When you are installing Windows, it asks you to choose password for Administrator - most powerful user on the system. Pick good one here because there is a lot of lists of common password on the web.
Using regular user instead of Administrator helps to defend your system versus a lot of viruses and other shit that requires admin privileges to inject their code to system files (registry, etc). Normal user doesn't have them.
Administrator usually need only for software install, problem fix. Nova days, all software is build in the way it can work with non-admin user.
Google: administrator account on welcome screen windows xp
For disks and flash drives. A lot of unwanted software come this way.
Quick way is to disable Shell Hardware Detection service in services.msc, but better - use system policies.
How to disable the Autorun functionality in Windows
Google: disable autorun windows xp
Even free one, better - get one of them that most likely can protect.
Or you can once a week run for free online scan tool for almost all of known anti-virus products.
I usually create limited users with blank passwords and to enable to logon in their profiles from remote machines, you should fix following messages — Unable to log you on because of an account restriction. and The local policy of this system does not permit you to logon interactively
Security and sharing files
How to change system time or open a calendar
Run "gpedit.msc" > Computer Configuration > Windows Settings > Security Settings > Local Policies > User rights asignment > Change the system time > Add usernames there or add "Everyone"
Grant access to power settings for local users
How to leave only default administrator account