on Your Windows Computer

 

Using a standard account as opposed to an admin account is the smart thing to do. However, that does not make you impervious to infections. So, the answer is, yes, if someone clicks on a malicious link in an email, damage could be done to the system (although it should be less damage than if you were in an admin account). Dalchina's recommendation of imaging is a must. *Wink

 

Thanks dalchina & simrick too.
I'm a system image backup person who uses MRF on my computer and I will certainly submit that to the manager.
--- Actually I've been wanting to do that all along: now that concerns are being brought up, maybe, just maybe it will finally ne approved.
I wasn't aware of being able to apply restrictions and those are excellent recommendations: I can't wait to apply what I find out.
EDIT: I do have a monthly security & maintenance plan I maintain to ensure the computer is safe & secure and well maintained. Actually that's how I found out what I mentioned in my opening post. But that's also the reason I want to have the computer in what I would describe as "stealth" mode.

 

It used to be possible to have a computer restart each day in the same state- that is all changes were discarded. (Comodo Time Machine and MS's Steady State if I recall). I'm not aware of a current product that does that, but that might be a good approach in principle. However, even if such were available, there may not be funds, and it might not be the best use.

I experienced this in a Chinese English dept, where I needed a driver on the classroom PC, and found next class it wasn't there.. but that was some years ago.

 

I think like that as well as your opening sentence in post #2
Fortunately it's easy enough to keep the computer safe, secure & well maintained, not because I'm an expert, but because I stay on top of what's happening. Unfortunately having attempted to implement a system image & data backup system hadn't been approved but with this latest discovery it gives me clout to bring it back up. Thanks again for a good pointer.

 

Make them aware that a lot of scams nowadays involve getting E mails supposedly from Amazon (shipment cancelled, click on this link for details) or FedEx (Your package has been shipped, click here for details).

I've gotten a few of these in the past month & a google search of the link addy shows the site to be hijacked/infected/dangerous.

 

- and what to look for that indicates it's NOT from them (similar but garbled email addresses, not using their name, spelling mistakes, asking for personal details....)

Older people are more credulous - not used to scammers, liars and cheaters approaching them directly.

(Yes, it used to be a different world... I know!)

 

Could a VPN be helpful in security purposes?
If so I'll post in an appropriate forum for help and recommendations.

 

You could solve most of your issues simply by removing the standard account your users are using at the moment and creating a limited Guest account for them instead.

[youtube]lcXQf9AqwtM[/youtube]

Video from Ten Forums video thread.

 

A VPN would make no difference.

 

There seems to be a feature from version 1607 onwards called 'SharedPC' mode, which can be setup on Windows 10 Pro /Education/ Enterprise machines.

I think it's intended for machines which are dedicated to shared usage; once this mode is set it's harder for a non-guest user to use the machine for work:
https://docs.microsoft.com/en-us/win...ed-or-guest-pc

I had a quick play with it.

One way to set up is via the Windows Configuration Designer





Once you've picked the desktop option, it's basically a case of setting one switch. I then went into Advanced mode to tweak some of the settings mentioned in the article, and created the provisioning package





Then I went into Windows on the machine which would be shared (a test virtual machine in my case) and applied the provisioning package- in my case I used a machine which was already in use rather than applying it at setup time.

I would strongly suggest doing some backup images before this point, as I couldn't spot an easy way back from applying the provisioning package.

Once I'd signed out, the login screen looks like this, which as you can see is a bit different.






Then when I pick Guest, it creates a new temporary account.









One logged in, it looks pretty normal.

Every time a Guest logs in, it seems to create a new account. Once signed off, there's no way to log back into that account. The article suggests you are very careful to let Maintenance run regularly on the machine, so it can delete the old accounts.

I think a domain account will also work - in this case the user can log back in to something like where they left off, but inactive accounts will also get deleted by Maintenance after a time period which can be specified.

It's not locked down as such, although you can restrict access to local drives from File Explorer and File | Save dialogs (for some reason the Downloads folder is left as the only visible one).

There's a lot more to it than this - I've only scratched the surface.
It won't fit everywhere, but it looks quite powerful if it fits the usage of that PC.

 

Interesting feature- introduced in 1607, but there seems hardly anything written up about it anywhere...